[midPoint] Midpoint 3.3 and OpenLDAP
Pálos Gustáv
gustav.palos at gmail.com
Thu Dec 31 09:51:10 CET 2015
Hi Shawn,
before Christmas we upgraded demo.evolveum.com to OpenLDAP with the latest
LDAP Connector and fix some issues.
Can you download master LDAP connector
<https://github.com/Evolveum/connector-ldap/>, build it and check with you
configuration?
PF 2016
Gusto
2015-12-21 15:52 GMT+01:00 Shawn McKinney <smckinney at symas.com>:
> Hello
>
> I am working on a sample deployment of Midpoint 3.3. Here are some
> details:
>
> O/S : CentOS 7 64-bit
> JDK : java version “1.7.0_91”, OpenJDK Runtime Environment
> (rhel-2.6.2.1.el7_1-x86_64 u91-b00), OpenJDK 64-Bit Server VM (build
> 24.91-b01, mixed mode)
> Tomcat : 8.0.29
> PostgreSQL : PostgreSQL 9.2.14 on x86_64-redhat-linux-gnu
> OpenLDAP : slapd 2.4.43
>
> The current task, get openldap setup as a resource with Midpoint so it can
> start to manage accounts.
>
> Here are some specifics about the openldap deployment.
>
> 1. in the slapd.conf I have added the following acls:
> # midpoint ACLs:
>
> access to attrs=userPassword,shadowLastChange by
> dn="cn=idm,ou=Administrators,dc=example,dc=com" write
> by
> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
> by anonymous auth by self write
> by * none
>
> access to dn.base=""
> by * read
>
> access to dn.subtree="ou=people,dc=example,dc=com"
> by dn="cn=idm,ou=Administrators,dc=example,dc=com" write
>
> access to dn.subtree="ou=groups,dc=example,dc=com"
> by dn="cn=idm,ou=Administrators,dc=example,dc=com" write
>
> access to * by
> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
> by dn="cn=idm,ou=Administrators,dc=example,dc=com" read by self
> read by * none
>
> 2. I have added the following user to the directory to be used by midpoint
> connections:
> dn: cn=idm,ou=Administrators,dc=example,dc=com
> objectClass: inetOrgPerson
> cn: idm
> sn: IDM Administrator
> description: Special LDAP acccount used by the IDM to access the LDAP data.
> userPassword:: e1NTSEF9UjVLRjNLNFgyRlg1Z2tXS3VEeG00TTZnWnlPMFFnTkY=
>
> 3. I have successfully tested creating connections with this user with
> another application (apache directory studio).
>
>
> Here are some details about my openldap setup. It is failing when I try
> to list resources using the admin UI. Can you help?
>
> 1. I used this file as the base config:
> https://github.com/Evolveum/midpoint/blob/master/samples/resources/openldap/openldap-localhost-medium.xml
>
> 2. with some changes:
> <icfc:configurationProperties>
> <icfcldap:port>389</icfcldap:port>
> <icfcldap:host>10.72.85.21</icfcldap:host>
>
> <icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext>
>
> <icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
>
> <icfcldap:bindPassword><t:clearValue>secret</t:clearValue></icfcldap:bindPassword>
>
> <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
>
> <!--icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm-->
>
> <icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute>
>
> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule>
>
> <icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
>
> <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
> </icfc:configurationProperties>
> <icfc:resultsHandlerConfiguration>
>
> <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
>
> <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
>
> <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
> </icfc:resultsHandlerConfiguration>
> </connectorConfiguration>
>
> 3. Which can then be successfully imported to the admin UI.
