[midPoint] Assignment time constraints problem
Ващенков Алексей
a.vashchenkov at solarsecurity.ru
Fri Jul 17 16:24:09 CEST 2015
No, Just couple of Types we added (for HRStatus and RequestType). I ask Oleg to get the logs and send in to you.
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Friday, July 17, 2015 5:20 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Assignment time constraints problem
On 17. 7. 2015 16:09, Ващенков Алексей wrote:
Is really looks like a quest.
To make a partial migration from our 3.1.1 to yours 3.2 ☺ But I did it.
Hmmm... just BTW, are there many changes in your version compared to "plain" midPoint?
And now I have an Exception which was described by Oleg.
This is sad. Seems that the volatility=unpredictable does not work as expected, or there is a configuration problem at your side. (I suspect the first.)
Please, could you repeat the operation with logs set to MODEL=TRACE and PROVISIONING=TRACE? (Please make sure that the default loggers for Projector and Clockwork are either deleted or set to TRACE as well.)
Oleg already sent me relevant parts of the configuration - I hope it will suffice to diagnose the problem.
Best regards,
Pavol
com.evolveum.midpoint.provisioning.api.GenericConnectorException: Generic error in connector connector ConnectorInstanceIcfImpl(connector:cba5c52b-1ca0-4239-9526-2bccf6d99e24(ICF Org.IdentityConnectors.Exchange.ExchangeConnector v1.4.1.20283 @localhost ICF connector (port 8759))): org.identityconnectors.framework.common.exceptions.ConnectorException(Remote exception: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchange.Data.SmtpAddress".
)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Remote exception: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchange.Data.SmtpAddress".
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Friday, July 17, 2015 1:08 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Assignment time constraints problem
Hmmmmm. Strange.
When comparing https://github.com/Evolveum/ConnId/blob/master/java/pom.xml and https://github.com/Tirasa/ConnId/blob/master/java/pom.xml I see that both contain
<version>1.4.2.0-SNAPSHOT</version>
Pavol
In https://github.com/Tirasa/ConnId.git I couldn’t find 1.4.2 but in https://github.com/Evolveum/ConnId it is.
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Friday, July 17, 2015 12:40 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Assignment time constraints problem
On 17. 7. 2015 11:38, Pavol Mederly wrote:
Alexej,
please checkout this one: https://github.com/Tirasa/ConnId.git
... and build locally. It should work.
Or, even better: https://github.com/Evolveum/ConnId
(I'm writing faster than thinking, sorry.)
General they should be equivalent, but please use Evolveum's now.
Pavol
Regards,
Pavol
On 17. 7. 2015 11:36, Ващенков Алексей wrote:
Pavol.
Where Can I get ConnId: Connector Framework 1.4.2-SNAPSHOT?
I can find this version at githab
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Friday, July 17, 2015 12:06 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Assignment time constraints problem
Hello Oleg,
If there's no outbound mapping, connector should not try to write null PrimarySmtpAddress, am I right?
Yes, I think so.
Please try with the midPoint master branch and let us know if the problem persists.
If persists, please send us the relevant portion of the ConnectorServer.log file, to start with.
Best regards,
Pavol
Hi. We have problems assigning temporary AD membership to users.
We use Exchange connector, and when permanent (no validFrom or validTo) assignment is assigned, everything is all right (we really see that AD user is a member of corresponding AD group).
But, assignments with validFrom in future make no effects - at the time when validFrom comes we see that user is not a member of corresponding AD group.
"Validity scanner" task is runnable every 15 seconds. Seems that it does some calculations, because we see progress "0/1", when "1/1".
In time of these calculations, logs are flood with errors:
...
2015-07-16 14:12:52,153 [UCF] [midPointScheduler_Worker-8] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception org.identityconnectors.framework.impl.api.remote.RemoteWrappedException in connector:77c1ca49-0c76-40d4-a633-ef3f4b2be30f(ICF Org.IdentityConnectors.Exchange.ExchangeConnector v1.4.1.20283 @localhost ICF connector (port 8759)): resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d(Exchange)<resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d%28Exchange%29> while updating object identified by ICF UID '<GUID=f536a14e0ff0cc43be613eb07e5d53be>': Remote exception: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchange.Data.SmtpAddress".
org.identityconnectors.framework.impl.api.remote.RemoteWrappedException: Remote exception: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Cannot convert null to type "Microsoft.Exchange.Data.SmtpAddress".
