[midPoint] Account Creation, Not Being created in AD

Ivan Noris Ivan.Noris at evolveum.com
Wed Nov 5 10:17:37 CET 2014 

Hi Jason, 

yes I think it's somehow depending on the fact that you are generating username. 

Can you please share details how AD accounts are constructed from the midpoint's username? What attributes are depending on user/name? DN? sAMAccountName? ... ? 
Also, could you send the role definition? I have some conditional roles that are assigned to user, but don't do anything if the condition is false. Which resembles your situation... 

BTW it's really strange for me so far. I'd expect at least some exception... 

Thanks, 
regards, 
Ivan 

----- Original Message -----

> From: "Jason Everling" <jeverling at bshp.edu>
> To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
> Sent: Tuesday, November 4, 2014 5:19:31 PM
> Subject: Re: [midPoint] Account Creation, Not Being created in AD

> So yes, those are from today but instead of digging through to yesterday I
> just added a new line to the CSV feed, so new firstname,lastname, employeeID
> so that it would create a new account.

> I actually added 3 new lines to the CSV and all 3 get created in Midpoint,
> Role Assigned with AD inducement, and Org Assigned, the AD account never
> gets created though until I modify the account in Midpoint.

> That is the only log entry I get when the CSV feed is updated and new account
> is created in Midpoint,

> Using Midpoint 3.0

> Version 	3.0
> Git describe 	git-v3.0
> If I remove the username generation and add a username attribute to the CSV
> feed it works as expected, this is just when generating the username, is it
> maybe because the role is getting assigned before Midpoint has time to
> generate the username and such?

> Jason

> On Tue, Nov 4, 2014 at 9:57 AM, Ivan Noris < ivan.noris at evolveum.com > wrote:

> > Hi Jason,
> 

> > just to be sure: these error messages have timestamp from today; but you've
> > reported your problem to the list yesterday.
> 

> > Could you please:
> 

> > 1) double check that the log is the correct one / or find the (supposed)
> > error messages in previously rotated log (stored in the same directory as
> > idm.log, but the name derived from the date..)
> 
> > 2) replicate the issue and send current idm.log fragment
> 

> > The messages referenced here are ok = we don't see anything yet.
> 

> > Also please, what version of midPoint are you using..?
> 

> > Thanks,
> 
> > regards,
> 
> > Ivan
> 

> > On 11/04/2014 03:25 PM, Jason Everling wrote:
> 

> > > I added a new line to the CSV so it could create a new user, it gets
> > > created
> > > in Midpoint and the role and org assigned, the only item in the log that
> > > stands out is,
> > 
> 

> > > 2014-11-04 08:22:11,914 [PROVISIONING] [midPointScheduler_Worker-2] WARN
> > > (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): The
> > > resource: SonisWeb-Generate (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa)
> > > does
> > > not provide definition for null value of simulated activation attribute
> > 
> 

> > > There is no other errors besides that,
> > 
> 

> > > 2014-11-04 08:09:00,859 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:09:29,824 [REPOSITORY] [midPointScheduler_Worker-3] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:12:20,134 [REPOSITORY] [midPointScheduler_Worker-3] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:12:20,247 [REPOSITORY] [midPointScheduler_Worker-9] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:14:00,397 [REPOSITORY] [midPointScheduler_Worker-9] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:22:00,465 [REPOSITORY] [midPointScheduler_Worker-3] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:22:06,150 [REPOSITORY] [midPointScheduler_Worker-2] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:22:06,271 [REPOSITORY] [midPointScheduler_Worker-2] INFO
> > > (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
> > > On
> > > release of batch it still contained JDBC statements
> > 
> 
> > > 2014-11-04 08:22:11,914 [PROVISIONING] [midPointScheduler_Worker-2] WARN
> > > (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): The
> > > resource: SonisWeb-Generate (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa)
> > > does
> > > not provide definition for null value of simulated activation attribute
> > 
> 

> > > On Tue, Nov 4, 2014 at 1:17 AM, Ivan Noris < Ivan.Noris at evolveum.com >
> > > wrote:
> > 
> 

> > > > Jason,
> > > 
> > 
> 

> > > > could you please check error messages from idm.log from the time of the
> > > > supposed creation?
> > > 
> > 
> 

> > > > Thanks,
> > > 
> > 
> 
> > > > Ivan
> > > 
> > 
> 

> > > > > From: "Jason Everling" < jeverling at bshp.edu >
> > > > 
> > > 
> > 
> 
> > > > > To: "midPoint General Discussion" < midpoint at lists.evolveum.com >
> > > > 
> > > 
> > 
> 
> > > > > Sent: Monday, November 3, 2014 11:50:06 PM
> > > > 
> > > 
> > 
> 
> > > > > Subject: [midPoint] Account Creation, Not Being created in AD
> > > > 
> > > 
> > 
> 

