[midPoint] Error fetching account from Exchange

Ващенков Алексей a.vashchenkov at solarsecurity.ru
Thu Jul 2 14:57:28 CEST 2015 

ActiveDirectoryConnector Verbose: 1 : Found object LDAP://isim/CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local
    DateTime=2015-07-02T12:54:28.0893413Z
ActiveDirectoryConnector Verbose: 1 : Unsupported attribute type ... calling ToString (Name: 'whenChanged'(0) Type: 'System.DateTime' String Value: '7/2/2015 6:32:36 AM'
    DateTime=2015-07-02T12:54:28.0893413Z
ActiveDirectoryConnector Verbose: 1 : Unsupported attribute type ... calling ToString (Name: 'whenCreated'(0) Type: 'System.DateTime' String Value: '7/2/2015 6:31:48 AM'
    DateTime=2015-07-02T12:54:28.0893413Z
ActiveDirectoryConnector.Api Verbose: 1 : Returning ''LDAP://isim/CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local'', in 6 ms
    DateTime=2015-07-02T12:54:28.0953416Z
ExchangeConnector.AccountHandler Verbose: 1 : Object returned from AD connector:  - ConnectorAttribute: Name='sAMAccountName', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='cn', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='displayName', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='mail', Value(s)='aanikeev.i.i2 at isim.local'
- ConnectorAttribute: Name='countryCode', Value(s)='0'
- ConnectorAttribute: Name='uSNChanged', Value(s)='802474'
- ConnectorAttribute: Name='uSNCreated', Value(s)='802465'
- ConnectorAttribute: Name='whenChanged', Value(s)='7/2/2015 6:32:36 AM'
- ConnectorAttribute: Name='whenCreated', Value(s)='7/2/2015 6:31:48 AM'
- ConnectorAttribute: Name='ad_container', Value(s)='OU=Региональный офис,OU=inrights,DC=isim,DC=local'
- ConnectorAttribute: Name='distinguishedName', Value(s)='CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local'
- ConnectorAttribute: Name='objectClass', Value(s)='top, person, organizationalPerson, user'
- ConnectorAttribute: Name='PasswordNeverExpires', Value(s)='False'
- ConnectorAttribute: Name='__ENABLE__', Value(s)='True'
- ConnectorAttribute: Name='__LOCK_OUT__', Value(s)='False'
- ConnectorAttribute: Name='__PASSWORD_EXPIRED__', Value(s)='False'
- ConnectorAttribute: Name='__SHORT_NAME__', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='__NAME__', Value(s)='CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local'
- ConnectorAttribute: Name='__UID__', Value(s)='<GUID=a2ef20a6e5edef42838b1434e6d472ce>'
- ConnectorAttribute: Name='mailNickname', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='proxyAddresses', Value(s)='SMTP:aanikeev.i.i2 at isim.local'
- ConnectorAttribute: Name='msExchRecipientDisplayType', Value(s)='1073741824'
- ConnectorAttribute: Name='msExchRecipientTypeDetails', Value(s)='1'
- ConnectorAttribute: Name='homeMDB', Value(s)='CN=Mailbox Database 0360216730,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=IsimMail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=isim,DC=local'

