[midPoint] LDAP connector 1.4.3 was not found

Ivan Noris ivan.noris at evolveum.com
Thu Jun 30 15:54:38 CEST 2016


So after my tests with the same resource config with removed ri:cn
attribute definition, and the same AD, the provisioning works. I have
tried Add and Rename.

So I think AD will either ignore the CN attribute completely, or just
work unless the CN is different from RDN (cn) in DN.

So either use CN mapping and DN mapping in the consistent way, or it
seems the CN mapping may be omitted.

Regards,
Ivan

On 06/30/2016 09:47 AM, Ivan Noris wrote:
> Hi Dick,
>
> this makes sense now; in my experiments both were based on the same
> value. I will try to retest without having attribute configuration for
> CN at all.
>
> Thank you for reporting back.
>
> Regards,
> Ivan
>
> On 06/30/2016 09:44 AM, Dick Muller wrote:
>>
>> Hi Ivan,
>>
>>
>> Maybe good to know.
>>
>>
>> I solved it. The problem was that the CNvalue was different from the
>> CN part in the DN.
>>
>> That has to be the same and therefor it resulted in an error.
>>
>>
>> Thanks for your help.
>>
>>
>> Dick
>>
>> ------------------------------------------------------------------------
>> *Van:* midPoint <midpoint-bounces at lists.evolveum.com> namens Ivan
>> Noris <ivan.noris at evolveum.com>
>> *Verzonden:* woensdag 29 juni 2016 18:25:20
>> *Aan:* midPoint General Discussion
>> *Onderwerp:* Re: [midPoint] LDAP connector 1.4.3 was not found
>>  
>> Hi Dick,
>>
>> FYI I have just tried resource-localhost.xml from
>> testing/conntest/.../ad-ldap and after I set the SSL/tunnel to medusa
>> correctly, I was able to create an account using Add projection
>> without any problems. I have not changed anything in the sample.
>>
>> Strange enough :-) I have not touched ri:cn at all. But of course my
>> objectCategory DN is valid.
>>
>> FYI I was trying to send userPrincipalName attribute as
>> user at domain@domain (because of bad mapping) and the error message
>> returned by AD was: "00000523: SysErr: DSID-031A1202, problem 22
>> (Invalid argument), data 0". But tracing showed the value I was
>> trying to send, so it helped me to diagnose it instantly.
>>
>> Regards,
>> Ivan
>>
>> On 06/29/2016 01:57 PM, Dick Muller wrote:
>>>
>>> Ivan,
>>>
>>>  
>>>
>>> I used a sample LDAP resource file and seems that the attribute
>>> (that I do not need btw) with the name objectCategory was giving
>>> problems.
>>>
>>> Now I have anoter error, stating that the object can’t be created
>>> because of an invalied attribute.
>>>
>>>  
>>>
>>> The error log is in the attachments of this mail.
>>>
>>>  
>>>
>>> I hope you can think of something, because we are talking about
>>> pretty standard attributes I think.
>>>
>>>  
>>>
>>> Thanks,
>>>
>>> Dick
>>>
>>>  
>>>
>>> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
>>> Dick Muller <dick.muller at tahzoo.com>
>>> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Date: *Wednesday 29 June 2016 at 13:25
>>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>>
>>>  
>>>
>>> HI Ivan,
>>>
>>>  
>>>
>>> The logfile tells that there is a constraint error because the
>>> object already exists.
>>>
>>> But that is absolutely not true. I’ve looked in the AD domain and
>>> forest for the same account, but it doesn’t exist.
>>>
>>>  
>>>
>>> I’ve included the log in the mail.
>>>
>>>  
>>>
>>> Thanks,
>>>
>>> Dick
>>>
>>>  
>>>
>>> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
>>> Ivan Noris <ivan.noris at evolveum.com>
>>> *Organization: *Evolveum, s.r.o.
>>> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Date: *Wednesday 29 June 2016 at 09:19
>>> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
>>> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>>
>>>  
>>>
>>> Hi Dick,
>>>
>>> I don't see anything obvious yet.
>>> Please try to get:
>>> 1) stack trace from midpoint idm.log when this operation fails
>>> 2) the (red) result can be clicked and whole tree of operations will
>>> be displayed. Somewhere will be ICF Create or ICF Update operation
>>> logged, including the parameters from provisioning. This would help
