[midPoint] Account Creation, Not Being created in AD
Ivan Noris
ivan.noris at evolveum.com
Thu Nov 6 17:36:51 CET 2014
Hi Jason,
it seems you've hit a bug. I've replicated it on midPoint master.
The issue is now being investigated by our developers in order to fix
it. I will drop a message to the list when it's resolved.
Regards,
Ivan
On 11/05/2014 03:13 PM, Jason Everling wrote:
> So the role that gets assigned is nothing special, I just created a
> new role in the GUI and added the inducement for AD Resource.
> Eventually I will change the permissions on the roles to match what
> they need to be in production.
>
> I attached the AD Resource and AD User Template,
>
> JASON
>
> On Wed, Nov 5, 2014 at 3:17 AM, Ivan Noris <Ivan.Noris at evolveum.com
> <mailto:Ivan.Noris at evolveum.com>> wrote:
>
> Hi Jason,
>
> yes I think it's somehow depending on the fact that you are
> generating username.
>
> Can you please share details how AD accounts are constructed from
> the midpoint's username? What attributes are depending on
> user/name? DN? sAMAccountName? ... ?
> Also, could you send the role definition? I have some conditional
> roles that are assigned to user, but don't do anything if the
> condition is false. Which resembles your situation...
>
> BTW it's really strange for me so far. I'd expect at least some
> exception...
>
> Thanks,
> regards,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Jason Everling" <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>>
> *To: *"midPoint General Discussion"
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> *Sent: *Tuesday, November 4, 2014 5:19:31 PM
> *Subject: *Re: [midPoint] Account Creation, Not Being created
> in AD
>
>
> So yes, those are from today but instead of digging through to
> yesterday I just added a new line to the CSV feed, so new
> firstname,lastname, employeeID so that it would create a new
> account.
>
> I actually added 3 new lines to the CSV and all 3 get created
> in Midpoint, Role Assigned with AD inducement, and Org
> Assigned, the AD account never gets created though until I
> modify the account in Midpoint.
>
> That is the only log entry I get when the CSV feed is updated
> and new account is created in Midpoint,
>
> Using Midpoint 3.0
>
> Version 3.0
> Git describe git-v3.0
>
>
> If I remove the username generation and add a username
> attribute to the CSV feed it works as expected, this is just
> when generating the username, is it maybe because the role is
> getting assigned before Midpoint has time to generate the
> username and such?
>
> Jason
>
> On Tue, Nov 4, 2014 at 9:57 AM, Ivan Noris
> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi Jason,
>
> just to be sure: these error messages have timestamp from
> today; but you've reported your problem to the list yesterday.
>
> Could you please:
>
> 1) double check that the log is the correct one / or find
> the (supposed) error messages in previously rotated log
> (stored in the same directory as idm.log, but the name
> derived from the date..)
> 2) replicate the issue and send current idm.log fragment
>
> The messages referenced here are ok = we don't see
> anything yet.
>
> Also please, what version of midPoint are you using..?
>
> Thanks,
> regards,
> Ivan
>
>
> On 11/04/2014 03:25 PM, Jason Everling wrote:
>
> I added a new line to the CSV so it could create a new
> user, it gets created in Midpoint and the role and org
> assigned, the only item in the log that stands out is,
>
> 2014-11-04 08:22:11,914 [PROVISIONING]
> [midPointScheduler_Worker-2] WARN
> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
> The resource: SonisWeb-Generate
> (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa) does not
> provide definition for null value of simulated
> activation attribute
>
> There is no other errors besides that,
>
> 2014-11-04 08:09:00,859 [REPOSITORY]
> [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:09:29,824 [REPOSITORY]
> [midPointScheduler_Worker-3] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:12:20,134 [REPOSITORY]
> [midPointScheduler_Worker-3] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:12:20,247 [REPOSITORY]
> [midPointScheduler_Worker-9] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:14:00,397 [REPOSITORY]
> [midPointScheduler_Worker-9] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:22:00,465 [REPOSITORY]
> [midPointScheduler_Worker-3] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:22:06,150 [REPOSITORY]
> [midPointScheduler_Worker-2] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:22:06,271 [REPOSITORY]
> [midPointScheduler_Worker-2] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC
> statements
> 2014-11-04 08:22:11,914 [PROVISIONING]
> [midPointScheduler_Worker-2] WARN
> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
> The resource: SonisWeb-Generate
> (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa) does not
> provide definition for null value of simulated
> activation attribute
>
> On Tue, Nov 4, 2014 at 1:17 AM, Ivan Noris
> <Ivan.Noris at evolveum.com
> <mailto:Ivan.Noris at evolveum.com>> wrote:
>
> Jason,
>
> could you please check error messages from idm.log
> from the time of the supposed creation?
>
> Thanks,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Jason Everling" <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>>
> *To: *"midPoint General Discussion"
> <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> *Sent: *Monday, November 3, 2014 11:50:06 PM
> *Subject: *[midPoint] Account Creation, Not
> Being created in AD
>
>
> So my director wanted to see it fully
> automated so all I basically had to do was
> modify the CSV resource to generate the
> usernames and email addresses, done, this works.
>
> The account gets created in Midpoint from the
> CSV, gets an Org assigned and gets a Role
> assigned. The role has an inducement for
> active directory but even though the account
> gets the role assigned an account in AD does
> not get created. Now if I modify the user in
> midpoint, lets say just change a letter in the
> personal email address field the AD account
> creation kicks off.
>
> I cannot seem to figure out why the AD account
> does not get created even though it gets the
> role assigned and before I changed it to
> create the usernames it was creating those
> accounts in AD.
>
> I attached the CSV Resource and the CSV
> Template that is being used,
>
> Thanks,
> JASON
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is
> proprietary and confidential; intended for
> only the recipient(s) named above and may
> contain information that is privileged. You
> should not retain, copy or use this e-mail or
> any attachments for any purpose, or disclose
> all or any part of the contents to any person.
> Any views or opinions expressed in this e-mail
> are those of the author and do not represent
> those of the Baptist School of Health
> Professions. If you have received this e-mail
> in error, or are not the named recipient(s),
> you are hereby notified that any review,
> dissemination, distribution or copying of this
> communication is prohibited by the sender and
> to do so might constitute a violation of the
> Electronic Communications Privacy Act, 18
> U.S.C. section 2510-2521. Please immediately
> notify the sender and delete this e-mail and
> any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is
> proprietary and confidential; intended for only the
> recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use
> this e-mail or any attachments for any purpose, or
> disclose all or any part of the contents to any
> person. Any views or opinions expressed in this e-mail
> are those of the author and do not represent those of
> the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named
> recipient(s), you are hereby notified that any review,
> dissemination, distribution or copying of this
> communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic
> Communications Privacy Act, 18 U.S.C. section
> 2510-2521. Please immediately notify the sender and
> delete this e-mail and any attachments from your
> computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above
> and may contain information that is privileged. You should not
> retain, copy or use this e-mail or any attachments for any
> purpose, or disclose all or any part of the contents to any
> person. Any views or opinions expressed in this e-mail are
> those of the author and do not represent those of the Baptist
> School of Health Professions. If you have received this e-mail
> in error, or are not the named recipient(s), you are hereby
> notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and
> to do so might constitute a violation of the Electronic
> Communications Privacy Act, 18 U.S.C. section 2510-2521.
> Please immediately notify the sender and delete this e-mail
> and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________
"Idem per idem - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141106/8c90b31b/attachment.htm>
More information about the midPoint
mailing list