[midPoint] AD Connector

Pavol Mederly mederly at evolveum.com
Tue May 6 10:17:04 CEST 2014


Hello Sam,

it took me a while to understand the problem with <objects> tag. :-) It 
is because of this:

I am used to create new objects (including resources) using the 
*Configuration->Import object* menu item. It is quite versatile, 
allowing e.g. to choose between importing from file vs. from text area, 
to say whether to overwrite existing objects, etc. And it allows to 
import more objects at once, therefore it accepts the <objects> tag.

If you create a new resource using the *Resources->New Resource* menu 
item, then <objects> tag is not allowed. You probably used this menu 
item, weren't you? I entirely forgot about that possibility.

---
As for point 2: you are right, the documentation needs to be updated, 
definitely. I hope to have some time to that after finishing the 3.0 
release. Actually, a sentence similar to the one you suggest is on the 
AD Connector HOWTO 
<https://wiki.evolveum.com/display/midPoint/Active+Directory+HOWTO> page 
("Deploy the connector by copying files to the .NET Connector Server 
directory.") Still, you are right, the AD/Exchange connector 
documentation deserves a big cleanup. Until then, please just ask here, 
we're ready to help you.

Best regards,
Pavol

On 6. 5. 2014 9:55, Sam Verboven wrote:
>
> Hey Pavol,
>
> Thank you for your quick and very thorough response. I have used your 
> suggestions (updated everything, latest snapshot) and the connector is 
> working now!
>
> I have two small suggestions.
>
> 1)I had to remove the <objects> tag and use only <resource> to add the 
> resource itself. Perhaps the enclosing object tag has been removed 
> from the parser?
>
> 2)It would have helped me if there was at least one line of 
> documentation on the Active Directory Connector page. E.g. Paste the 
> contents of this archive in the connector server install folder.
>
> Regards,
>
> Sam Verboven
>
> *From:*midpoint-bounces at lists.evolveum.com 
> [mailto:midpoint-bounces at lists.evolveum.com] *On Behalf Of *Pavol Mederly
> *Sent:* dinsdag 6 mei 2014 0:08
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] AD Connector
>
> Hello, Sam,
>
> first of all, I apologize for mismatches in documentation and wiki 
> pages. Although I've promised on this list a few days ago that I'll 
> upload current version of the connector/framework, I had no time to do 
> that, until today.
>
> So,
>
> *(1)* You can download current version of .Net Connector Server 
> (1.4.0.20) from links mentioned in the wiki page you've already 
> visited (https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server)
> Also, I've built the AD and Exchange connectors; you can download them 
> (1.4.0.20140) from their pages in our wiki as well 
> (https://wiki.evolveum.com/display/midPoint/Active+Directory+Connector, https://wiki.evolveum.com/display/midPoint/Exchange+Connector). 
>
>
> I would suggest you to use these packages instead of ForgeRock ones. 
> As for the Connector Server, they should be more-or-less equal, but 
> our Active Directory connector contains some quite important 
> enhancements, dealing e.g. with the performance (see 
> https://jira.evolveum.com/browse/MID-1485).
>
> If you need the sources, they are here:
>
>   * for Connector Server:
>
>       o the common distribution (maintained together by Tirasa,
>         ForgeRock and Evolveum): https://github.com/tirasa/ConnId
>       o the Evolveum distribution: https://github.com/Evolveum/ConnId
>         (In both repositories, take branch 1_4_X_Y.)
>
>   * for Active Directory Connector:
>
>       o https://github.com/Evolveum/openicf
>
> *(2)* You're right concerning the changes you've done in the 
> ConnectorHost configuration. Just for simplicity, I would suggest 
> starting with <protectConnection> turned off. After establishing the 
> connection you can of course add the SSL support.
>
> *(3)* As for the ad-resource-simple.xml, it works for me without 
> problems. The only thing I had to do is to configure 
> icfc:configurationProperties.
>
> Please try with the latest snapshot (java code and samples). I also 
> send you my configuration in the attachment.
>
> If the problem will still persist, please let me know.
>
> Perhaps one question: have you succeed in discovering the connectors 
> on your connector host? (See step Discover Connectors in 
> https://wiki.evolveum.com/display/midPoint/Active+Directory+HOWTO)
>
> Best regards,
> Pavol
>
> On 5. 5. 2014 15:26, Sam Verboven wrote:
>
>     Dear,
>
>     I've been looking at Midpoint as a candidate for an upcoming IDM
