[midPoint] Error fetching account from Exchange

Pavol Mederly pavol.mederly at gmail.com
Fri Jul 3 14:24:03 CEST 2015 

The Exchange connector should support entitlements assignment.
(I know of at least two deployments where this works.)

Maybe there's a bug that is manifesting in your case, but I doubt it a bit.

Pavol

> Yes it helps.
>
> As I can see the Exchange connector doesn’t allow to assign 
> entitlements. So we need to use AD connector to assign roles.  And now 
> I puzzle over about combine both of these connectors.
>
> If we will be use exchange connector to create account in AD, than how 
> we will be assign entitlements for this account. And if we will be use 
> AD connector to create an account in AD, then I don’t understand how 
> can I create only exchange account and “link” it with AD account.
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On 
> Behalf Of *Pavol Mederly
> *Sent:* Thursday, July 2, 2015 4:08 PM
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] Error fetching account from Exchange
>
> Absolutely strange. Seems like a bug in the connector.
> Please, upgrade to the latest versions of:
> - Exchange Connector:  1.4.1.20283 
> (https://wiki.evolveum.com/display/midPoint/Exchange+Connector)
> - Connector Server: 1.4.0.84 
> (https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server)
>
> Regards,
> Pavol
>
> On 2. 7. 2015 14:57, Ващенков Алексейwrote:
>
>     ActiveDirectoryConnector Verbose: 1 : Found object
>     LDAP://isim/CN=aanikeev.i.i2,OU=Региональныйофис,OU=inrights,DC=isim,DC=local
>
>     DateTime=2015-07-02T12:54:28.0893413Z
>
>     ActiveDirectoryConnector Verbose: 1 : Unsupported attribute type
>     ... calling ToString (Name: 'whenChanged'(0) Type:
>     'System.DateTime' String Value: '7/2/2015 6:32:36 AM'
>
>     DateTime=2015-07-02T12:54:28.0893413Z
>
>     ActiveDirectoryConnector Verbose: 1 : Unsupported attribute type
>     ... calling ToString (Name: 'whenCreated'(0) Type:
>     'System.DateTime' String Value: '7/2/2015 6:31:48 AM'
>
>     DateTime=2015-07-02T12:54:28.0893413Z
>
>     ActiveDirectoryConnector.Api Verbose: 1 : Returning
>     ''LDAP://isim/CN=aanikeev.i.i2,OU=Региональныйофис,OU=inrights,DC=isim,DC=local'',
>     in 6 ms
>
>     DateTime=2015-07-02T12:54:28.0953416Z
>
>     ExchangeConnector.AccountHandler Verbose: 1 : Object returned from
>     AD connector:  - ConnectorAttribute: Name='sAMAccountName',
>     Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='cn', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='displayName', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='mail',
>     Value(s)='aanikeev.i.i2 at isim.local <mailto:aanikeev.i.i2 at isim.local>'
>
>     - ConnectorAttribute: Name='countryCode', Value(s)='0'
>
>     - ConnectorAttribute: Name='uSNChanged', Value(s)='802474'
>
>     - ConnectorAttribute: Name='uSNCreated', Value(s)='802465'
>
>     - ConnectorAttribute: Name='whenChanged', Value(s)='7/2/2015
>     6:32:36 AM'
>
>     - ConnectorAttribute: Name='whenCreated', Value(s)='7/2/2015
>     6:31:48 AM'
>
>     - ConnectorAttribute: Name='ad_container',
>     Value(s)='OU=Региональныйофис,OU=inrights,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='distinguishedName',
>     Value(s)='CN=aanikeev.i.i2,OU=Региональныйофис,OU=inrights,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='objectClass', Value(s)='top, person,
>     organizationalPerson, user'
>
>     - ConnectorAttribute: Name='PasswordNeverExpires', Value(s)='False'
>
>     - ConnectorAttribute: Name='__ENABLE__', Value(s)='True'
>
>     - ConnectorAttribute: Name='__LOCK_OUT__', Value(s)='False'
>
>     - ConnectorAttribute: Name='__PASSWORD_EXPIRED__', Value(s)='False'
>
>     - ConnectorAttribute: Name='__SHORT_NAME__', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='__NAME__',
>     Value(s)='CN=aanikeev.i.i2,OU=Региональныйофис,OU=inrights,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='__UID__',
>     Value(s)='<GUID=a2ef20a6e5edef42838b1434e6d472ce>'
>
>     - ConnectorAttribute: Name='mailNickname', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='proxyAddresses',
>     Value(s)='SMTP:aanikeev.i.i2 at isim.local'
>
>     - ConnectorAttribute: Name='msExchRecipientDisplayType',
>     Value(s)='1073741824'
>
>     - ConnectorAttribute: Name='msExchRecipientTypeDetails', Value(s)='1'
>
>     - ConnectorAttribute: Name='homeMDB', Value(s)='CN=Mailbox
>     Database 0360216730,CN=Databases,CN=Exchange Administrative Group
>     (FYDIBOHF23SPDLT),CN=Administrative
>     Groups,CN=IsimMail,CN=Microsoft
>     Exchange,CN=Services,CN=Configuration,DC=isim,DC=local'
>
>     DateTime=2015-07-02T12:54:28.1043421Z
>
>     ExchangeConnector.AccountHandler Verbose: 1 : Object as passed
>     from Exchange connector:  - ConnectorAttribute:
>     Name='sAMAccountName', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='cn', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='displayName', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='mail',
>     Value(s)='aanikeev.i.i2 at isim.local <mailto:aanikeev.i.i2 at isim.local>'
>
>     - ConnectorAttribute: Name='countryCode', Value(s)='0'
>
>     - ConnectorAttribute: Name='uSNChanged', Value(s)='802474'
>
>     - ConnectorAttribute: Name='uSNCreated', Value(s)='802465'
>
>     - ConnectorAttribute: Name='whenChanged', Value(s)='7/2/2015
>     6:32:36 AM'
>
>     - ConnectorAttribute: Name='whenCreated', Value(s)='7/2/2015
>     6:31:48 AM'
>
