[midPoint] Assignment time constraints problem
Pavol Mederly
mederly at evolveum.com
Fri Jul 17 11:40:20 CEST 2015
On 17. 7. 2015 11:38, Pavol Mederly wrote:
> Alexej,
>
> please checkout this one: https://github.com/Tirasa/ConnId.git
>
> ... and build locally. It should work.
Or, even better: https://github.com/Evolveum/ConnId
(I'm writing faster than thinking, sorry.)
General they should be equivalent, but please use Evolveum's now.
Pavol
>
> Regards,
> Pavol
>
> On 17. 7. 2015 11:36, Ващенков Алексей wrote:
>>
>> Pavol.
>>
>> Where Can I get ConnId: Connector Framework 1.4.2-SNAPSHOT?
>>
>> I can find this version at githab
>>
>> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
>> Behalf Of *Pavol Mederly
>> *Sent:* Friday, July 17, 2015 12:06 PM
>> *To:* midpoint at lists.evolveum.com
>> *Subject:* Re: [midPoint] Assignment time constraints problem
>>
>> Hello Oleg,
>>
>>
>> If there's no outbound mapping, connector should not try to write
>> null PrimarySmtpAddress, am I right?
>>
>> Yes, I think so.
>>
>> Please try with the midPoint master branch and let us know if the
>> problem persists.
>>
>> If persists, please send us the relevant portion of the
>> ConnectorServer.log file, to start with.
>>
>> Best regards,
>> Pavol
>>
>> Hi. We have problems assigning temporary AD membership to users.
>>
>> We use Exchange connector, and when permanent (no validFrom or
>> validTo) assignment is assigned, everything is all right (we
>> really see that AD user is a member of corresponding AD group).
>>
>> But, assignments with validFrom in future make no effects - at
>> the time when validFrom comes we see that user is not a member of
>> corresponding AD group.
>>
>> "Validity scanner" task is runnable every 15 seconds. Seems that
>> it does some calculations, because we see progress "0/1", when "1/1".
>>
>> In time of these calculations, logs are flood with errors:
>>
>> ...
>>
>> 2015-07-16 14:12:52,153 [UCF] [midPointScheduler_Worker-8] ERROR
>> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF
>> Exception
>> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException
>> in connector:77c1ca49-0c76-40d4-a633-ef3f4b2be30f(ICF
>> Org.IdentityConnectors.Exchange.ExchangeConnector v1.4.1.20283
>> @localhost ICF connector (port 8759)):
>> resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d(Exchange)
>> <resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d%28Exchange%29>
>> while updating object identified by ICF UID
>> '<GUID=f536a14e0ff0cc43be613eb07e5d53be>': Remote exception:
>> Cannot process argument transformation on parameter
>> 'PrimarySmtpAddress'. Cannot convert null to type
>> "Microsoft.Exchange.Data.SmtpAddress".
>>
>> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException:
>> Remote exception: Cannot process argument transformation on
>> parameter 'PrimarySmtpAddress'. Cannot convert null to type
>> "Microsoft.Exchange.Data.SmtpAddress".
>>
>> at
>> org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$17.deserialize(CommonObjectHandlers.java:293)
>> ~[CommonObjectHandlers$17.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154)
>> ~[BinaryObjectDecoder$InternalDecoder.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293)
>> ~[BinaryObjectDecoder.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:413)
>> ~[BinaryObjectDecoder.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:139)
>> ~[MessageHandlers$5.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154)
>> ~[BinaryObjectDecoder$InternalDecoder.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293)
>> ~[BinaryObjectDecoder.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:155)
>> ~[RemoteFrameworkConnection.class:na]
>>
>> at
>> org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:95)
>> ~[RemoteOperationInvocationHandler.class:na]
>>
>> at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> ~[na:1.7.0_79]
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> ~[na:1.7.0_79]
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.7.0_79]
>>
>> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
>>
>> at
>> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
>> ~[DelegatingTimeoutProxy.class:na]
>>
>> at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> ~[na:1.7.0_79]
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> ~[na:1.7.0_79]
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.7.0_79]
>>
>> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
>>
>> at
>> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
>> ~[LoggingProxy.class:na]
>>
>> at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
>>
>> at
>> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.update(AbstractConnectorFacade.java:187)
>> ~[AbstractConnectorFacade.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject_aroundBody14(ConnectorInstanceIcfImpl.java:1518)
>> [ConnectorInstanceIcfImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure15.run(ConnectorInstanceIcfImpl.java:1)
>> [ConnectorInstanceIcfImpl$AjcClosure15.class:na]
>>
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> [JoinPointImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1291)
>> [ConnectorInstanceIcfImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1)
>> [ConnectorInstanceIcfImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:579)
>> [ResourceObjectConverter.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:471)
>> [ResourceObjectConverter.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:438)
>> [ShadowCache.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject_aroundBody10(ProvisioningServiceImpl.java:878)
>> [ProvisioningServiceImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure11.run(ProvisioningServiceImpl.java:1)
>> [ProvisioningServiceImpl$AjcClosure11.class:na]
>>
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> [JoinPointImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:839)
>> [ProvisioningServiceImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1166)
