[midPoint] Account Creation, Not Being created in AD

Jason Everling jeverling at bshp.edu
Wed Nov 5 15:13:41 CET 2014


So the role that gets assigned is nothing special, I just created a new
role in the GUI and added the inducement for AD Resource. Eventually I will
change the permissions on the roles to match what they need to be in
production.

I attached the AD Resource and AD User Template,

JASON

On Wed, Nov 5, 2014 at 3:17 AM, Ivan Noris <Ivan.Noris at evolveum.com> wrote:

> Hi Jason,
>
> yes I think it's somehow depending on the fact that you are generating
> username.
>
> Can you please share details how AD accounts are constructed from the
> midpoint's username? What attributes are depending on user/name? DN?
> sAMAccountName? ... ?
> Also, could you send the role definition? I have some conditional roles
> that are assigned to user, but don't do anything if the condition is false.
> Which resembles your situation...
>
> BTW it's really strange for me so far. I'd expect at least some
> exception...
>
> Thanks,
> regards,
> Ivan
>
> ------------------------------
>
> *From: *"Jason Everling" <jeverling at bshp.edu>
> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *Sent: *Tuesday, November 4, 2014 5:19:31 PM
> *Subject: *Re: [midPoint] Account Creation, Not Being created in AD
>
>
> So yes, those are from today but instead of digging through to yesterday I
> just added a new line to the CSV feed, so new firstname,lastname,
> employeeID so that it would create a new account.
>
> I actually added 3 new lines to the CSV and all 3 get created in Midpoint,
> Role Assigned with AD inducement, and Org Assigned, the AD account never
> gets created though until I modify the account in Midpoint.
>
> That is the only log entry I get when the CSV feed is updated and new
> account is created in Midpoint,
>
> Using Midpoint 3.0
>
> Version 3.0  Git describe git-v3.0
> If I remove the username generation and add a username attribute to the
> CSV feed it works as expected, this is just when generating the username,
> is it maybe because the role is getting assigned before Midpoint has time
> to generate the username and such?
>
> Jason
>
> On Tue, Nov 4, 2014 at 9:57 AM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>>  Hi Jason,
>>
>> just to be sure: these error messages have timestamp from today; but
>> you've reported your problem to the list yesterday.
>>
>> Could you please:
>>
>> 1) double check that the log is the correct one / or find the (supposed)
>> error messages in previously rotated log (stored in the same directory as
>> idm.log, but the name derived from the date..)
>> 2) replicate the issue and send current idm.log fragment
>>
>> The messages referenced here are ok = we don't see anything yet.
>>
>> Also please, what version of midPoint are you using..?
>>
>> Thanks,
>> regards,
>> Ivan
>>
>>
>> On 11/04/2014 03:25 PM, Jason Everling wrote:
>>
>> I added a new line to the CSV so it could create a new user, it gets
>> created in Midpoint and the role and org assigned, the only item in the log
>> that stands out is,
>>
>>  2014-11-04 08:22:11,914 [PROVISIONING] [midPointScheduler_Worker-2]
>> WARN (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): The
>> resource: SonisWeb-Generate (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa) does
>> not provide definition for null value of simulated activation attribute
>>
>>  There is no other errors besides that,
>>
>>  2014-11-04 08:09:00,859 [REPOSITORY] [midPointScheduler_Worker-6] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:09:29,824 [REPOSITORY] [midPointScheduler_Worker-3] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:12:20,134 [REPOSITORY] [midPointScheduler_Worker-3] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:12:20,247 [REPOSITORY] [midPointScheduler_Worker-9] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:14:00,397 [REPOSITORY] [midPointScheduler_Worker-9] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:22:00,465 [REPOSITORY] [midPointScheduler_Worker-3] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:22:06,150 [REPOSITORY] [midPointScheduler_Worker-2] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:22:06,271 [REPOSITORY] [midPointScheduler_Worker-2] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2014-11-04 08:22:11,914 [PROVISIONING] [midPointScheduler_Worker-2] WARN
>> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): The
>> resource: SonisWeb-Generate (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa) does
>> not provide definition for null value of simulated activation attribute
>>
>> On Tue, Nov 4, 2014 at 1:17 AM, Ivan Noris <Ivan.Noris at evolveum.com>
>> wrote:
>>
>>>  Jason,
>>>
>>>  could you please check error messages from idm.log from the time of
>>> the supposed creation?
>>>
>>>  Thanks,
>>>  Ivan
>>>
>>>  ------------------------------
>>>
>>> *From: *"Jason Everling" <jeverling at bshp.edu>
>>> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
>>> *Sent: *Monday, November 3, 2014 11:50:06 PM
>>> *Subject: *[midPoint] Account Creation, Not Being created in AD
>>>
>>>
>>>  So my director wanted to see it fully automated so all I basically had
>>> to do was modify the CSV resource to generate the usernames and email
>>> addresses, done, this works.
>>>
>>>  The account gets created in Midpoint from the CSV, gets an Org
>>> assigned and gets a Role assigned. The role has an inducement for active
>>> directory but even though the account gets the role assigned an account in
>>> AD does not get created. Now if I modify the user in midpoint, lets say
>>> just change a letter in the personal email address field the AD account
>>> creation kicks off.
>>>
>>>  I cannot seem to figure out why the AD account does not get created
>>> even though it gets the role assigned and before I changed it to create the
>>> usernames it was creating those accounts in AD.
>>>
>>>  I attached the CSV Resource and the CSV Template that is being used,
>>>
>>>  Thanks,
>>> JASON
>>>
>>>
>>>
>>>
>>>
>>>   CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>>  _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>  --
>>>    Ing. Ivan Noris
>>>   Senior Identity Management Engineer
>>>   evolveum.com
>>>   ___________________________________________
>>>            "Idem per idem - semper idem Vix."
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer
>>   evolveum.com
>>   ___________________________________________
>>            "Idem per idem - semper idem Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer
>   evolveum.com
>   ___________________________________________
>            "Idem per idem - semper idem Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141105/5d648320/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AD_default_user_template.xml
Type: text/xml
Size: 4289 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141105/5d648320/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AD_development.xml
Type: text/xml
Size: 23025 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141105/5d648320/attachment-0001.xml>


More information about the midPoint mailing list