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$17.deserialize(CommonObjectHandlers.java:293) ~[CommonObjectHandlers$17.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154) ~[BinaryObjectDecoder$InternalDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293) ~[BinaryObjectDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:413) ~[BinaryObjectDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:139) ~[MessageHandlers$5.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:154) ~[BinaryObjectDecoder$InternalDecoder.class:na]
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:293) ~[BinaryObjectDecoder.class:na]
at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:155) ~[RemoteFrameworkConnection.class:na]
at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:95) ~[RemoteOperationInvocationHandler.class:na]
at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) ~[DelegatingTimeoutProxy.class:na]
at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) ~[LoggingProxy.class:na]
at com.sun.proxy.$Proxy188.update(Unknown Source) ~[na:na]
at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.update(AbstractConnectorFacade.java:187) ~[AbstractConnectorFacade.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject_aroundBody14(ConnectorInstanceIcfImpl.java:1518) [ConnectorInstanceIcfImpl.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure15.run(ConnectorInstanceIcfImpl.java:1) [ConnectorInstanceIcfImpl$AjcClosure15.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78) [MidpointAspect.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1291) [ConnectorInstanceIcfImpl.class:na]
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1) [ConnectorInstanceIcfImpl.class:na]
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:579) [ResourceObjectConverter.class:na]
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:471) [ResourceObjectConverter.class:na]
at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:438) [ShadowCache.class:na]
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject_aroundBody10(ProvisioningServiceImpl.java:878) [ProvisioningServiceImpl.class:na]
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure11.run(ProvisioningServiceImpl.java:1) [ProvisioningServiceImpl$AjcClosure11.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68) [MidpointAspect.class:na]
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:839) [ProvisioningServiceImpl.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1166) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1032) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:630) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:282) [ChangeExecutor.class:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:439) [Clockwork.class:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:269) [Clockwork.class:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:191) [Clockwork.class:na]
at com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.recomputeUser(FocusValidityScannerTaskHandler.java:169) [FocusValidityScannerTaskHandler.class:na]
at com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler.access$2(FocusValidityScannerTaskHandler.java:162) [FocusValidityScannerTaskHandler.class:na]
at com.evolveum.midpoint.model.impl.sync.FocusValidityScannerTaskHandler$1.handleObject(FocusValidityScannerTaskHandler.java:154) [FocusValidityScannerTaskHandler$1.class:na]
at com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.processRequest(AbstractSearchIterativeResultHandler.java:274) [AbstractSearchIterativeResultHandler.class:na]
at com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler.handle(AbstractSearchIterativeResultHandler.java:146) [AbstractSearchIterativeResultHandler.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache$1.handle(RepositoryCache.java:201) [RepositoryCache$1.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterativeAttempt(SqlRepositoryServiceImpl.java:1813) [SqlRepositoryServiceImpl.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative_aroundBody26(SqlRepositoryServiceImpl.java:1784) [SqlRepositoryServiceImpl.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure27.run(SqlRepositoryServiceImpl.java:1) [SqlRepositoryServiceImpl$AjcClosure27.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58) [MidpointAspect.class:na]
at com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.searchObjectsIterative(SqlRepositoryServiceImpl.java:1745) [SqlRepositoryServiceImpl.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative_aroundBody6(RepositoryCache.java:204) [RepositoryCache.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure7.run(RepositoryCache.java:1) [RepositoryCache$AjcClosure7.class:na]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [JoinPointImpl.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [MidpointAspect.class:na]
at com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:58) [MidpointAspect.class:na]
at com.evolveum.midpoint.repo.cache.RepositoryCache.searchObjectsIterative(RepositoryCache.java:192) [RepositoryCache.class:na]
at com.evolveum.midpoint.model.impl.ModelObjectResolver.searchIterative(ModelObjectResolver.java:224) [ModelObjectResolver.class:na]
at com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:162) [AbstractSearchIterativeTaskHandler.class:na]
at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479) [JobExecutor.class:na]
at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:359) [JobExecutor.class:na]
at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:162) [JobExecutor.class:na]
at org.quartz.core.JobRunShell.run(JobRunShell.java:213) [JobRunShell.class:na]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557) [SimpleThreadPool$WorkerThread.class:na]
...
Here is our user mapping:
<attribute>
<c:ref>ri:PrimarySmtpAddress</c:ref>
<displayName>Адрес в Exchange</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>false</tolerant>
<inbound>
<name>Адрес в Exchange</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path>$focus/emailAddress</c:path>
</target>
</inbound>
</attribute>
If there's no outbound mapping, connector should not try to write null PrimarySmtpAddress, am I right?
Our association configuration:
<association>
<c:ref>group</c:ref>
<displayName>AD Group Membership</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>false</tolerant>
<kind>entitlement</kind>
<intent>default</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:member</associationAttribute>
<valueAttribute>icfs:name</valueAttribute>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity>
</association>
Our metarole used for AD membership:
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
oid="e1b56b20-9d09-472a-9ede-8fa19b0c112b"
version="45">
<name>Metarole for account</name>
<metadata>
<createTimestamp>2015-05-06T17:38:28.517+03:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
</metadata>
<inducement>
<construction>
<resourceRef oid="8790e490-326a-46e9-ba35-9e0c1dcbb41d" type="c:ResourceType"><!-- Exchange --></resourceRef>
<kind>account</kind>
<intent>default</intent>
<association>
<c:ref>group</c:ref>
<outbound>
<expression>
<associationFromLink>
<projectionDiscriminator>
<kind>entitlement</kind>
<intent>default</intent>
</projectionDiscriminator>
</associationFromLink>
</expression>
</outbound>
</association>
</construction>
<order>2</order>
</inducement>
</role>
Regards, Oleg Getmansky
P.S.: Same errors occur when the time of validTo comes and user should be expelled from the corresponding AD group
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150717/94c3d78e/attachment.htm>
More information about the midPoint
mailing list