>
> 4. When I list the resources, I get an error:
>
> 2015-12-21 14:49:00,921 [UCF] [http-nio-8080-exec-8] ERROR
> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception
> java.lang.NullPointerException in
> connector:bcf82b24-29fa-490a-8210-bc7ce827af3d(ICF
> com.evolveum.polygon.connector.ldap.LdapConnector v1.4.2.0):
> resource:d0811790-1d80-11e4-86b2-3c970e467874(OpenLDAP): null
> java.lang.NullPointerException: null
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.<init>(LdapNetworkConnection.java:231)
> ~[api-all-1.0.0-M32-e1.jar:1.0.0-M32-e1]
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.<init>(LdapNetworkConnection.java:360)
> ~[api-all-1.0.0-M32-e1.jar:1.0.0-M32-e1]
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.connect(AbstractLdapConnector.java:1115)
> ~[connector-ldap-1.4.2.0.jar:na]
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.init(AbstractLdapConnector.java:165)
> ~[connector-ldap-1.4.2.0.jar:na]
> at
> org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.makeObject(ConnectorPoolManager.java:131)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at
> org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.makeObject(ConnectorPoolManager.java:83)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at
> org.identityconnectors.framework.impl.api.local.ObjectPool.makeObject(ObjectPool.java:398)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at
> org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObjectNoTest(ObjectPool.java:294)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at
> org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:248)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:87)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]
> at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source)
> ~[na:na]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_91]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]
> at
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]
> at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source)
> ~[na:na]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_91]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]
> at
> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]
> at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source)
> ~[na:na]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_91]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]
> at
> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]
> at
> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.schema(AbstractConnectorFacade.java:145)
> ~[connector-framework-internal-1.4.2.0.jar:na]
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:588)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:498)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1)
> [provisioning-impl-3.3.jar:na]
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [aspectjtools-1.7.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:473)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:162)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:129)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:834)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:258)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:159)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:130)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.completeObject(ProvisioningServiceImpl.java:633)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchRepoObjects(ProvisioningServiceImpl.java:561)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjects_aroundBody6(ProvisioningServiceImpl.java:500)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure7.run(ProvisioningServiceImpl.java:1)
> [provisioning-impl-3.3.jar:na]
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [aspectjtools-1.7.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjects(ProvisioningServiceImpl.java:486)
> [provisioning-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.model.impl.controller.ModelController.searchObjects_aroundBody8(ModelController.java:846)
> [model-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.model.impl.controller.ModelController$AjcClosure9.run(ModelController.java:1)
> [model-impl-3.3.jar:na]
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [aspectjtools-1.7.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:63)
> [util-3.3.jar:na]
> at
> com.evolveum.midpoint.model.impl.controller.ModelController.searchObjects(ModelController.java:799)
> [model-impl-3.3.jar:na]
> at
> com.evolveum.midpoint.web.component.data.ObjectDataProvider.internalIterator(ObjectDataProvider.java:123)
> [classes/:na]
> at
> com.evolveum.midpoint.web.component.data.BaseSortableDataProvider.iterator(BaseSortableDataProvider.java:190)
> [classes/:na]
> at
> org.apache.wicket.markup.repeater.data.DataViewBase$ModelIterator.<init>(DataViewBase.java:107)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.markup.repeater.data.DataViewBase.getItemModels(DataViewBase.java:74)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.markup.repeater.AbstractPageableView.getItemModels(AbstractPageableView.java:101)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.markup.repeater.RefreshingView.onPopulate(RefreshingView.java:93)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:123)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.markup.repeater.AbstractPageableView.onBeforeRender(AbstractPageableView.java:115)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:949)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.beforeRender(Component.java:1017)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.onBeforeRender(Component.java:3833)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:949)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.beforeRender(Component.java:1017)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.onBeforeRender(Component.java:3833)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:949)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.beforeRender(Component.java:1017)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.onBeforeRender(Component.java:3833)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:949)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.beforeRender(Component.java:1017)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.onBeforeRender(Component.java:3833)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.markup.html.form.Form.onBeforeRender(Form.java:1803)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:949)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.beforeRender(Component.java:1017)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.onBeforeRender(Component.java:3833)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Page.onBeforeRender(Page.java:809)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:949)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.beforeRender(Component.java:1017)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.Component.internalPrepareForRender(Component.java:2201)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Page.internalPrepareForRender(Page.java:240)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Component.render(Component.java:2290)
> [wicket-core-6.20.0.jar:6.20.0]
> at org.apache.wicket.Page.renderPage(Page.java:1024)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:139)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:284)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> [wicket-request-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> [wicket-core-6.20.0.jar:6.20.0]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [catalina.jar:8.0.29]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
> [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
> [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [catalina.jar:8.0.29]
> at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:78)
> [classes/:na]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
> [catalina.jar:8.0.29]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
> [catalina.jar:8.0.29]
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
> [tomcat-coyote.jar:8.0.29]
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
> [tomcat-coyote.jar:8.0.29]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
> [tomcat-coyote.jar:8.0.29]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
> [tomcat-coyote.jar:8.0.29]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [na:1.7.0_91]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [na:1.7.0_91]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util.jar:8.0.29]
> at java.lang.Thread.run(Thread.java:745) [na:1.7.0_91]
> [midpoint at localhost fortress]$
>
>
> 5. Here is the connector that's active:
> <icfc:configurationProperties xmlns:gen189="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector
> ">
>
> 6. Here is the resource as currently configured in my env:
> <resource xmlns="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="
> http://prism.evolveum.com/xml/ns/public/types-3"
> oid="d0811790-1d80-11e4-86b2-3c970e467874" version="0">
> <name>OpenLDAP</name>
> <description>
> LDAP resource using a ConnId LDAP connector. It contains
> configuration
> for use with OpenLDAP servers.
