[midPoint] AD DistinguishedName, Iteration Token not working

Ivan Noris ivan.noris at evolveum.com
Wed Nov 19 10:39:47 CET 2014 

Hi Jason,

I've just tried to do similar example on my OpenDJ, which I have
installed locally.

The iterator worked flawlessly when I also had the
<maxIterations>5</maxIterations> attribute defined (without this, the
request to save failed immediatelly).

Can you please specify:
- version of midpoint
- version of AD connector (already asked by Pavol)
- version of Connector Server (already asked by Pavol)

Also, the space after the fullname in CN part is probably not what you
wanted ("cn=Tammy Smith*_*, ..." - I replaced the space by the
underscore for brevity). The space should not be there. Just comma.

Regards,
Ivan


On 11/18/2014 10:21 PM, Jason Everling wrote:
> I have been doing some other testing and it seems when the user has
> the same firstname lastname the account will fail to create on active
> directory. I double-checked the code throughout github and it seems
> correct but I get the error which even shows that it is not adding the
> iterationToken to the end of the lastname like it should from the code,
>
>                 <attribute>
>                     <ref>icfs:name</ref>
>                     <displayName>Distinguished Name</displayName>
>                     <limitations>
>                         <minOccurs>0</minOccurs>
>                         <access>
>                             <read>true</read>
>                             <add>true</add>
>                             <modify>true</modify>
>                         </access>
>                     </limitations>
>                     <outbound>
>                         <source>
>                             <path>$user/givenName</path>
>                         </source>
>                         <source>
>                             <path>$user/familyName</path>
>                         </source>
>                         <source>
>                             <path>$user/organization</path>
>                         </source>
>                         <expression>
>                             <script>
>                                 <code>
> 'cn='+givenName+' '+familyName+iterationToken+' ,'+organization+''
>                                 </code>
>                             </script>
>                         </expression>
>                     </outbound>
>                 </attribute>
>
> In there error blow it should be using the persons iterator which is 2
> so it should be trying to create it as LDAP://dc1.test.local/cn=Tammy
> Smith2 ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL but it is not.
>
> 2014-11-18 15:08:45,314 [MODEL] [http-bio-8080-exec-68] ERROR
> (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error
> executing changes for (account (default) on
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active Directory: Office
> 365, Google Apps, Moodle)): Can't process shadow: null (OID:null):
> Generic error in connector:
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The
> object already exists.
> : when creating LDAP://dc1.test.local/cn=Tammy Smith ,OU=AAD,OU=SHP
> Students,DC=TEST,DC=LOCAL)
> com.evolveum.midpoint.util.exception.CommunicationException: Can't
> process shadow: null (OID:null): Generic error in connector:
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The
> object already exists.
> : when creating LDAP://dc1.test.local/cn=Tammy Smith ,OU=AAD,OU=SHP
> Students,DC=TEST,DC=LOCAL)
>
> Thanks,
> JASON
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com
  ___________________________________________
           "Idem per idem - semper idem Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141119/07063e2d/attachment.htm>

More information about the midPoint mailing list