[midPoint] Assignment time constraints problem
Pavol Mederly
mederly at evolveum.com
Fri Jul 17 11:38:09 CEST 2015
Alexej,
please checkout this one: https://github.com/Tirasa/ConnId.git
... and build locally. It should work.
Regards,
Pavol
On 17. 7. 2015 11:36, Ващенков Алексей wrote:
>
> Pavol.
>
> Where Can I get ConnId: Connector Framework 1.4.2-SNAPSHOT?
>
> I can find this version at githab
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
> Behalf Of *Pavol Mederly
> *Sent:* Friday, July 17, 2015 12:06 PM
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] Assignment time constraints problem
>
> Hello Oleg,
>
>
> If there's no outbound mapping, connector should not try to write
> null PrimarySmtpAddress, am I right?
>
> Yes, I think so.
>
> Please try with the midPoint master branch and let us know if the
> problem persists.
>
> If persists, please send us the relevant portion of the
> ConnectorServer.log file, to start with.
>
> Best regards,
> Pavol
>
> Hi. We have problems assigning temporary AD membership to users.
>
> We use Exchange connector, and when permanent (no validFrom or
> validTo) assignment is assigned, everything is all right (we
> really see that AD user is a member of corresponding AD group).
>
> But, assignments with validFrom in future make no effects - at the
> time when validFrom comes we see that user is not a member of
> corresponding AD group.
>
> "Validity scanner" task is runnable every 15 seconds. Seems that
> it does some calculations, because we see progress "0/1", when "1/1".
>
> In time of these calculations, logs are flood with errors:
>
> ...
>
> 2015-07-16 14:12:52,153 [UCF] [midPointScheduler_Worker-8] ERROR
> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF
> Exception
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException
> in connector:77c1ca49-0c76-40d4-a633-ef3f4b2be30f(ICF
> Org.IdentityConnectors.Exchange.ExchangeConnector v1.4.1.20283
> @localhost ICF connector (port 8759)):
> resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d(Exchange)
> <resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d%28Exchange%29>
> while updating object identified by ICF UID
> '<GUID=f536a14e0ff0cc43be613eb07e5d53be>': Remote exception:
> Cannot process argument transformation on parameter
> 'PrimarySmtpAddress'. Cannot convert null to type
> "Microsoft.Exchange.Data.SmtpAddress".
>
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException:
> Remote exception: Cannot process argument transformation on
> parameter 'PrimarySmtpAddress'. Cannot convert null to type
> "Microsoft.Exchange.Data.SmtpAddress".
>
> at
> org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$17.deserialize(CommonObjectHandlers.java:293)
> ~[CommonObjectHandlers$17.class:na]
>
> at
> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154)
> ~[BinaryObjectDecoder$InternalDecoder.class:na]
>
> at
> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293)
> ~[BinaryObjectDecoder.class:na]
>
> at
> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:413)
> ~[BinaryObjectDecoder.class:na]
>
> at
> org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:139)
> ~[MessageHandlers$5.class:na]
>
> at
> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154)
> ~[BinaryObjectDecoder$InternalDecoder.class:na]
>
> at
> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293)
> ~[BinaryObjectDecoder.class:na]
>
> at
> org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:155)
> ~[RemoteFrameworkConnection.class:na]
>
> at
> org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:95)
> ~[RemoteOperationInvocationHandler.class:na]
>
> at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_79]
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_79]
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_79]
>
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
>
> at
> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
> ~[DelegatingTimeoutProxy.class:na]
>
> at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_79]
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_79]
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_79]
>
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
>
> at
> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
> ~[LoggingProxy.class:na]
>
> at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
>
> at
> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.update(AbstractConnectorFacade.java:187)
> ~[AbstractConnectorFacade.class:na]
>
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject_aroundBody14(ConnectorInstanceIcfImpl.java:1518)
> [ConnectorInstanceIcfImpl.class:na]
>
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure15.run(ConnectorInstanceIcfImpl.java:1)
> [ConnectorInstanceIcfImpl$AjcClosure15.class:na]
>
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [JoinPointImpl.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1291)
> [ConnectorInstanceIcfImpl.class:na]
>
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1)
> [ConnectorInstanceIcfImpl.class:na]
>
> at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:579)
> [ResourceObjectConverter.class:na]
>
> at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:471)
> [ResourceObjectConverter.class:na]
>
> at
> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:438)
> [ShadowCache.class:na]
>
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject_aroundBody10(ProvisioningServiceImpl.java:878)
> [ProvisioningServiceImpl.class:na]
>
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure11.run(ProvisioningServiceImpl.java:1)
> [ProvisioningServiceImpl$AjcClosure11.class:na]
>
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [JoinPointImpl.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:839)
> [ProvisioningServiceImpl.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1166)
