[midPoint] - Issue assigning resource to user (Active Directory - LDAP)

Radovan Semancik radovan.semancik at evolveum.com
Tue Aug 30 17:35:55 CEST 2016 

Hi Rodrigo,

Actually, I do not see any base DN specification. What you specify there 
is a DN for new entries. It is not base DN. Base DN is used by LDAP 
searches as a starting point for the search: a node in the DIT tree to 
search from. However, I do not think that your problem is related to 
base DN. It looks like a plain and simple error indicating that the LDAP 
connector haven't found an entry that it was looking for. This may be 
caused by a number of things. Maybe midPoint haven't created the entry. 
Maybe it was created and later deleted. It is almost impossible to tell 
from that single error message.

What you should do is try to troubleshoot the operation. I have just 
expanded our troubleshooting guide. That should lead you through the 
troubleshooting process that we usually use:

https://wiki.evolveum.com/display/midPoint/Troubleshooting+Mappings

Look especially at the "Provisioning Branch" section. I suspect that you 
will find your issue there.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 08/23/2016 10:07 PM, Rodrigo Yanis wrote:
> Hello everyone,
>
> I'm currently having issues with assigning an Active Directory (LDAP) 
> resource to a user. The base resource implemented is the one exposed 
> here: 
> https://github.com/Evolveum/midpoint/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml
>
> It's been configured to our environment's parameters but we haven't 
> customized any of the example's code.
>
> Error I'm getting is the following:
>
>     org.identityconnectors.framework.common.exceptions.UnknownUidException(LDAP
>     error during search in
>     CN=testUser06,ou=Funcionarios,ou=Uninorte,dc=uninorte,dc=local:
>     noSuchObject: 0000208D: NameErr: DSID-03100238, problem 2001
>     (NO_OBJECT), data 0, best match
>     of:??'OU=Funcionarios,OU=Uninorte,DC=uninorte,DC=local'?? (32)):
>     org.identityconnectors.framework.common.exceptions.UnknownUidException(LDAP
>     error during search in
>     CN=testUser06,ou=Funcionarios,ou=Uninorte,dc=uninorte,dc=local:
>     noSuchObject: 0000208D: NameErr: DSID-03100238, problem 2001
>     (NO_OBJECT), data 0, best match
>     of:??'OU=Funcionarios,OU=Uninorte,DC=uninorte,DC=local'?? (32)):
>     org.identityconnectors.framework.common.exceptions.UnknownUidException(LDAP
>     error during search in
>     CN=testUser06,ou=Funcionarios,ou=Uninorte,dc=uninorte,dc=local:
>     noSuchObject: 0000208D: NameErr: DSID-03100238, problem 2001
>     (NO_OBJECT), data 0, best match
>     of:??'OU=Funcionarios,OU=Uninorte,DC=uninorte,DC=local'?? (32)):
>     org.identityconnectors.framework.common.exceptions.UnknownUidException(LDAP
>     error during search in
>     CN=testUser06,ou=Funcionarios,ou=Uninorte,dc=uninorte,dc=local:
>     noSuchObject: 0000208D: NameErr: DSID-03100238, problem 2001
>     (NO_OBJECT), data 0, best match
>     of:??'OU=Funcionarios,OU=Uninorte,DC=uninorte,DC=local'?? (32))
>
>
> The base DN is defined on the following pieces of code:
> Child of schemaHandling/objectType:
>
>     <attribute>
>                 <c:ref>dn</c:ref>
>                 <matchingRule
>     xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule>
>                 <outbound>
>                    <source>
>     <c:path>$focus/name</c:path>
>                    </source>
>                    <expression>
>                       <script>
>                          <code>
>                                     'CN=' + name +
>     ',ou=Funcionarios,ou=Uninorte,dc=uninorte,dc=local'
>                                 </code>
>                       </script>
>                    </expression>
>                 </outbound>
>              </attribute>
>
>
>     <attribute>
>                 <c:ref>ri:dn</c:ref>
>                 <displayName>Distinguished Name</displayName>
>                 <matchingRule
>     xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:distinguishedName</matchingRule>
>                 <outbound>
>                    <source>
>     <c:path>$user/name</c:path>
>                    </source>
>                    <expression>
>                       <script>
>                          <code>
>     'CN=' + name + ',ou=Funcionarios,ou=Uninorte,dc=uninorte,dc=local'
>     </code>
>                       </script>
>                    </expression>
>                 </outbound>
>              </attribute>
>
>
> Do you have any idea why I'm getting this error?
>
> Thanks,
>
> *Rodrigo Yanis.*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4824-9971
> ryanis at identicum.com <mailto:ryanis at identicum.com>
> www.identicum.com <http://www.identicum.com/>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160830/7aaec9aa/attachment.htm>

More information about the midPoint mailing list