[midPoint] Get attribute value from shadow after creating in Exchange

Ващенков Алексей a.vashchenkov at solarsecurity.ru
Wed Jul 8 14:57:19 CEST 2015 

Attach logs and resource configuration. Connector and midpoint node works on one server but connector server print timestamp in UTC, but Midpoint in Moscow time +3.

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Wednesday, July 8, 2015 2:30 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Get attribute value from shadow after creating in Exchange

Have you checked the idea of multiple domain controllers?

If you want, we can have a look at your problem. But I need the following:
- full model=TRACE & provisioning=TRACE log (of midPoint)
- ConnectorServer.log from the Windows server
- your current configuration (i.e. the Resource object)

The logs should cover the whole "user add" operation.

Regards,
Pavol
As I wrote yesterday I have the inbound mapping, but it doesn’t work. And I can’t understand why.
In logs I can see


2015-07-08 09:20:51,466 TRACE: Skipping inbound for {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}PrimarySmtpAddress in Discr(account (default) on 8790e490-326a-46e9-ba35-9e0c1dcbb41d): Account a priori delta exists, but doesn't have change for processed property.
But this log is printed BEFORE connector starts to work. And I have no logs after connector stop to work

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Wednesday, July 8, 2015 12:00 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Get attribute value from shadow after creating in Exchange

I don't quite understand your question.

Result of connector's work (for CREATE) operation is the UID. It is passed to Connector Framework and it then passes it to midPoint.

If you want to see the newly created object, you have to fetch it explicitly. MidPoint does that as part of inbound processing - well, at least I think so. Logs would say.

And I don't understand what you mean by "after that mailbox doesn't pass to user".

Pavol
Ok.
So how I can get  the result of connector’s work after it ends?
It seems I’ve change some preferences and after that mailbox doesn’t pass to user

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Wednesday, July 8, 2015 11:40 AM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Get attribute value from shadow after creating in Exchange

It returns UID of newly created object.
As I could understand connector doesn’t return any data after operation Add. Is it right or I’m wrong?

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Tuesday, July 7, 2015 5:11 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Get attribute value from shadow after creating in Exchange

Well... this is quite strange. Because the mailbox creation is a synchronous operation, at least as far as I know.

One of the reasons could be that if you have more AD domain controllers, and Exchange host writes the information about the mailbox into one of them, but AD/Exchange connector reads it from another one.

Perhaps you could check if this is not the case.

The solution you've proposed, i.e. introducing a delay in connector processing, is possible.
You could use custom scripts (see my yesterday's mail to Anton on this list) to create an after-create PowerShell script for AccountObjectClass that would sleep for a few seconds.
This would, however, terribly slow down the creation of accounts on your Exchange resource.
I would suggest finding the reason of the weird behavior of delayed mailbox creation.

Best regards,
Pavol
It seems that in moment where connector is finish to work there is no mailbox. But reconciliation the account in couple of seconds return the email. Is it possible to create any delay in connector’s process?

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ващенков Алексей
Sent: Tuesday, July 7, 2015 3:18 PM
To: midPoint General Discussion
Subject: Re: [midPoint] Get attribute value from shadow after creating in Exchange

Here my attribute mapping
<attribute>
   <c:ref>ri:PrimarySmtpAddress</c:ref>
   <displayName>Адрес в Exchange</displayName>
   <exclusiveStrong>false</exclusiveStrong>
   <tolerant>false</tolerant>
   <inbound>
      <name>mail in Exchange</name>
      <authoritative>true</authoritative>
      <exclusive>false</exclusive>
      <strength>normal</strength>
      <target>
         <c:path>$focus/emailAddress</c:path>
      </target>
   </inbound>
</attribute>


From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Tuesday, July 7, 2015 3:11 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Get attribute value from shadow after creating in Exchange

Алексей,

this is done via inbound expression attached to the corresponding attribute - in this case, PrimarySmtpAddress (in case of Exchange connector) or mail (in case of AD connector).

If you're sure your configuration is correct, just post here your log with model=TRACE level.

Best regards,
Pavol
Hi.

I have a simple stupid question. Now we have process, when user created in HR-application. After this user in process of Live Synchronization is imported to Midpoint. And after that account in AD and Exchange are created for this user. And I need to set email, which was created in Exchange,  to user in midpoint. How can I do this? Yesterday it works, but not today.







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint








_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150708/d9527d7e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config_with_log.zip
Type: application/x-zip-compressed
Size: 293065 bytes
Desc: config_with_log.zip
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150708/d9527d7e/attachment.bin>

More information about the midPoint mailing list