[midPoint] can not import Groups as Roles with Active Directory

Ivan Noris ivan.noris at evolveum.com
Tue Feb 2 22:34:53 CET 2016


Hi Marco,

have you also set SSL? Do you have (windows machine) CA certificate in
midPoint keystore?

I believe Radovan will also have some thoughts, but these are just in my
mind.

In https://wiki.evolveum.com/pages/viewpage.action?pageId=20709437
(Active Directory Tips&Tricks) I can see the following:

...
"Either install Active Directory Certificate Services (AD CS) or install
server certificate manually:
https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc"
...

Also, although this is unrelated to this problem, please use
|<schema>|
|   ||<generationConstraints>|
|        ||<generateObjectClass>ri:user</generateObjectClass>|
|        ||<generateObjectClass>ri:group</generateObjectClass>|
|    ||</generationConstraints>|
|</schema>|

in your resource to *avoid* fetching all LDAP object classes from Active
Directory... This is also in
https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector
but may be interesting.

Ivan

On 02/02/2016 05:09 PM, Marco Benucci wrote:
> I'm trying to configure my AD resource with the connector you have
> specified
>
> ICF.com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v1.4.2.0
> (like the wiki says)
> ----------
> port:636
> baseContext: DC=rete,DC=risorse,DC=mise
> bindDn: CN=idmadminrete2,OU=MISE,DC=rete,DC=risorse,DC=mise
> passwordAttribute: MyPaSsWoRd
> host: <hostname>
> enableAttributesToGetSearchResultsHandler: false
> enableFilteredResultsHandler: false
> enableNormalizingResultsHandler: false
> ---------
> but, with the "save and test connection" on the configuration page of
> the AD resource,  i'm recieving this error
>
>   * Connector configuration error for the
>     resource:3f820c01-1baa-40a8-9f65-27bbd997791e(ldap_ad):
>     Configuration error: Unable to bind to LDAP server
>     192.168.123.2:636 <http://192.168.123.2:636> as
>     CN=idmadminrete2,OU=MISE,DC=rete,DC=risorse,DC=mise:
>     protocolError: PROTOCOL_ERROR: The server will disconnect! (2)
>
>
> The idmadminrete2 user have admin permissions on the AD...
>
> Do you know where i'm wrong?
>
>
> Thanks,
>
> Marco 
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160202/d229ff2b/attachment.htm>


More information about the midPoint mailing list