> </description>
> <metadata>
> <createTimestamp>2015-12-19T01:12:45.236Z</createTimestamp>
> <creatorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"/>
> <createChannel>
> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
> </createChannel>
> </metadata>
> <connectorRef oid="bcf82b24-29fa-490a-8210-bc7ce827af3d"
> type="c:ConnectorType">
> <!-- ICF com.evolveum.polygon.connector.ldap.LdapConnector
> v1.4.2.0 -->
> <description>
> Reference to the OpenICF LDAP connector. This is dynamic
> reference, it will be translated to
> OID during import.
> </description>
> <filter>
> <q:equal>
> <q:path xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3
> ">c:connectorType</q:path>
>
> <q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
> </q:equal>
> </filter>
> </connectorRef>
> <connectorConfiguration xmlns:icfc="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3
> ">
> <icfc:resultsHandlerConfiguration>
>
> <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
>
> <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
>
> <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
> </icfc:resultsHandlerConfiguration>
> <icfc:configurationProperties xmlns:gen189="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector
> ">
> <gen189:port>389</gen189:port>
> <gen189:vlvSortAttribute>uid</gen189:vlvSortAttribute>
> <gen189:baseContext>dc=example,dc=com</gen189:baseContext>
>
> <gen189:vlvSortOrderingRule>2.5.13.3</gen189:vlvSortOrderingRule>
>
> <gen189:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</gen189:bindDn>
> <gen189:pagingStrategy>auto</gen189:pagingStrategy>
>
> <gen189:operationalAttributes>memberOf</gen189:operationalAttributes>
>
> <gen189:operationalAttributes>createTimestamp</gen189:operationalAttributes>
> <gen189:host>10.72.85.21</gen189:host>
> <gen189:bindPassword>
> <t:encryptedData>
> <t:encryptionMethod>
> <t:algorithm>
> http://www.w3.org/2001/04/xmlenc#aes128-cbc</t:algorithm>
> </t:encryptionMethod>
> <t:keyInfo>
> <t:keyName>R7wh8+ARxcNGTzk5EsXG79KJvgA=</t:keyName>
> </t:keyInfo>
> <t:cipherData>
>
> <t:cipherValue>Sim3cp2FMxa4XXlPiO4QgpDS8BNhMN6v57HBtQ7WbX0=</t:cipherValue>
> </t:cipherData>
> </t:encryptedData>
> </gen189:bindPassword>
> </icfc:configurationProperties>
> </connectorConfiguration>
> <schema>
> <generationConstraints>
> <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
>
> <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
> <generateObjectClass>ri:groupOfNames</generateObjectClass>
>
> <generateObjectClass>ri:organizationalUnit</generateObjectClass>
> </generationConstraints>
> </schema>
> <schemaHandling>
> <objectType>
> <kind>account</kind>
> <displayName>Normal Account</displayName>
> <default>true</default>
> <objectClass>ri:inetOrgPerson</objectClass>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:dn</c:ref>
> <displayName>Distinguished Name</displayName>
> <limitations>
> <minOccurs>0</minOccurs>
> <access>
> <read>true</read>
> <add>true</add>
> <modify>true</modify>
> </access>
> </limitations>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
> <outbound>
> <source>
> <c:path>$user/name</c:path>
> </source>
> <expression>
> <script>
> <code>
> 'uid=' +
> name + iterationToken + ',ou=people,dc=example,dc=com'
> </code>
> </script>
> </expression>
> </outbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:entryUUID</c:ref>
> <displayName>Entry UUID</displayName>
> <limitations>
> <access>
> <read>true</read>
> <add>false</add>
> <modify>true</modify>
> </access>
> </limitations>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:cn</c:ref>
> <displayName>Common Name</displayName>
> <limitations>
> <minOccurs>0</minOccurs>
> <access>
> <read>true</read>
> <add>true</add>
> <modify>true</modify>
> </access>
> </limitations>
> <outbound>
> <source>
> <c:path>$user/fullName</c:path>
> </source>
> </outbound>
> <inbound>
> <target>
> <c:path>$user/fullName</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:sn</c:ref>
> <displayName>Surname</displayName>
> <limitations>
> <minOccurs>0</minOccurs>
> </limitations>
> <outbound>
> <source>
> <c:path>familyName</c:path>
> </source>
> </outbound>
> <inbound>
> <target>
> <c:path>familyName</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:givenName</c:ref>
> <displayName>Given Name</displayName>
> <outbound>
> <source>
> <c:path xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3
> ">$c:user/c:givenName</c:path>
> </source>
> </outbound>
> <inbound>
> <target>
> <c:path xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3
> ">$c:user/c:givenName</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:uid</c:ref>
> <displayName>Login Name</displayName>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
> <outbound>
> <strength>weak</strength>
> <source>
> <description>Source may have
> description</description>
> <c:path>$user/name</c:path>
> </source>
> <expression>
> <script>
> <code>name + iterationToken</code>
> </script>
> </expression>
> </outbound>
> <inbound>
> <target>
> <description>Targets may have