>     - ConnectorAttribute: Name='ad_container',
>     Value(s)='OU=Региональныйофис,OU=inrights,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='distinguishedName',
>     Value(s)='CN=aanikeev.i.i2,OU=Региональныйофис,OU=inrights,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='objectClass', Value(s)='top, person,
>     organizationalPerson, user'
>
>     - ConnectorAttribute: Name='PasswordNeverExpires', Value(s)='False'
>
>     - ConnectorAttribute: Name='__ENABLE__', Value(s)='True'
>
>     - ConnectorAttribute: Name='__LOCK_OUT__', Value(s)='False'
>
>     - ConnectorAttribute: Name='__PASSWORD_EXPIRED__', Value(s)='False'
>
>     - ConnectorAttribute: Name='__SHORT_NAME__', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='__NAME__',
>     Value(s)='CN=aanikeev.i.i2,OU=Региональныйофис,OU=inrights,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='__UID__',
>     Value(s)='<GUID=a2ef20a6e5edef42838b1434e6d472ce>'
>
>     - ConnectorAttribute: Name='Alias', Value(s)='aanikeev.i.i2'
>
>     - ConnectorAttribute: Name='EmailAddresses',
>     Value(s)='SMTP:aanikeev.i.i2 at isim.local'
>
>     - ConnectorAttribute: Name='msExchRecipientDisplayType',
>     Value(s)='1073741824'
>
>     - ConnectorAttribute: Name='msExchRecipientTypeDetails', Value(s)='1'
>
>     - ConnectorAttribute: Name='homeMDB', Value(s)='CN=Mailbox
>     Database 0360216730,CN=Databases,CN=Exchange Administrative Group
>     (FYDIBOHF23SPDLT),CN=Administrative
>     Groups,CN=IsimMail,CN=Microsoft
>     Exchange,CN=Services,CN=Configuration,DC=isim,DC=local'
>
>     - ConnectorAttribute: Name='EmailAddressPolicyEnabled',
>     Value(s)='True'
>
>     - ConnectorAttribute: Name='PrimarySmtpAddress',
>     Value(s)='aanikeev.i.i2 at isim.local <mailto:aanikeev.i.i2 at isim.local>'
>
>     - ConnectorAttribute: Name='RecipientType', Value(s)='UserMailbox'
>
>     DateTime=2015-07-02T12:54:28.1343438Z
>
>     ActiveDirectoryConnector Verbose: 1 : Search: found 1 results,
>     took 00:00:02.349
>
>     DateTime=2015-07-02T12:54:28.1343438Z
>
>     ExchangeConnector.Api Information: 1 : Exchange.ExecuteQuery
>     method exiting, took 2359 ms
>
>     *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
>     Behalf Of *Pavol Mederly
>     *Sent:* Thursday, July 2, 2015 3:23 PM
>     *To:* midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>     *Subject:* Re: [midPoint] Error fetching account from Exchange
>
>     Thank you. Could you also post here a snippet from
>     ConnectorServer.log file on your AD/Exchange server? Please select
>     parts that are relevant to fetching the object from the server.
>
>         I removed connectorconfigauration block and put XML in attachment
>
>         *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com]
>         *On Behalf Of *Pavol Mederly
>         *Sent:* Thursday, July 2, 2015 2:33 PM
>         *To:* midpoint at lists.evolveum.com
>         <mailto:midpoint at lists.evolveum.com>
>         *Subject:* Re: [midPoint] Error fetching account from Exchange
>
>         Hello Алексей,
>
>         it is quite strange that you've got this exception. It occurs
>         when midPoint gets an attribute in an object that was fetched
>         from a resource (in this case the attribute is homeMDB), but
>         does not have this attribute in resource object schema. It
>         points to a bug in connector or some problem with the metadata
>         (namely, the schema information in resource), or - with a very
>         small probability - some misconfiguration at your side. The
>         bug in connector should not be the reason, because this is a
>         basic functionality of AD/Exchange connector, and it should work.
>
>         If you would post here your resource configuration (without
>         passwords etc), we could have a look at that.
>         Also please indicate the midPoint version - i.e. if it's 3.1.1
>         or some of 3.2-snapshots.
>
>         Best regards,
>         Pavol
>
>             Hello we have achived success to create an account in
>             axchange. But now we have an error
>
>             Original ICF name: homeMDB: Error resolving object with
>             oid 'dd1408f0-bb0d-4fff-9e11-fbb544b4cde2': Subresult
>             com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance.fetchObject
>             of operation
>             com.evolveum.midpoint.provisioning.api.ProvisioningService.getObject
>             is still UNKNOWN during cleanup; during handling of
>             exception
>             com.evolveum.midpoint.util.exception.SchemaException:
>             Schema violation during processing shadow: shadow:
>             CN=aanikeev.i.i2,OU=Региональный
>             офис,OU=inrights,DC=isim,DC=local
>             (OID:dd1408f0-bb0d-4fff-9e11-fbb544b4cde2): Unknown
>             attribute
>             {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}homeMDB
>             in definition of object class
>             {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}AccountObjectClass.Original
>             ICF name: homeMDB
>
>             What does it means? And how can we fix it?
>
>
>
>
>
>
>             _______________________________________________
>
>             midPoint mailing list
>
>             midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>             http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150703/b350dc7c/attachment.htm>

More information about the midPoint mailing list