[midPoint] Issue with AD Synchronization process

Ivan Noris Ivan.Noris at evolveum.com
Fri Aug 28 12:00:46 CEST 2015


Hi Fabio, 

that was my guess. Glad it works now. 

Regards, 
Ivan 

----- Original Message -----

> From: "Fabio Contessi" <f.contessi at nsr.it>
> To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
> Sent: Friday, August 28, 2015 11:54:42 AM
> Subject: Re: [midPoint] Issue with AD Synchronization process

> Ok Ivan, I have a Connector Server host different from Domain Controller
> host. I have resolved the issue: there were issues about DNS and Global
> Catalog configuration.

> Thanks and regards.

> Fabio

> > Il giorno 27/ago/2015, alle ore 18:01, Ivan Noris < ivan.noris at evolveum.com
> > >
> > ha scritto:
> 

> > Hi Fabio,
> 

> > I haven't tried LiveSync with AD for quite a long time, but I remember one
> > setup, where, running the Connector Server on DC, I had to have both set to
> > "localhost" for LiveSync.
> 

> > For provisioning I don't set these at all.
> 

> > I.
> 

> > On 08/27/2015 04:22 PM, Fabio Contessi wrote:
> 

> > > Ok, for the Sync* attributes I have put IP address and not the DNS name
> > > of
> > > the domain controller. Do you think this might be a problem?
> > 
> 

> > > Fabio
> > 
> 

> > > > Il giorno 27/ago/2015, alle ore 16:18, Ivan Noris <
> > > > Ivan.Noris at evolveum.com
> > > > >
> > > > ha scritto:
> > > 
> > 
> 

> > > > So far no idea, but can you please check your values for:
> > > 
> > 
> 

> > > > <gen927:LDAPHostName>xxx.xxx.xxx.x</gen927:LDAPHostName>
> > > 
> > 
> 
> > > > <gen927:SearchChildDomains>false</gen927:SearchChildDomains>
> > > 
> > 
> 
> > > > <gen927:DomainName>xxxx.xxxx.xxxx</gen927:DomainName>
> > > 
> > 
> 
> > > > <gen927:SyncGlobalCatalogServer>xxx.xxx.xxx.x</gen927:SyncGlobalCatalogServer>
> > > 
> > 
> 
> > > > <gen927:SyncDomainController>xxx.xxx.xxx.x</gen927:SyncDomainController>
> > > 
> > 
> 

> > > > If LDAPHostName/DomainName is problem, I assume normal provisioning
> > > > would
> > > > cause problems too.
> > > 
> > 
> 

> > > > Sync* attributes can cause problems only with synchronization. Can you
> > > > please
> > > > check if those are resolvable from the machine where connector server
> > > > runs?
> > > 
> > 
> 

> > > > Regards,
> > > 
> > 
> 
> > > > Ivan
> > > 
> > 
> 

> > > > ----- Original Message -----
> > > 
> > 
> 

> > > > > From: "Fabio Contessi" < f.contessi at nsr.it >
> > > > 
> > > 
> > 
> 
> > > > > To: "midPoint General Discussion" < midpoint at lists.evolveum.com >
> > > > 
> > > 
> > 
> 
> > > > > Sent: Thursday, August 27, 2015 1:57:17 PM
> > > > 
> > > 
> > 
> 
> > > > > Subject: Re: [midPoint] Issue with AD Synchronization process
> > > > 
> > > 
> > 
> 

> > > > > Hi Ivan,
> > > > 
> > > 
> > 
> 

> > > > > the zip attached file contains:
> > > > 
> > > 
> > 
> 

> > > > > - Resource-ActiveDirectorySyncOnly.xml: resource AD as configured in
> > > > > the
> > > > > environment;
> > > > 
> > > 
> > 
> 

> > > > > - ObjectTemplate-CreateFromAD.xml: the (empty) object template
> > > > > referenced
> > > > > in
> > > > > the resource;
> > > > 
> > > 
> > 
> 

> > > > > - TaskType-ADSync.xml: the task configured for starting the
> > > > > synchronization.
> > > > 
> > > 
> > 
> 