> > > > > So my director wanted to see it fully automated so all I basically
> > > > > had
> > > > > to
> > > > > do
> > > > > was modify the CSV resource to generate the usernames and email
> > > > > addresses,
> > > > > done, this works.
> > > > 
> > > 
> > 
> 

> > > > > The account gets created in Midpoint from the CSV, gets an Org
> > > > > assigned
> > > > > and
> > > > > gets a Role assigned. The role has an inducement for active directory
> > > > > but
> > > > > even though the account gets the role assigned an account in AD does
> > > > > not
> > > > > get
> > > > > created. Now if I modify the user in midpoint, lets say just change a
> > > > > letter
> > > > > in the personal email address field the AD account creation kicks
> > > > > off.
> > > > 
> > > 
> > 
> 

> > > > > I cannot seem to figure out why the AD account does not get created
> > > > > even
> > > > > though it gets the role assigned and before I changed it to create
> > > > > the
> > > > > usernames it was creating those accounts in AD.
> > > > 
> > > 
> > 
> 

> > > > > I attached the CSV Resource and the CSV Template that is being used,
> > > > 
> > > 
> > 
> 

> > > > > Thanks,
> > > > 
> > > 
> > 
> 
> > > > > JASON
> > > > 
> > > 
> > 
> 

> > > > > CONFIDENTIALITY NOTICE:
> > > > 
> > > 
> > 
> 
> > > > > This e-mail together with any attachments is proprietary and
> > > > > confidential;
> > > > > intended for only the recipient(s) named above and may contain
> > > > > information
> > > > > that is privileged. You should not retain, copy or use this e-mail or
> > > > > any
> > > > > attachments for any purpose, or disclose all or any part of the
> > > > > contents
> > > > > to
> > > > > any person. Any views or opinions expressed in this e-mail are those
> > > > > of
> > > > > the
> > > > > author and do not represent those of the Baptist School of Health
> > > > > Professions. If you have received this e-mail in error, or are not
> > > > > the
> > > > > named
> > > > > recipient(s), you are hereby notified that any review, dissemination,
> > > > > distribution or copying of this communication is prohibited by the
> > > > > sender
> > > > > and to do so might constitute a violation of the Electronic
> > > > > Communications
> > > > > Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify
> > > > > the
> > > > > sender and delete this e-mail and any attachments from your computer.
> > > > 
> > > 
> > 
> 

> > > > > _______________________________________________
> > > > 
> > > 
> > 
> 
> > > > > midPoint mailing list
> > > > 
> > > 
> > 
> 
> > > > > midPoint at lists.evolveum.com
> > > > 
> > > 
> > 
> 
> > > > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > > > 
> > > 
> > 
> 

> > > > --
> > > 
> > 
> 
> > > > Ing. Ivan Noris
> > > 
> > 
> 
> > > > Senior Identity Management Engineer
> > > 
> > 
> 
> > > > evolveum.com
> > > 
> > 
> 
> > > > ___________________________________________
> > > 
> > 
> 
> > > > "Idem per idem - semper idem Vix."
> > > 
> > 
> 

> > > > _______________________________________________
> > > 
> > 
> 
> > > > midPoint mailing list
> > > 
> > 
> 
> > > > midPoint at lists.evolveum.com
> > > 
> > 
> 
> > > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > > 
> > 
> 

> > > CONFIDENTIALITY NOTICE:
> > 
> 
> > > This e-mail together with any attachments is proprietary and
> > > confidential;
> > > intended for only the recipient(s) named above and may contain
> > > information
> > > that is privileged. You should not retain, copy or use this e-mail or any
> > > attachments for any purpose, or disclose all or any part of the contents
> > > to
> > > any person. Any views or opinions expressed in this e-mail are those of
> > > the
> > > author and do not represent those of the Baptist School of Health
> > > Professions. If you have received this e-mail in error, or are not the
> > > named
> > > recipient(s), you are hereby notified that any review, dissemination,
> > > distribution or copying of this communication is prohibited by the sender
> > > and to do so might constitute a violation of the Electronic
> > > Communications
> > > Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> > > sender and delete this e-mail and any attachments from your computer.
> > 
> 

> > > _______________________________________________
> > 
> 
> > > midPoint mailing list midPoint at lists.evolveum.com
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > 
> 

> > --
> 
> > Ing. Ivan Noris
> 
> > Senior Identity Management Engineer evolveum.com
> > ___________________________________________
> 
> > "Idem per idem - semper idem Vix."
> 

> > _______________________________________________
> 
> > midPoint mailing list
> 
> > midPoint at lists.evolveum.com
> 
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> 

> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the named
> recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.

> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ing. Ivan Noris 
Senior Identity Management Engineer 
evolveum.com 
___________________________________________ 
"Idem per idem - semper idem Vix." 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141105/1955009f/attachment.htm>

More information about the midPoint mailing list