[midPoint] can not import Groups as Roles with Active Directory
Ivan Noris
ivan.noris at evolveum.com
Tue Feb 2 22:34:53 CET 2016
Hi Marco,
have you also set SSL? Do you have (windows machine) CA certificate in
midPoint keystore?
I believe Radovan will also have some thoughts, but these are just in my
mind.
In https://wiki.evolveum.com/pages/viewpage.action?pageId=20709437
(Active Directory Tips&Tricks) I can see the following:
...
"Either install Active Directory Certificate Services (AD CS) or install
server certificate manually:
https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc"
...
Also, although this is unrelated to this problem, please use
|<schema>|
| ||<generationConstraints>|
| ||<generateObjectClass>ri:user</generateObjectClass>|
| ||<generateObjectClass>ri:group</generateObjectClass>|
| ||</generationConstraints>|
|</schema>|
in your resource to *avoid* fetching all LDAP object classes from Active
Directory... This is also in
https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector
but may be interesting.
Ivan
On 02/02/2016 05:09 PM, Marco Benucci wrote:
> I'm trying to configure my AD resource with the connector you have
> specified
>
> ICF.com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v1.4.2.0
> (like the wiki says)
> ----------
> port:636
> baseContext: DC=rete,DC=risorse,DC=mise
> bindDn: CN=idmadminrete2,OU=MISE,DC=rete,DC=risorse,DC=mise
> passwordAttribute: MyPaSsWoRd
> host: <hostname>
> enableAttributesToGetSearchResultsHandler: false
> enableFilteredResultsHandler: false
> enableNormalizingResultsHandler: false
> ---------
> but, with the "save and test connection" on the configuration page of
> the AD resource, i'm recieving this error
>
> * Connector configuration error for the
> resource:3f820c01-1baa-40a8-9f65-27bbd997791e(ldap_ad):
> Configuration error: Unable to bind to LDAP server
> 192.168.123.2:636 <http://192.168.123.2:636> as
> CN=idmadminrete2,OU=MISE,DC=rete,DC=risorse,DC=mise:
> protocolError: PROTOCOL_ERROR: The server will disconnect! (2)
>
>
> The idmadminrete2 user have admin permissions on the AD...
>
> Do you know where i'm wrong?
>
>
> Thanks,
>
> Marco
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160202/d229ff2b/attachment.htm>
More information about the midPoint
mailing list