[midPoint] can not import Groups as Roles with Active Directory

Radovan Semancik radovan.semancik at evolveum.com
Tue Feb 2 12:43:40 CET 2016


Yes. I have just realized that. And I have changed the text in wiki a bit.

Actually quite recently we had much more testing of the LDAP-based AD 
connector. That are also some fixes related to SSL, scalability, big AD 
groups and handling of connection reset and close events. Some of these 
go quite deep into Apache Mina library and we also needed to add a small 
extension of the ConnId framework. So bringing all the changes to the 
connector and midPoint is a bit tricky dependency release/versioning 
work. I'm just in process of doing that and porting the fixes to 
midpoint 3.3 support branch and these will be part of the planned 
midPoint 3.3.1 maintenance release. That's the stage where the 
"experimental" status of LDAP-based AD connector will be dropped if all 
goes well.

Therefore if you are starting a new project the new LDAP-based connector 
is much better way forward.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 02/02/2016 12:01 PM, Marco Benucci wrote:
> OK,
>
> we saw that the LDAP connector is marked in red as Experimental and 
> that was sufficently scary for us to avoid this.
> I'll give it a try.
>
> Thank you all.
>
> 2016-02-02 11:01 GMT+01:00 Marco Benucci <benucci.marco92 at gmail.com 
> <mailto:benucci.marco92 at gmail.com>>:
>
>     Hi,
>
>     thank you for your support.
>     BTW, the task "importing account" does not seem to work, because
>     it starts and then it stay with 0 object processed for all the
>     time (i've waited more ore less 30mins).
>
>     The one-time recon task, instead, runs, but forall of my roles the
>     process fail with
>
>     "SystemException: Generic error in the connector. Can't process
>     shadow shadow:<NameOfGroup> (OID:<OidOfTheRelativeGroupShadow>)".
>
>     Their situation on the shadow detail is "unmatched", but they are
>     displayed under the role tab anyway.
>
>     I'm using the
>     .Net Connector server, version 1.4.0.76 (the stable one).
>     the connector is
>     ICF
>     Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector
>     v1.4.1.20257
>
>
>     Thank you,
>
>     Marco
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160202/aed10c6d/attachment.htm>


More information about the midPoint mailing list