[midPoint] Cannot establish connection to SAP

Santiago Benavidez sbenavidez at identicum.com
Tue Jan 31 16:39:48 CET 2017 

Hi Community,

We have a couple of news about this issue. We managed to get a JCO 3.0.16
but unfortunately we are getting the same "*ADMINDATA not a member...*."
error message. What seems to have change is the MSHOST or ASHOST issue,
because we are not getting the "*MSHOST not found*" error even if we have
the System ID parameter on the resources configuration.

After that we take a time to understand why the connector needs that
parameter and it seems to be used on method  getSchemaFromBapiFunction
apparently
to retrieve SAP user schema from the BAPI_USER_GET_DETAIL bapi function. As
it's a read only attribute, we tried to remove this field from the array

>
>  // these "Paremeter name"-s we can only read (don't have appropirade
> parameters in BAPI_USER_CHANGE)
>     private static final String[] READ_ONLY_PARAMETERS = {"ISLOCKED",
> "LASTMODIFIED", "SNC", "ADMINDATA", "IDENTITY"};


And also the "IDENTITY" value which also return us the same error after
removing the ADMINDATA value.

Finally after removing those two values from the array, we got the driver
working, or at least the test connection is OK.

We did some basic testing of an import and sync events and seems to be
working properly, nevertheless, as we modified the SAP connector, we are
not pretty sure that we will not get any future error because of this
change. We will continue our testing.

Any thoughts on the modifications that we have done to the connector? Any
similar experience?

Many thanks!


*Ing. Santiago R. Benavídez*
 Identicum S.A.

*Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050 (int. 107)*
*sbenavidez at identicum.com <sbenavidez at identicum.com>*
www.identicum.com

On Thu, Jan 26, 2017 at 12:10 PM, Santiago Benavidez <
sbenavidez at identicum.com> wrote:

> Hi Gustav,
>
> Thanks for your reply! We've been researching the threats you mention and
> also we try decompiling the JCO in order to understand how it's done and we
> found that if the System ID is not specified, then the JCO requires the
> ASHOST parameter to establish the connection, but if it's specified, then
> the expected parameter is MSHOST.
>
> If we set the System ID on the resource configuration parameters, we get
> the "Parameter message server host ('mshost') is missing" because the SAP
> Connector is hardcoded to set the ASHOST parameter always, but if keep the
> System ID field empty, we get the following error from the log:
>
> 2017-01-26 10:48:01,303 [] [http-nio-8080-exec-4] ERROR
> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception
> org.identityconnectors.framework.common.exceptions.ConnectorIOException
> in connector:45a7ea01-69aa-422b-adae-61682c5809f3(ICF
> com.evolveum.polygon.connector.sap.SapConnector v1.0.1.0-SNAPSHOT):
> resource:e307a460-2310-4f18-9644-6534d62fa999(SAP): Error when parse user
> schema from SAP: com.sap.conn.jco.JCoRuntimeException: (127)
> JCO_ERROR_FIELD_NOT_FOUND : Field ADMINDATA not a member of OUTPUT
> org.identityconnectors.framework.common.exceptions.ConnectorIOException:
> Error when parse user schema from SAP: com.sap.conn.jco.JCoRuntimeException:
> (127) JCO_ERROR_FIELD_NOT_FOUND : Field ADMINDATA not a member of OUTPUT
>         at com.evolveum.polygon.connector.sap.SapConnector.buildAccount
> ObjectClass(SapConnector.java:295) ~[na:na]
>         at com.evolveum.polygon.connector.sap.SapConnector.schema(SapConnector.java:278)
> ~[na:na]
>         at com.evolveum.polygon.connector.sap.SapConnector.init(SapConnector.java:191)
> ~[na:na]
>         at org.identityconnectors.framework.impl.api.local.operations.C
> onnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:94)
> ~[connector-framework-internal-1.4.2.18.jar:na]
>
> When we check the SAP connector logic, the ADMINDATA field is not set,
> it's a read only attribute and seems that is not returned from SAP across
> the connection process.
> As we are using a SAP ABAP Netweaver 7.01, do you know if there could be
> any restriction or limitation on our SAP environment? Perhaps the SAP
> Connector only works for Java Netweaver instances, for example.
>
> Many thanks!
>
> *Ing. Santiago R. Benavídez*
>  Identicum S.A.
>
> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050 (int. 107)*
> *sbenavidez at identicum.com <sbenavidez at identicum.com>*
> www.identicum.com
>
> On Wed, Jan 25, 2017 at 3:19 AM, Pálos Gustáv <gustav.palos at evolveum.com>
> wrote:
>
>> Hi Santiago,
>>
>> this looks like as SAP side configuration problem, I found only this on
>> the internet:
>> https://archive.sap.com/discussions/thread/3151604
>> "the issue caused by an empty entry in SM59 under TCP/IP" ...
>>
>> maybe you can found more info in SAP not public docs.
>>
>> Best regards,
>>
>> Gustav
>>
>>
>> 2017-01-24 23:13 GMT+01:00 Santiago Benavidez <sbenavidez at identicum.com>:
>>
>>> Hi community,
>>>
>>> We are trying to do some tests with the SAP resource version
>>> 1.0.1.0-SNAPSHOT on a Midpoint 3.5-SNAPSHOT environment and when we try to
>>> test the connection between Midpoint and our SAP environment we get the
>>> following error:
>>>
>>> Caused by: com.sap.conn.jco.JCoException: Configuration of destination 2
>>> is incomplete: Parameter message server host ('mshost') is missing
>>>         at com.sap.conn.jco.rt.MiddlewareJavaRfc$JavaRfcClient.connect(MiddlewareJavaRfc.java:1359)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.ClientConnection.connect(ClientConnection.java:721)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.PoolingFactory.init(PoolingFactory.java:103)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.ConnectionManager.createFactory(ConnectionManager.java:293)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.DefaultConnectionManager.createFactory(D
>>> efaultConnectionManager.java:46) ~[sapjco3.jar:20100905 1938 [3.0.6
>>> (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.ConnectionManager.getFactory(ConnectionManager.java:262)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.RfcDestination.initialize(RfcDestination.java:509)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.RfcDestination.ping(RfcDestination.java:780)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.evolveum.polygon.connector.sap.SapConnector.init(SapConnector.java:183)
>>> ~[na:na]
>>>         ... 118 common frames omitted
>>> Caused by: com.sap.conn.rfc.exceptions.RfcException: Parameter message
>>> server host ('mshost') is missing
>>>         at com.sap.conn.rfc.api.RfcOptions.checkParameters(RfcOptions.java:299)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.rfc.api.RfcApi.RfcOpen(RfcApi.java:78)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         at com.sap.conn.jco.rt.MiddlewareJavaRfc$JavaRfcClient.connect(MiddlewareJavaRfc.java:1329)
>>> ~[sapjco3.jar:20100905 1938 [3.0.6 (2010-08-24)]]
>>>         ... 126 common frames omitted
>>>
>>> We are running SAP Netweaver 7.01 ABAP Trial Version with a JCO 3.0.6.
>>> According to the documentation, it's tested with a JCO 3.0.13, but
>>> unfortunately we don't have the required permissions to download it from
>>> SAP. Do you guys know if this works with previous versions of the JCO, like
>>> the 3.0.6?
>>>
>>> Thanks in advance,
>>>
>>> *Ing. Santiago R. Benavídez*
>>>  Identicum S.A.
>>>
>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050 (int. 107)*
>>> *sbenavidez at identicum.com <sbenavidez at identicum.com>*
>>> www.identicum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> Gustáv Pálos
>> Identity Engineer
>> evolveum.com
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170131/9e00223d/attachment.htm>

More information about the midPoint mailing list