[midPoint] Can't import LDAP groups, user reconciliation ends with errors (3.4.1)

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Sat Dec 10 18:19:55 CET 2016


Hi!
I've just found the reason of reconciliation fail.
Accidentaly I removed my Midpoint account (I wanted to remove projection, but I deleted whole acount).
Obviously my LDAP account also disappeared.
I recreated account in LDAP, imported my account back to Midpoint, added administrator role,
but TASKS I made before have no owner now. I deleted them and recreated and now reconciliation works.

Still cannot import groups.
Stack is here ( I don't want to paste it into e-mail because it is quite long):
https://www.skygge.com/1/ldap_group_import_fail.txt

Dnia sobota, 10 grudnia 2016 16:18:48 CET Pavol Mederly pisze:
> Hello Wojciech,
> 
> NPE is an indication of a bug. It would be helpful if you could provide 
> the stack trace, so we could (try to) determine what is the cause.
> 
> Best regards,
> 
> Pavol Mederly
> Software developer
> evolveum.com
> 
> On 10.12.2016 16:10, Wojciech Staszewski wrote:
> > Hello,
> >
> > Something bad happened to my LDAP resource.
> > It worked well, I imported all users, some groups, configured synchronization and all task was processed ok.
> > But two days ago I saw errors in reconciliation:
> >
> > "Last error when processing object	SystemException: java.lang.NullPointerException"
> >
> > O the resource -> Accounts -> Result:
> > Failed to reconciliation: java.lang.IllegalStateException: Subresult com.evolveum.midpoint.model.impl.lens.projector.InboundProcessor.processInbound of operation com.evolveum.midpoint.model.impl.lens.projector.Projector.project is still UNKNOWN during cleanup; during handling of exception java.lang.NullPointerException
> >
> > Since yesterday I'm trying to import other groups from this resource, but every time i got this error:
> >
> > "No name in new object null as produced by template null in iteration 0, we cannot process an object without a name"
> > And the role in Midpoint is created with empty name.
> >
> > And in error details:
> >
> > com.evolveum.midpoint.util.exception.NoFocusNameSchemaException: No name in new object null as produced by template null in iteration 0, we cannot process an object without a name
> >
> > Execute (Model)
> > Schema violation during processing shadow: shadow: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx (OID:8c0692d3-3235-4b9d-bd89-da1bc80b3f31): Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx: [remove:uniqueMember: cn=Directory Manager,remove:cn: Accounting Managers,]: objectClassViolation: missing attribute "cn" required by object class "groupOfUniqueNames"? (65))
> >
> > Ldapsearch on my 389ds shows "cn" attribute in the groups:
> >
> > # Accounting Managers, Groups, xxx.xx
> > dn: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx
> > objectClass: top
> > objectClass: groupOfUniqueNames
> > cn: Accounting Managers
> > ou: groups
> > description: People who can manage accounting entries
> > uniqueMember: cn=Directory Manager
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 2
> > # numEntries: 1
> >
> > Actually I don't know where to find a reason, I reviewed schema, schema handling and synchronization both users and groups, compared them with Evolveum example 389ds resource and see no differences. Any help appreciated.
> > Wociech Staszewski
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 



More information about the midPoint mailing list