[midPoint] Changing Distinguished Name of ldap account which is member of group leads to Error modifying LDAP entry noSuchAttribute
Oleksandr Nekriach
o.nekriach at dynatech.lv
Wed Sep 27 13:28:34 CEST 2017
Hello,
Please help me understand what is wrong.
I have role which assign a group to OpenLdap resource acount. Also I have
resource with expresion which dynamical calculates Distinguished Name and
has dependency on source attribute "Locality". Also I expand ldap resource
schema with memberOf attribute.
When I change Locality attribute I get an error
InvalidAttributeValueException: Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16)
I can't understand why I got this error if resource account was modified
successfuly as I want.
<displayName>TestRole_forMidpoint</displayName>
<inducement id="5">
<construction>
<resourceRef oid="00000000-0004-0000-0000-00000000004"
relation="org:default"
type="c:ResourceType"><!-- myOpenLDAP4
--></resourceRef>
<association>
<c:ref>ri:Group</c:ref>
<outbound>
<expression>
<associationTargetSearch xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:SearchObjectExpressionEvaluatorType">
<filter>
<q:equal>
<q:path>declare namespace icfs='
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
declare namespace ri='
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3';
attributes/ri:cn</q:path>
<q:value>TestRole_forMidpoint_2</q:value>
</q:equal>
</filter>
<searchOnResource>true</searchOnResource>
</associationTargetSearch>
</expression>
</outbound>
</association>
</construction>
</inducement>
<attribute>
<c:ref>ri:dn</c:ref>
<displayName>Distinguished Name</displayName>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:distinguishedName</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<c:path>$user/name</c:path>
</source>
<source>
<c:path>$user/description</c:path>
</source>
<source>
<c:path>$user/locality</c:path>
</source>
<expression>
<script xsi:type="c:ScriptExpressionEvaluatorType">
<code>
String
rightPartOfDN=",ou=InternalUsers,ou=Users,ou=LV";
String dc=",dc=dyninno,dc=test";
if(name!=null && description!=null
&& locality!=null){
if(locality.toString().equalsIgnoreCase("RIX")
&& description.toString().contains("Agent")){
rightPartOfDN=",ou=Agents,ou=Users,ou=LV";
}
if(locality.toString().equalsIgnoreCase("KIV")
&& description.toString().contains("Agent")){
rightPartOfDN=",ou=Agents,ou=Users,ou=MD";
}
}
return "uid=" + name.toString() + iterationToken +
rightPartOfDN+dc;
</code>
</script>
</expression>
</outbound>
</attribute>
2017-09-27 13:59:42,925 [] [Thread-24] WARN
(com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15, cannot
determine if it is binary
2017-09-27 13:59:42,939 [] [Thread-23] WARN
(com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): The
resource: myOpenLDAP4 (OID:00000000-0004-0000-0000-00000000004) does not
provide definition for null value of simulated activation attribute
2017-09-27 13:59:43,893 [] [Thread-23] WARN
(com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15, cannot
determine if it is binary
2017-09-27 13:59:44,410 [] [Thread-23] WARN
(com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15, cannot
determine if it is binary
2017-09-27 13:59:44,712 [] [Thread-23] WARN
(com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.12, cannot
determine if it is binary
2017-09-27 13:59:45,077 [] [Thread-23] WARN
(com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.12, cannot
determine if it is binary
2017-09-27 13:59:45,120 [] [Thread-23] ERROR
(com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId
Exception
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
in connector:cb288b2c-1e5f-4b78-924e-a215b723137d(ConnId
com.evolveum.polygon.connector.ldap.LdapConnector v1.4.5):
ConnectorSpec(object:00000000-0004-0000-0000-00000000004(myOpenLDAP4),
name=null, oid=cb288b2c-1e5f-4b78-924e-a215b723137d) while removing
attribute values from object identified by ConnId UID
'57ef6422-32fa-1037-9380-3b12ae02d26c': Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16)
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16)
at
com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:455)
~[connector-ldap-1.4.5.jar:na]
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:1119)
~[connector-ldap-1.4.5.jar:na]
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:1110)
~[connector-ldap-1.4.5.jar:na]
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdateAttempt(AbstractLdapConnector.java:1060)
~[connector-ldap-1.4.5.jar:na]
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:1019)
~[connector-ldap-1.4.5.jar:na]
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.removeAttributeValues(AbstractLdapConnector.java:990)
~[connector-ldap-1.4.5.jar:na]
at
org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.removeAttributeValues(UpdateImpl.java:171)
~[connector-framework-internal-1.4.2.35.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.2.35.jar:na]
at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source)
~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
~[connector-framework-internal-1.4.2.35.jar:na]
at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source)
~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
~[connector-framework-internal-1.4.2.35.jar:na]
at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source)
~[na:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
~[connector-framework-internal-1.4.2.35.jar:na]
at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source)
~[na:na]
at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.removeAttributeValues(AbstractConnectorFacade.java:225)
~[connector-framework-internal-1.4.2.35.jar:na]
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1843)
~[ucf-impl-connid-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1253)
~[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1240)
~[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:479)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:327)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:203)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:569)
~[model-impl-3.6.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at
org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
~[wicket-ioc-7.6.0.jar:7.6.0]
at com.sun.proxy.$Proxy156.executeChanges(Unknown Source) ~[na:na]
at
com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187)
~[classes/:na]
at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
2017-09-27 13:59:45,129 [] [Thread-23] ERROR
(com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): Error
while modifying entitlement ProvisioningContext(for RSD(entitlement (Group)
@00000000-0004-0000-0000-00000000004) in
object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)) of
ProvisioningContext(for
shadow:9873b7ed-3679-4a66-9445-344e9b52dd34(uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test)
in object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)): Schema
violation: Invalid attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16))
com.evolveum.midpoint.util.exception.SchemaException: Schema violation:
Invalid attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16))
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:797)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679)
[provisioning-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1253)
~[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1240)
~[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:479)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:327)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:203)
[model-impl-3.6.jar:na]
at
com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:569)
~[model-impl-3.6.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[na:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]
at
org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
~[wicket-ioc-7.6.0.jar:7.6.0]
at com.sun.proxy.$Proxy156.executeChanges(Unknown Source) ~[na:na]
at
com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187)
~[classes/:na]
at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
Caused by: com.evolveum.midpoint.util.exception.SchemaException: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16))
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.lookForKnownCause(ConnIdUtil.java:352)
~[ucf-impl-connid-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processIcfException(ConnIdUtil.java:215)
~[ucf-impl-connid-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1850)
~[ucf-impl-connid-3.6.jar:na]
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765)
[provisioning-impl-3.6.jar:na]
... 24 common frames omitted
--
Best regards,
Oleksandr Nekriach | Identity and access management engineer
Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
+37125314685 <+371%2025%20314%20685>
,
o.nekriach at dynatech.lv
|
www.dynatech.lv
Stay connected:
<https://www.facebook.com/DynatechLatvia/?ref=br_rs>
<https://www.linkedin.com/company-beta/17893047/>
Confidentiality Notice: This message contains confidential information and
is intended only for the named recipient(s). If you are not the addressee
you may not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please notify
us by e-mail immediately. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/9ca2795e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/9ca2795e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/9ca2795e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7770
Type: image/png
Size: 2602 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/9ca2795e/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: midPointModifyPartial error.jpeg
Type: image/jpeg
Size: 75637 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/9ca2795e/attachment.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Downloads.zip
Type: application/zip
Size: 32982 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/9ca2795e/attachment.zip>
More information about the midPoint
mailing list