[midPoint] Can't import LDAP groups, user reconciliation ends with errors (3.4.1)

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Sat Dec 10 16:10:30 CET 2016


Something bad happened to my LDAP resource.
It worked well, I imported all users, some groups, configured synchronization and all task was processed ok.
But two days ago I saw errors in reconciliation:

"Last error when processing object	SystemException: java.lang.NullPointerException"

O the resource -> Accounts -> Result:
Failed to reconciliation: java.lang.IllegalStateException: Subresult com.evolveum.midpoint.model.impl.lens.projector.InboundProcessor.processInbound of operation com.evolveum.midpoint.model.impl.lens.projector.Projector.project is still UNKNOWN during cleanup; during handling of exception java.lang.NullPointerException

Since yesterday I'm trying to import other groups from this resource, but every time i got this error:

"No name in new object null as produced by template null in iteration 0, we cannot process an object without a name"
And the role in Midpoint is created with empty name.

And in error details:

com.evolveum.midpoint.util.exception.NoFocusNameSchemaException: No name in new object null as produced by template null in iteration 0, we cannot process an object without a name

Execute (Model) 
Schema violation during processing shadow: shadow: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx (OID:8c0692d3-3235-4b9d-bd89-da1bc80b3f31): Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx: [remove:uniqueMember: cn=Directory Manager,remove:cn: Accounting Managers,]: objectClassViolation: missing attribute "cn" required by object class "groupOfUniqueNames"? (65))

Ldapsearch on my 389ds shows "cn" attribute in the groups:

# Accounting Managers, Groups, xxx.xx
dn: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Actually I don't know where to find a reason, I reviewed schema, schema handling and synchronization both users and groups, compared them with Evolveum example 389ds resource and see no differences. Any help appreciated.
Wociech Staszewski

More information about the midPoint mailing list