[midPoint] LDAP connector 1.4.3 was not found

Gruber, Michael MICHAEL.GRUBER at wwk.de
Wed Jun 29 15:35:16 CEST 2016


Hi,

Maybe it is caused by cn. Log shows
cn= LDAP Test
but in cn part of dn ther is a dot cn=ldap.test

{Name=__NAME__, Value=[cn=ldap.test,ou=Employees DC,ou=Tahzoo,dc=na1,dc=tahzooint,dc=com
{Name=cn, Value=[LDAP Test]}


It should not be necessary to add cn explicitly since it is already in dn.


Regards, michael





Von: midPoint [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Ivan Noris
Gesendet: Mittwoch, 29. Juni 2016 15:25
An: midpoint at lists.evolveum.com
Betreff: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

please add trace logging for com.evolveum.polygon.connector.ldap

Troubleshooting AD is not always easy, you can see how cryptic the error messages returned from AD are.
What value are you setting to objectCategory? I see that sample with

                        <attribute>
                                <ref>ri:objectCategory</ref>
                                <!-- This is defined as mandatory in top object class.
                                     But it is not really mandatory. Well done Microsoft. -->
                                <limitations>
                                        <minOccurs>0</minOccurs>
                                </limitations>
                                <outbound>
                                        <expression>
                                                <value>CN=Person,CN=Schema,CN=Configuration,DC=win,DC=evolveum,DC=com</value>
                                        </expression>
                                </outbound>
                        </attribute>

(of course the suffix is different in your domain...)

Ivan
On 06/29/2016 01:57 PM, Dick Muller wrote:
Ivan,

I used a sample LDAP resource file and seems that the attribute (that I do not need btw) with the name objectCategory was giving problems.
Now I have anoter error, stating that the object can’t be created because of an invalied attribute.

The error log is in the attachments of this mail.

I hope you can think of something, because we are talking about pretty standard attributes I think.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com><mailto:dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 13:25
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

HI Ivan,

The logfile tells that there is a constraint error because the object already exists.
But that is absolutely not true. I’ve looked in the AD domain and forest for the same account, but it doesn’t exist.

I’ve included the log in the mail.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 09:19
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be displayed. Somewhere will be ICF Create or ICF Update operation logged, including the parameters from provisioning. This would help to see what was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right? Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan
On 06/29/2016 07:36 AM, Dick Muller wrote:
Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D21B.D5258190]<http://www.tahzoo.com/>









_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint







--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."

WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München, Registergericht München HR B 211; WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Werner Quante, Sitz München, Registergericht München HR B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323; WWK Pensionsfonds AG, Vorstand: Ansgar Eckert, Karl Ruffing, Heinrich Schüppert; Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing (V.), Ansgar Eckert, Stefan Schneider (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2ad6557f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7593 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2ad6557f/attachment.png>


More information about the midPoint mailing list