> [ChangeExecutor.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1032)
> [ChangeExecutor.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:630)
> [ChangeExecutor.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:282)
> [ChangeExecutor.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:439)
> [Clockwork.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:269)
> [Clockwork.class:na]
>
> at
> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:191)
> [Clockwork.class:na]
>
> at
> com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.recomputeUser(FocusValidityScannerTaskHandler.java:169)
> [FocusValidityScannerTaskHandler.class:na]
>
> at
> com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.access$2(FocusValidityScannerTaskHandler.java:162)
> [FocusValidityScannerTaskHandler.class:na]
>
> at
> com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler$1.handleObject(FocusValidityScannerTaskHandler.java:154)
> [FocusValidityScannerTaskHandler$1.class:na]
>
> at
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.processRequest(AbstractSearchIterativeResultHandler.java:274)
> [AbstractSearchIterativeResultHandler.class:na]
>
> at
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.handle(AbstractSearchIterativeResultHandler.java:146)
> [AbstractSearchIterativeResultHandler.class:na]
>
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache$1.handle(RepositoryCache.java:201)
> [RepositoryCache$1.class:na]
>
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterativeAttempt(SqlRepositoryServiceImpl.java:1813)
> [SqlRepositoryServiceImpl.class:na]
>
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative_aroundBody26(SqlRepositoryServiceImpl.java:1784)
> [SqlRepositoryServiceImpl.class:na]
>
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure27.run(SqlRepositoryServiceImpl.java:1)
> [SqlRepositoryServiceImpl$AjcClosure27.class:na]
>
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [JoinPointImpl.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative(SqlRepositoryServiceImpl.java:1745)
> [SqlRepositoryServiceImpl.class:na]
>
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative_aroundBody6(RepositoryCache.java:204)
> [RepositoryCache.class:na]
>
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure7.run(RepositoryCache.java:1)
> [RepositoryCache$AjcClosure7.class:na]
>
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> [JoinPointImpl.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58)
> [MidpointAspect.class:na]
>
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative(RepositoryCache.java:192)
> [RepositoryCache.class:na]
>
> at
> com.evolveum.midpoint.model.impl.ModelObjectResolver.searchIterative(ModelObjectResolver.java:224)
> [ModelObjectResolver.class:na]
>
> at
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:162)
> [AbstractSearchIterativeTaskHandler.class:na]
>
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
> [JobExecutor.class:na]
>
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:359)
> [JobExecutor.class:na]
>
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:162)
> [JobExecutor.class:na]
>
> at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
> [JobRunShell.class:na]
>
> at
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
> [SimpleThreadPool$WorkerThread.class:na]
>
> ...
>
> Here is our user mapping:
>
> <attribute>
>
> <c:ref>ri:PrimarySmtpAddress</c:ref>
>
> <displayName>Адрес в Exchange</displayName>
>
> <exclusiveStrong>false</exclusiveStrong>
>
> <tolerant>false</tolerant>
>
> <inbound>
>
> <name>Адрес в Exchange</name>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
> <target>
>
> <c:path>$focus/emailAddress</c:path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> If there's no outbound mapping, connector should not try to write
> null PrimarySmtpAddress, am I right?
>
> Our association configuration:
>
> <association>
>
> <c:ref>group</c:ref>
>
> <displayName>AD Group Membership</displayName>
>
> <exclusiveStrong>false</exclusiveStrong>
>
> <tolerant>false</tolerant>
>
> <kind>entitlement</kind>
>
> <intent>default</intent>
>
> <direction>objectToSubject</direction>
>
> <associationAttribute>ri:member</associationAttribute>
>
> <valueAttribute>icfs:name</valueAttribute>
>
> <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
>
> </association>
>
> Our metarole used for AD membership:
>
> <role
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>
>
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
>
>
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3>
>
>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>
> oid="e1b56b20-9d09-472a-9ede-8fa19b0c112b"
>
> version="45">
>
> <name>Metarole for account</name>
>
> <metadata>
>
> <createTimestamp>2015-05-06T17:38:28.517+03:00</createTimestamp>
>
> <creatorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"><!-- administrator --></creatorRef>
>
>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>
> </metadata>
>
> <inducement>
>
> <construction>
>
> <resourceRef oid="8790e490-326a-46e9-ba35-9e0c1dcbb41d"
> type="c:ResourceType"><!-- Exchange --></resourceRef>
>
> <kind>account</kind>
>
> <intent>default</intent>
>
> <association>
>
> <c:ref>group</c:ref>
>
> <outbound>
>
> <expression>
>
> <associationFromLink>
>
> <projectionDiscriminator>
>
> <kind>entitlement</kind>
>
> <intent>default</intent>
>
> </projectionDiscriminator>
>
> </associationFromLink>
>
> </expression>
>
> </outbound>
>
> </association>
>
> </construction>
>
> <order>2</order>
>
> </inducement>
>
> </role>
>
> Regards, Oleg Getmansky
>
> P.S.: Same errors occur when the time of validTo comes and user
> should be expelled from the corresponding AD group
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150717/46473d17/attachment.htm>
More information about the midPoint
mailing list