>> [ChangeExecutor.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1032)
>> [ChangeExecutor.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:630)
>> [ChangeExecutor.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:282)
>> [ChangeExecutor.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:439)
>> [Clockwork.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:269)
>> [Clockwork.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:191)
>> [Clockwork.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.recomputeUser(FocusValidityScannerTaskHandler.java:169)
>> [FocusValidityScannerTaskHandler.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.access$2(FocusValidityScannerTaskHandler.java:162)
>> [FocusValidityScannerTaskHandler.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler$1.handleObject(FocusValidityScannerTaskHandler.java:154)
>> [FocusValidityScannerTaskHandler$1.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.processRequest(AbstractSearchIterativeResultHandler.java:274)
>> [AbstractSearchIterativeResultHandler.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.handle(AbstractSearchIterativeResultHandler.java:146)
>> [AbstractSearchIterativeResultHandler.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache$1.handle(RepositoryCache.java:201)
>> [RepositoryCache$1.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterativeAttempt(SqlRepositoryServiceImpl.java:1813)
>> [SqlRepositoryServiceImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative_aroundBody26(SqlRepositoryServiceImpl.java:1784)
>> [SqlRepositoryServiceImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure27.run(SqlRepositoryServiceImpl.java:1)
>> [SqlRepositoryServiceImpl$AjcClosure27.class:na]
>>
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> [JoinPointImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative(SqlRepositoryServiceImpl.java:1745)
>> [SqlRepositoryServiceImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative_aroundBody6(RepositoryCache.java:204)
>> [RepositoryCache.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure7.run(RepositoryCache.java:1)
>> [RepositoryCache$AjcClosure7.class:na]
>>
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> [JoinPointImpl.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58)
>> [MidpointAspect.class:na]
>>
>> at
>> com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative(RepositoryCache.java:192)
>> [RepositoryCache.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.ModelObjectResolver.searchIterative(ModelObjectResolver.java:224)
>> [ModelObjectResolver.class:na]
>>
>> at
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:162)
>> [AbstractSearchIterativeTaskHandler.class:na]
>>
>> at
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
>> [JobExecutor.class:na]
>>
>> at
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:359)
>> [JobExecutor.class:na]
>>
>> at
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:162)
>> [JobExecutor.class:na]
>>
>> at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
>> [JobRunShell.class:na]
>>
>> at
>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
>> [SimpleThreadPool$WorkerThread.class:na]
>>
>> ...
>>
>> Here is our user mapping:
>>
>> <attribute>
>>
>> <c:ref>ri:PrimarySmtpAddress</c:ref>
>>
>> <displayName>Адрес в Exchange</displayName>
>>
>> <exclusiveStrong>false</exclusiveStrong>
>>
>> <tolerant>false</tolerant>
>>
>> <inbound>
>>
>> <name>Адрес в Exchange</name>
>>
>> <authoritative>true</authoritative>
>>
>> <exclusive>false</exclusive>
>>
>> <strength>normal</strength>
>>
>> <target>
>>
>> <c:path>$focus/emailAddress</c:path>
>>
>> </target>
>>
>> </inbound>
>>
>> </attribute>
>>
>> If there's no outbound mapping, connector should not try to write
>> null PrimarySmtpAddress, am I right?
>>
>> Our association configuration:
>>
>> <association>
>>
>> <c:ref>group</c:ref>
>>
>> <displayName>AD Group Membership</displayName>
>>
>> <exclusiveStrong>false</exclusiveStrong>
>>
>> <tolerant>false</tolerant>
>>
>> <kind>entitlement</kind>
>>
>> <intent>default</intent>
>>
>> <direction>objectToSubject</direction>
>>
>> <associationAttribute>ri:member</associationAttribute>
>>
>> <valueAttribute>icfs:name</valueAttribute>
>>
>> <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
>>
>> </association>
>>
>> Our metarole used for AD membership:
>>
>> <role
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>
>>
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>
>>
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>
>>
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>>
>> oid="e1b56b20-9d09-472a-9ede-8fa19b0c112b"
>>
>> version="45">
>>
>> <name>Metarole for account</name>
>>
>> <metadata>
>>
>> <createTimestamp>2015-05-06T17:38:28.517+03:00</createTimestamp>
>>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> type="c:UserType"><!-- administrator --></creatorRef>
>>
>>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>>
>> </metadata>
>>
>> <inducement>
>>
>> <construction>
>>
>> <resourceRef oid="8790e490-326a-46e9-ba35-9e0c1dcbb41d"
>> type="c:ResourceType"><!-- Exchange --></resourceRef>
>>
>> <kind>account</kind>
>>
>> <intent>default</intent>
>>
>> <association>
>>
>> <c:ref>group</c:ref>
>>
>> <outbound>
>>
>> <expression>
>>
>> <associationFromLink>
>>
>> <projectionDiscriminator>
>>
>> <kind>entitlement</kind>
>>
>> <intent>default</intent>
>>
>> </projectionDiscriminator>
>>
>> </associationFromLink>
>>
>> </expression>
>>
>> </outbound>
>>
>> </association>
>>
>> </construction>
>>
>> <order>2</order>
>>
>> </inducement>
>>
>> </role>
>>
>> Regards, Oleg Getmansky
>>
>> P.S.: Same errors occur when the time of validTo comes and user
>> should be expelled from the corresponding AD group
>>
>>
>>
>>
>> _______________________________________________
>>
>> midPoint mailing list
>>
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150717/83901f81/attachment.htm>
More information about the midPoint
mailing list