>     project. However, I'm having some difficulties connecting to AD.
>
>     I started on Friday using the latest the latest snapshot. I'll
>     first describe the changes need to get to my current problem.
>
>         1) Following
>         https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server
>         I found out the offered version (1.4.0.14) of connid was not
>         recent enough. SerializeBinary.cs had a version mismatch: 1
>         was expected, 2 was offered. I could not find the sourcecode
>         on the midpoint sites, but I managed to find a newer version
>         on the forgerock repo:
>
>             /svn checkout https://svn.forgerock.org/openicf/trunk//
>
>         Compiling the code gave me a compatible connector.
>
>         2) Following
>         https://wiki.evolveum.com/display/midPoint/Active+Directory#ActiveDirectory-ConnectorHostConfiguration
>         and
>         https://wiki.evolveum.com/display/midPoint/ConnectorHostType I
>         got stranded again trying to add a ConnectorHost. After some
>         trial and error I found a working configuration by changing
>         common-2a to common-3, adding protecConnection and removing
>         the clearValue tags:
>
>             /<?xml version="1.0" encoding="UTF-8" standalone="yes"?>/
>
>             /<object xsi:type="ConnectorHostType"/
>
>             /xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>
>             /xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/
>
>             /oid="91919191-76e0-59e2-86d6-44cc44cc44cc >/
>
>             //
>
>             /    <name>ICF Connector server on rd.local:8759</name>/
>
>             /    <hostname> 192.168.102.107</hostname>/
>
>             /<port>8759</port>/
>
>             /    <sharedSecret>My secret</sharedSecret>/
>
>             /<protectConnection>true</protectConnection>/
>
>             /</object>/
>
>         3) Currently I'm stuck trying to add the actual connector.
>         I've tried modifying the examples that are included in the
>         snapshot:
>
>             /midpoint-2.3-SNAPSHOT\samples\resources\ad\ad-resource-simple.xml/
>
>         Using the default xml file configured for my setup, I get XML
>         problems:
>
>             /Validation error: cvc-complex-type.2.4.a: Invalid content
>             was found starting with element 'resource'. One of
>             '{"http://midpoint.evolveum.com/xml/ns/public/common/common-3":object}'
>             is expected./
>
>         If I replace the object tag by a resource tag, I get slightly
>         further:
>
>             /[ SHOW ERROR STACK ] Collapse all Expand all Export to XML/
>
>             /ok - Schema validation/
>
>             /ok - Basic checks/
>
>             /ok - Resource namespace check/
>
>             /ok -
>             operation.com.evolveum.midpoint.model.controller.ModelController.searchObjects/
>
>             /ok - Execute changes (Model)/
>
>             *error - Connector reference missing in the resource
>             resource:91919191-76e0-59e2-86d6-44cc44cc44cc(Basic
>             <resource:91919191-76e0-59e2-86d6-44cc44cc44cc%28Basic>
>             Active Directory)*
>
>         Configuration:
>
>             /<resource
>             xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>
>             /           
>              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/
>
>             /             xmlns:xsd="http://www.w3.org/2001/XMLSchema"/
>
>             /           
>              xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>
>             /           
>              xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"/
>
>             /           
>              xmlns:idfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"/
>
>             /             xmlns:my="http://myself.me/schemas/whatever"/
>
>             /           
>              xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"/
>
>             / oid='91919191-76e0-59e2-86d6-44cc44cc44cc'>/
>
>             / <!-- Resource name. It will be displayed in GUI.  -->/
>
>             / <name>Basic Active Directory</name>/
>
>             /...../
>
>     I understand that the snapshots are not yet a finished product,
>     but any help would be greatly appreciated.
>
>     I think it would be helpful for others to figure out the problem
>     and modify the wiki steps once the issue has been sorted out.
>
>     Regards,
>
>     Sam Verboven
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140506/a4408435/attachment.htm>


More information about the midPoint mailing list