>>> to see what was sent to the connector.
>>>
>>> Also tracing org.identityconnectors.framework.api during this
>>> operation would help too. (idm.log will contain the information)
>>>
>>> The cn=ldap.test,... account is the one you are trying to create,
>>> right? Does "ou=Employees DC" exist in OU=Tahzoo?
>>>
>>> Ivan
>>>
>>> On 06/29/2016 07:36 AM, Dick Muller wrote:
>>>
>>>     Hi Ivan,
>>>
>>>      
>>>
>>>     I get an error when I add a projection to the user with an LDAPS
>>>     connection.
>>>
>>>     (See the attachment)
>>>
>>>     I’ve checked the synchronization mappings and synchronization
>>>     tab. I’ve got the reconcile checked and kind and intent
>>>     correctly configured.
>>>
>>>      
>>>
>>>     Thanks,
>>>
>>>      
>>>
>>>     Dick
>>>
>>>      
>>>
>>>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>>>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>>>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>>>     *Organization: *Evolveum, s.r.o.
>>>     *Reply-To: *midPoint General Discussion
>>>     <mailto:midpoint at lists.evolveum.com><midpoint at lists.evolveum.com>
>>>     *Date: *Tuesday 28 June 2016 at 15:17
>>>     *To: *"midpoint at lists.evolveum.com"
>>>     <mailto:midpoint at lists.evolveum.com>
>>>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>>>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>>
>>>      
>>>
>>>     Hi Dick,
>>>
>>>     AFAIK with midPoint 3.4 you should see LDAP connectors version
>>>     1.4.2.17 (including AdLdap).
>>>
>>>     The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>>>     connector version was tagged as 1.4.2.17, so that should be the
>>>     version you want to use.
>>>
>>>     What sync problems with 1.4.2.x are you referring to?
>>>
>>>     The error message means that there is no connector (JAR)
>>>     referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>>>
>>>     You need to update all resources referencing to the
>>>     1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing
>>>     the oid in connectorRef in the resources, as we were discussing
>>>     during the training.
>>>
>>>     Best regards,
>>>     Ivan
>>>
>>>     On 06/28/2016 03:05 PM, Dick Muller wrote:
>>>
>>>         Hi,
>>>
>>>         I upgraded to the latest 3.4 version and wanted to install
>>>         ADLDAP connectors.
>>>
>>>         I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>>>         gives problems during syncing. I think this is already
>>>         described in JIRA.
>>>
>>>         I want to use the latest version 1.4.3.0-snapshot but get an
>>>         error during TEST of the resource.
>>>
>>>          
>>>
>>>         I’ve included the Error message as attachment.
>>>
>>>          
>>>
>>>         Hope somebody can help me with this.
>>>
>>>          
>>>
>>>         Regards,
>>>
>>>          
>>>
>>>         ------------------------------------------------------------------------
>>>
>>>         *Dick Muller*
>>>
>>>         Senior Systems Engineer
>>>
>>>         Delftechpark 37i
>>>         2628 XJ Delft*
>>>         d*: +31 88 2682586 
>>>         *m:* +31 6 46477690
>>>
>>>         <http://www.tahzoo.com/>
>>>
>>>          
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>
>>>         midPoint mailing list
>>>
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>
>>>     -- 
>>>
>>>       Ing. Ivan Noris
>>>
>>>       Senior Identity Management Engineer & IDM Architect
>>>
>>>       evolveum.com                     evolveum.com/blog/
>>>
>>>       ___________________________________________________
>>>
>>>       "Semper ID(e)M Vix."
>>>
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>
>>>     midPoint mailing list
>>>
>>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>
>>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>> -- 
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/65766fac/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/65766fac/attachment.png>


More information about the midPoint mailing list