> > > > > Regards.
> > > > 
> > > 
> > 
> 

> > > > > Fabio
> > > > 
> > > 
> > 
> 

> > > > > > Il giorno 27/ago/2015, alle ore 13:12, Ivan Noris <
> > > > > > ivan.noris at evolveum.com
> > > > > > >
> > > > > > ha scritto:
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > Hi,
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > can you please send the resource (anonymized if needed) to see the
> > > > > > connector
> > > > > > configuration properties?
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > Regards,
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > Ivan
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > ----- Original Message -----
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > From: "Fabio Contessi" < f.contessi at nsr.it >
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > To: midpoint at lists.evolveum.com
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Sent: Thursday, August 27, 2015 12:29:58 PM
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Subject: [midPoint] Issue with AD Synchronization process
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > Hi,
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > I have a problem in executing synchronization process using an
> > > > > > > Active
> > > > > > > Directory as resource. I’m using:
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > - midpoint 3.2;
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > - Active Directory on Windows Server 2008 R2 Enterprise;
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > - Active Directory Connector Server 1.4.1.20257 on Windows Server
> > > > > > > 2012
> > > > > > > R2
> > > > > > > Standard Edition.
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > When I start the synchronization task it stops immediately giving
> > > > > > > the
> > > > > > > message:
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > Synchronization error: generic connector framework error:
> > > > > > > org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The
> > > > > > > given key was not present in the dictionary.)
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > Below an extract of the Connector Server log file concerning the
> > > > > > > synchronization error:
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > ConnectorServer.exe Error: 0 : Exception :
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Type: System.Collections.Generic.KeyNotFoundException
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Message: The given key was not present in the dictionary.
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Source: FrameworkInternal
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Stacktrace: at
> > > > > > > System.Collections.Generic.Dictionary`2.get_Item(TKey
> > > > > > > key)
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at
> > > > > > > Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Sync(ObjectClass
> > > > > > > objClass, SyncToken token, SyncResultsHandler handler,
> > > > > > > OperationOptions
> > > > > > > options) in
> > > > > > > d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
> > > > > > > 1196
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at
> > > > > > > Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.SyncImpl.Sync(ObjectClass
> > > > > > > objectClass, SyncToken token, SyncResultsHandler handler,
> > > > > > > OperationOptions
> > > > > > > options) in
> > > > > > > c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
> > > > > > > 1606
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at
> > > > > > > Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
> > > > > > > proxy, MethodInfo method, Object[] args) in
> > > > > > > c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
> > > > > > > 247
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at ___proxy1.Sync(ObjectClass , SyncToken , SyncResultsHandler ,
> > > > > > > OperationOptions )
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at
> > > > > > > Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
> > > > > > > proxy, MethodInfo method, Object[] args) in
> > > > > > > c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
> > > > > > > 1344
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at ___proxy1.Sync(ObjectClass , SyncToken , SyncResultsHandler ,
> > > > > > > OperationOptions )
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > at
> > > > > > > Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
> > > > > > > request) in
> > > > > > > c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
> > > > > > > 626
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > DateTime=2015-08-27T08:02:33.2560306Z
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > Any ideas on how to resolve the issue?
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > Thanks in advance.
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > ————————
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > Fabio Contessi
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > > _______________________________________________
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > midPoint mailing list
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > midPoint at lists.evolveum.com
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > > --
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > Ing. Ivan Noris
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > Senior Identity Management Engineer
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > evolveum.com
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > ___________________________________________
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > "Idem per idem - semper idem Vix."
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > _______________________________________________
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > midPoint mailing list
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > midPoint at lists.evolveum.com
> > > > > 
> > > > 
> > > 
> > 
> 
> > > > > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > > > > 
> > > > 
> > > 
> > 
> 

> > > > > _______________________________________________
> > > > 
> > > 
> > 
> 
> > > > > midPoint mailing list
> > > > 
> > > 
> > 
> 
> > > > > midPoint at lists.evolveum.com
> > > > 
> > > 
> > 
> 
> > > > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > > > 
> > > 
> > 
> 

> > > > --
> > > 
> > 
> 
> > > > Ing. Ivan Noris
> > > 
> > 
> 
> > > > Senior Identity Management Engineer
> > > 
> > 
> 
> > > > evolveum.com
> > > 
> > 
> 
> > > > ___________________________________________
> > > 
> > 
> 
> > > > "Idem per idem - semper idem Vix."
> > > 
> > 
> 
> > > > _______________________________________________
> > > 
> > 
> 
> > > > midPoint mailing list
> > > 
> > 
> 
> > > > midPoint at lists.evolveum.com
> > > 
> > 
> 
> > > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > > 
> > 
> 

> > > _______________________________________________
> > 
> 
> > > midPoint mailing list midPoint at lists.evolveum.com
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > 
> 

> > --
> 
> > Ing. Ivan Noris
> 
> > Senior Identity Management Engineer & IDM Architect evolveum.com
> > evolveum.com/blog/ ___________________________________________________
> 
> > "Semper Id(e)M Vix."
> 
> > _______________________________________________
> 
> > midPoint mailing list
> 
> > midPoint at lists.evolveum.com
> 
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> 

> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ing. Ivan Noris 
Senior Identity Management Engineer 
evolveum.com 
___________________________________________ 
"Idem per idem - semper idem Vix." 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150828/f8ea2eb0/attachment.htm>


More information about the midPoint mailing list