[midPoint] Group Synchronisation - Active Directory
Ivan Noris
ivan.noris at evolveum.com
Wed Apr 20 14:02:08 CEST 2016
Martin,
according to this and the previous error, I'd say you are missing
<direction> element.
Also <c:ref>.</c:ref> looks very strange. Was the resource created using
resource wizard?
Please see sample in
samples/resources/ad/ad-resource-groups-medusa-advanced.xml:
<!-- This defines an association between user and groups
he is a member of -->
<association>
<ref>ri:group</ref>
<displayName>AD Group Membership</displayName>
<kind>entitlement</kind>
<intent>group</intent>
* <direction>objectToSubject</direction>*
<associationAttribute>ri:member</associationAttribute>
<valueAttribute>icfs:name</valueAttribute>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity>
</association>
I'm usually not using wizard, but importing samples, so it might be
you've hit bug in wizard...
Ivan
On 04/20/2016 01:33 PM, Martin Herbert wrote:
> Hi Ivan,
>
> Association element definition is below.
>
> <association>
> <c:ref>.</c:ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <kind>entitlement</kind>
> <intent>group</intent>
> <associationAttribute>ri:member</associationAttribute>
> <valueAttribute>icfs:name</valueAttribute>
>
> <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
> </association>
>
> MidPoint version is 3.3 with AD 2012 R2
>
> Thanks
> Martin
>
>
> From: midPoint <midpoint-bounces at lists.evolveum.com
> <mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris
> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>
> Organization: Evolveum, s.r.o.
> Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> Date: Wednesday, 20 April 2016 at 12:30
> To: "midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>"
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> Subject: Re: [midPoint] Group Synchronisation - Active Directory
>
> Hi,
>
> what is the association definition in the resource? (The <association>
> container in schema handling).
>
> Regards,
> Ivan
>
> On 04/20/2016 12:17 PM, Martin Herbert wrote:
>> Hi Guys,
>>
>> Trying to get Group synchronisation working with Active Directory.
>> So far have the group being created without issue, but modifying the
>> group suspends the Live Sync task with the following error.
>>
>> Internal Error: Unknown entitlement direction null in association
>> com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition at 33244c2b
>> in resource:bca287ee-054c-4cd4-b7e5-a1c5db470cea
>>
>> Any ideas what I’m doing wrong?
>>
>> Thanks
>> Martin
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160420/0089203c/attachment.htm>
More information about the midPoint
mailing list