[midPoint] Assignment time constraints problem
Ващенков Алексей
a.vashchenkov at solarsecurity.ru
Fri Jul 17 11:36:07 CEST 2015
Pavol.
Where Can I get ConnId: Connector Framework 1.4.2-SNAPSHOT?
I can find this version at githab
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Friday, July 17, 2015 12:06 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Assignment time constraints problem
Hello Oleg,
If there's no outbound mapping, connector should not try to write null PrimarySmtpAddress, am I right?
Yes, I think so.
Please try with the midPoint master branch and let us know if the problem persists.
If persists, please send us the relevant portion of the ConnectorServer.log file, to start with.
Best regards,
Pavol
Hi. We have problems assigning temporary AD membership to users.
We use Exchange connector, and when permanent (no validFrom or validTo) assignment is assigned, everything is all right (we really see that AD user is a member of corresponding AD group).
But, assignments with validFrom in future make no effects - at the time when validFrom comes we see that user is not a member of corresponding AD group.
"Validity scanner" task is runnable every 15 seconds. Seems that it does some calculations, because we see progress "0/1", when "1/1".
In time of these calculations, logs are flood with errors:
...
2015-07-16 14:12:52,153 [UCF] [midPointScheduler_Worker-8] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception org.identityconnectors.framework.impl.api.remote.RemoteWrappedException in connector:77c1ca49-0c76-40d4-a633-ef3f4b2be30f(ICF Org.IdentityConnectors.Exchange.ExchangeConnector v1.4.1.20283 @localhost ICF connector (port 8759)): resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d(Exchange) while updating object identified by ICF UID '<GUID=f536a14e0ff0cc43be613eb07e5d53be>': Remote exception: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchange.Data.SmtpAddress".
org.identityconnectors.framework.impl.api.remote.RemoteWrappedException: Remote exception: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchange.Data.SmtpAddress".
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$17.deserialize(CommonObjectHandlers.java:293) ~[CommonObjectHandlers$17.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154) ~[BinaryObjectDecoder$InternalDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293) ~[BinaryObjectDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:413) ~[BinaryObjectDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:139) ~[MessageHandlers$5.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154) ~[BinaryObjectDecoder$InternalDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293) ~[BinaryObjectDecoder.class:na]
at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:155) ~[RemoteFrameworkConnection.class:na]
at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:95) ~[RemoteOperationInvocationHandler.class:na]
at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) ~[DelegatingTimeoutProxy.class:na]
at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) ~[LoggingProxy.class:na]
at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.update(AbstractConnectorFacade.java:187) ~[AbstractConnectorFacade.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject_aroundBody14(ConnectorInstanceIcfImpl.java:1518) [ConnectorInstanceIcfImpl.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure15.run(ConnectorInstanceIcfImpl.java:1) [ConnectorInstanceIcfImpl$AjcClosure15.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78) [MidpointAspect.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1291) [ConnectorInstanceIcfImpl.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1) [ConnectorInstanceIcfImpl.class:na]
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:579) [ResourceObjectConverter.class:na]
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:471) [ResourceObjectConverter.class:na]
at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:438) [ShadowCache.class:na]
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject_aroundBody10(ProvisioningServiceImpl.java:878) [ProvisioningServiceImpl.class:na]
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure11.run(ProvisioningServiceImpl.java:1) [ProvisioningServiceImpl$AjcClosure11.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68) [MidpointAspect.class:na]
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:839) [ProvisioningServiceImpl.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1166) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1032) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:630) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:282) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:439) [Clockwork.class:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:269) [Clockwork.class:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:191) [Clockwork.class:na]
at com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.recomputeUser(FocusValidityScannerTaskHandler.java:169) [FocusValidityScannerTaskHandler.class:na]
at com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.access$2(FocusValidityScannerTaskHandler.java:162) [FocusValidityScannerTaskHandler.class:na]
at com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler$1.handleObject(FocusValidityScannerTaskHandler.java:154) [FocusValidityScannerTaskHandler$1.class:na]
at com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.processRequest(AbstractSearchIterativeResultHandler.java:274) [AbstractSearchIterativeResultHandler.class:na]
at com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.handle(AbstractSearchIterativeResultHandler.java:146) [AbstractSearchIterativeResultHandler.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache$1.handle(RepositoryCache.java:201) [RepositoryCache$1.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterativeAttempt(SqlRepositoryServiceImpl.java:1813) [SqlRepositoryServiceImpl.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative_aroundBody26(SqlRepositoryServiceImpl.java:1784) [SqlRepositoryServiceImpl.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure27.run(SqlRepositoryServiceImpl.java:1) [SqlRepositoryServiceImpl$AjcClosure27.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58) [MidpointAspect.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative(SqlRepositoryServiceImpl.java:1745) [SqlRepositoryServiceImpl.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative_aroundBody6(RepositoryCache.java:204) [RepositoryCache.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure7.run(RepositoryCache.java:1) [RepositoryCache$AjcClosure7.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58) [MidpointAspect.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative(RepositoryCache.java:192) [RepositoryCache.class:na]
at com.evolveum.midpoint.model.impl.ModelObjectResolver.searchIterative(ModelObjectResolver.java:224) [ModelObjectResolver.class:na]
at com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:162) [AbstractSearchIterativeTaskHandler.class:na]
at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479) [JobExecutor.class:na]
at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:359) [JobExecutor.class:na]
at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:162) [JobExecutor.class:na]
at org.quartz.core.JobRunShell.run(JobRunShell.java:213) [JobRunShell.class:na]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557) [SimpleThreadPool$WorkerThread.class:na]
...
Here is our user mapping:
<attribute>
<c:ref>ri:PrimarySmtpAddress</c:ref>
<displayName>Адрес в Exchange</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>false</tolerant>
<inbound>
<name>Адрес в Exchange</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path>$focus/emailAddress</c:path>
</target>
</inbound>
</attribute>
If there's no outbound mapping, connector should not try to write null PrimarySmtpAddress, am I right?
Our association configuration:
<association>
<c:ref>group</c:ref>
<displayName>AD Group Membership</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>false</tolerant>
<kind>entitlement</kind>
<intent>default</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:member</associationAttribute>
<valueAttribute>icfs:name</valueAttribute>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity>
</association>
Our metarole used for AD membership:
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
oid="e1b56b20-9d09-472a-9ede-8fa19b0c112b"
version="45">
<name>Metarole for account</name>
<metadata>
<createTimestamp>2015-05-06T17:38:28.517+03:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
</metadata>
<inducement>
<construction>
<resourceRef oid="8790e490-326a-46e9-ba35-9e0c1dcbb41d" type="c:ResourceType"><!-- Exchange --></resourceRef>
<kind>account</kind>
<intent>default</intent>
<association>
<c:ref>group</c:ref>
<outbound>
<expression>
<associationFromLink>
<projectionDiscriminator>
<kind>entitlement</kind>
<intent>default</intent>
</projectionDiscriminator>
</associationFromLink>
</expression>
</outbound>
</association>
</construction>
<order>2</order>
</inducement>
</role>
Regards, Oleg Getmansky
P.S.: Same errors occur when the time of validTo comes and user should be expelled from the corresponding AD group
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150717/e86cf4c2/attachment.htm>
More information about the midPoint
mailing list