    DateTime=2015-07-02T12:54:28.1043421Z
ExchangeConnector.AccountHandler Verbose: 1 : Object as passed from Exchange connector:  - ConnectorAttribute: Name='sAMAccountName', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='cn', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='displayName', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='mail', Value(s)='aanikeev.i.i2 at isim.local'
- ConnectorAttribute: Name='countryCode', Value(s)='0'
- ConnectorAttribute: Name='uSNChanged', Value(s)='802474'
- ConnectorAttribute: Name='uSNCreated', Value(s)='802465'
- ConnectorAttribute: Name='whenChanged', Value(s)='7/2/2015 6:32:36 AM'
- ConnectorAttribute: Name='whenCreated', Value(s)='7/2/2015 6:31:48 AM'
- ConnectorAttribute: Name='ad_container', Value(s)='OU=Региональный офис,OU=inrights,DC=isim,DC=local'
- ConnectorAttribute: Name='distinguishedName', Value(s)='CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local'
- ConnectorAttribute: Name='objectClass', Value(s)='top, person, organizationalPerson, user'
- ConnectorAttribute: Name='PasswordNeverExpires', Value(s)='False'
- ConnectorAttribute: Name='__ENABLE__', Value(s)='True'
- ConnectorAttribute: Name='__LOCK_OUT__', Value(s)='False'
- ConnectorAttribute: Name='__PASSWORD_EXPIRED__', Value(s)='False'
- ConnectorAttribute: Name='__SHORT_NAME__', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='__NAME__', Value(s)='CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local'
- ConnectorAttribute: Name='__UID__', Value(s)='<GUID=a2ef20a6e5edef42838b1434e6d472ce>'
- ConnectorAttribute: Name='Alias', Value(s)='aanikeev.i.i2'
- ConnectorAttribute: Name='EmailAddresses', Value(s)='SMTP:aanikeev.i.i2 at isim.local'
- ConnectorAttribute: Name='msExchRecipientDisplayType', Value(s)='1073741824'
- ConnectorAttribute: Name='msExchRecipientTypeDetails', Value(s)='1'
- ConnectorAttribute: Name='homeMDB', Value(s)='CN=Mailbox Database 0360216730,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=IsimMail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=isim,DC=local'
- ConnectorAttribute: Name='EmailAddressPolicyEnabled', Value(s)='True'
- ConnectorAttribute: Name='PrimarySmtpAddress', Value(s)='aanikeev.i.i2 at isim.local'
- ConnectorAttribute: Name='RecipientType', Value(s)='UserMailbox'

    DateTime=2015-07-02T12:54:28.1343438Z
ActiveDirectoryConnector Verbose: 1 : Search: found 1 results, took 00:00:02.349
    DateTime=2015-07-02T12:54:28.1343438Z
ExchangeConnector.Api Information: 1 : Exchange.ExecuteQuery method exiting, took 2359 ms

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Thursday, July 2, 2015 3:23 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Error fetching account from Exchange

Thank you. Could you also post here a snippet from ConnectorServer.log file on your AD/Exchange server? Please select parts that are relevant to fetching the object from the server.
I removed connectorconfigauration block and put XML in attachment

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Thursday, July 2, 2015 2:33 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Error fetching account from Exchange

Hello Алексей,

it is quite strange that you've got this exception. It occurs when midPoint gets an attribute in an object that was fetched from a resource (in this case the attribute is homeMDB), but does not have this attribute in resource object schema. It points to a bug in connector or some problem with the metadata (namely, the schema information in resource), or - with a very small probability - some misconfiguration at your side. The bug in connector should not be the reason, because this is a basic functionality of AD/Exchange connector, and it should work.

If you would post here your resource configuration (without passwords etc), we could have a look at that.
Also please indicate the midPoint version - i.e. if it's 3.1.1 or some of 3.2-snapshots.

Best regards,
Pavol
Hello we have achived success to create an account in axchange. But now we have an error
Original ICF name: homeMDB: Error resolving object with oid 'dd1408f0-bb0d-4fff-9e11-fbb544b4cde2': Subresult com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance.fetchObject of operation com.evolveum.midpoint.provisioning.api.ProvisioningService.getObject is still UNKNOWN during cleanup; during handling of exception com.evolveum.midpoint.util.exception.SchemaException: Schema violation during processing shadow: shadow: CN=aanikeev.i.i2,OU=Региональный офис,OU=inrights,DC=isim,DC=local (OID:dd1408f0-bb0d-4fff-9e11-fbb544b4cde2): Unknown attribute {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}homeMDB in definition of object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}AccountObjectClass.Original ICF name: homeMDB
What does it means? And how can we fix it?





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150702/4fc71103/attachment.htm>

More information about the midPoint mailing list