[midPoint] AD DistinguishedName, Iteration Token not working
Pavol Mederly
pavol.mederly at gmail.com
Wed Nov 19 10:35:11 CET 2014
Hello Jason,
one possible cause could be if AD connector (in your case) would not
correctly determine "AlreadyExists" situation. The connector is able to
do that (it is implemented in it and we've tested it many times) but one
never knows...
What version of AD connector do you use?
Could you share all parts of logs of the Connector Server related to
creation of "LDAP://dc1.test.local/cn=Tammy Smith ,OU=AAD,OU=SHP
Students,DC=TEST,DC=LOCAL" ?
Thank you,
Pavol
On 18. 11. 2014 22:21, Jason Everling wrote:
> I have been doing some other testing and it seems when the user has
> the same firstname lastname the account will fail to create on active
> directory. I double-checked the code throughout github and it seems
> correct but I get the error which even shows that it is not adding the
> iterationToken to the end of the lastname like it should from the code,
>
> <attribute>
> <ref>icfs:name</ref>
> <displayName>Distinguished Name</displayName>
> <limitations>
> <minOccurs>0</minOccurs>
> <access>
> <read>true</read>
> <add>true</add>
> <modify>true</modify>
> </access>
> </limitations>
> <outbound>
> <source>
> <path>$user/givenName</path>
> </source>
> <source>
> <path>$user/familyName</path>
> </source>
> <source>
> <path>$user/organization</path>
> </source>
> <expression>
> <script>
> <code>
> 'cn='+givenName+' '+familyName+iterationToken+' ,'+organization+''
> </code>
> </script>
> </expression>
> </outbound>
> </attribute>
>
> In there error blow it should be using the persons iterator which is 2
> so it should be trying to create it as LDAP://dc1.test.local/cn=Tammy
> Smith2 ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL but it is not.
>
> 2014-11-18 15:08:45,314 [MODEL] [http-bio-8080-exec-68] ERROR
> (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error
> executing changes for (account (default) on
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active Directory: Office
> 365, Google Apps, Moodle)): Can't process shadow: null (OID:null):
> Generic error in connector:
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The
> object already exists.
> : when creating LDAP://dc1.test.local/cn=Tammy Smith ,OU=AAD,OU=SHP
> Students,DC=TEST,DC=LOCAL)
> com.evolveum.midpoint.util.exception.CommunicationException: Can't
> process shadow: null (OID:null): Generic error in connector:
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The
> object already exists.
> : when creating LDAP://dc1.test.local/cn=Tammy Smith ,OU=AAD,OU=SHP
> Students,DC=TEST,DC=LOCAL)
>
> Thanks,
> JASON
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141119/c09a7a5f/attachment.htm>
More information about the midPoint
mailing list