> description</description>
> <c:path xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3
> ">$c:user/c:name</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:description</c:ref>
> <outbound>
> <strength>weak</strength>
> <expression>
> <description>Expression that assigns a fixed
> value</description>
> <value>Created by midPoint</value>
> </expression>
> </outbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:l</c:ref>
> <displayName>Location</displayName>
> <outbound>
> <source>
> <c:path>$user/locality</c:path>
> </source>
> </outbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:employeeType</c:ref>
> <displayName>Employee Type</displayName>
> <tolerant>false</tolerant>
> <outbound>
> <source>
> <c:path>$user/employeeType</c:path>
> </source>
> </outbound>
> </attribute>
> <association>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:group</c:ref>
> <displayName>LDAP Group Membership</displayName>
> <kind>entitlement</kind>
> <intent>ldapGroup</intent>
> <direction>objectToSubject</direction>
> <associationAttribute>ri:member</associationAttribute>
> <valueAttribute>ri:dn</valueAttribute>
> </association>
> <iteration>
> <maxIterations>5</maxIterations>
> </iteration>
> <protected>
> <filter>
> <q:equal>
> <q:matching>
> http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase
> </q:matching>
> <q:path xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">attributes/ri:dn</q:path>
>
> <q:value>cn=idm,ou=Administrators,dc=example,dc=com</q:value>
> </q:equal>
> </filter>
> </protected>
> <activation>
> <administrativeStatus>
> <outbound/>
> <inbound>
> <strength>weak</strength>
> <expression>
> <asIs/>
> </expression>
> </inbound>
> </administrativeStatus>
> </activation>
> <credentials>
> <password>
> <outbound>
> <expression>
> <asIs/>
> </expression>
> </outbound>
> <inbound>
> <strength>weak</strength>
> <expression>
> <generate/>
> </expression>
> </inbound>
> </password>
> </credentials>
> </objectType>
> <objectType>
> <kind>entitlement</kind>
> <intent>ldapGroup</intent>
> <displayName>LDAP Group</displayName>
> <objectClass>ri:groupOfNames</objectClass>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:dn</c:ref>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
> <outbound>
> <source>
> <c:path>$focus/name</c:path>
> </source>
> <expression>
> <script>
> <code>
> import
> javax.naming.ldap.Rdn
> import
> javax.naming.ldap.LdapName
>
> dn = new
> LdapName('ou=groups,dc=example,dc=com')
> dn.add(new
> Rdn('cn', name.toString()))
> return
> dn.toString()
> </code>
> </script>
> </expression>
> </outbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:member</c:ref>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:distinguishedName</matchingRule>
> <fetchStrategy>minimal</fetchStrategy>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:cn</c:ref>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
> <outbound>
> <strength>weak</strength>
> <source>
> <c:path>$focus/name</c:path>
> </source>
> </outbound>
> </attribute>
> <attribute>
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:description</c:ref>
> <outbound>
> <source>
> <c:path>description</c:path>
> </source>
> </outbound>
> </attribute>
> <configuredCapabilities xmlns:cap="
> http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
> <cap:pagedSearch>
> <cap:defaultSortField>ri:uid</cap:defaultSortField>
> </cap:pagedSearch>
> </configuredCapabilities>
> </objectType>
> </schemaHandling>
> <consistency>
> <avoidDuplicateValues>true</avoidDuplicateValues>
> </consistency>
> <synchronization>
> <objectSynchronization>
> <enabled>true</enabled>
> <correlation>
> <q:description>
> Correlation expression is a search query.
> Following search queury will look for users
> that have "name"
> equal to the "uid" attribute of the account.
> Simply speaking,
> it will look for match in usernames in the IDM
> and the resource.
> The correlation rule always looks for users,
> so it will not match
> any other object type.
> </q:description>
> <q:equal>
> <q:path>name</q:path>
> <expression>
> <c:path xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">declare
> namespace ri='
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3';
> $account/attributes/ri:uid</c:path>
> </expression>
> </q:equal>
> </correlation>
> <reaction>
> <situation>linked</situation>
> <synchronize>true</synchronize>
> </reaction>
> <reaction>
> <situation>deleted</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
> </handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unlinked</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
> </handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unmatched</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus
> </handlerUri>
> </action>
> </reaction>
> </objectSynchronization>
> </synchronization>
> </resource>
>
>
> Shawn
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
--
s pozdravom
Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151231/13449e93/attachment.htm>
More information about the midPoint
mailing list