[midPoint] Can't import LDAP groups, user reconciliation ends with errors (3.4.1)

Pavol Mederly mederly at evolveum.com
Sat Dec 10 16:18:48 CET 2016 

Hello Wojciech,

NPE is an indication of a bug. It would be helpful if you could provide 
the stack trace, so we could (try to) determine what is the cause.

Best regards,

Pavol Mederly
Software developer
evolveum.com

On 10.12.2016 16:10, Wojciech Staszewski wrote:
> Hello,
>
> Something bad happened to my LDAP resource.
> It worked well, I imported all users, some groups, configured synchronization and all task was processed ok.
> But two days ago I saw errors in reconciliation:
>
> "Last error when processing object	SystemException: java.lang.NullPointerException"
>
> O the resource -> Accounts -> Result:
> Failed to reconciliation: java.lang.IllegalStateException: Subresult com.evolveum.midpoint.model.impl.lens.projector.InboundProcessor.processInbound of operation com.evolveum.midpoint.model.impl.lens.projector.Projector.project is still UNKNOWN during cleanup; during handling of exception java.lang.NullPointerException
>
> Since yesterday I'm trying to import other groups from this resource, but every time i got this error:
>
> "No name in new object null as produced by template null in iteration 0, we cannot process an object without a name"
> And the role in Midpoint is created with empty name.
>
> And in error details:
>
> com.evolveum.midpoint.util.exception.NoFocusNameSchemaException: No name in new object null as produced by template null in iteration 0, we cannot process an object without a name
>
> Execute (Model)
> Schema violation during processing shadow: shadow: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx (OID:8c0692d3-3235-4b9d-bd89-da1bc80b3f31): Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx: [remove:uniqueMember: cn=Directory Manager,remove:cn: Accounting Managers,]: objectClassViolation: missing attribute "cn" required by object class "groupOfUniqueNames"? (65))
>
> Ldapsearch on my 389ds shows "cn" attribute in the groups:
>
> # Accounting Managers, Groups, xxx.xx
> dn: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: Accounting Managers
> ou: groups
> description: People who can manage accounting entries
> uniqueMember: cn=Directory Manager
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> Actually I don't know where to find a reason, I reviewed schema, schema handling and synchronization both users and groups, compared them with Evolveum example 389ds resource and see no differences. Any help appreciated.
> Wociech Staszewski
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list