[midPoint] Changing Distinguished Name of ldap account which is member of group leads to Error modifying LDAP entry noSuchAttribute
Ivan Noris
ivan.noris at evolveum.com
Wed Sep 27 17:07:09 CEST 2017
Hi Oleksandr,
AFAIK memberof overlay is to compute "memberof" attribute of the LDAP
account. But your exception comes from group modification: Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
noSuchAttribute: (16)
My first guess was that you have "refint" module and corresponding
overlay activated on OpenLDAP side. If you are really not using
OpenLDAP's referential integrity, then it should work as it is
configured. You have even configured "usePermissiveModify"...
I remember when I was playing with referential integrity, if I renamed
account in LDAP (through mp) and it failed with similar error, but the
group membership was still correct after this operation (showing renamed
account), the problem was that LDAP server was doing the referential
integrity automatically and I needed to turn off
explicitReferentialIntegrity in association configuration.
No more ideas yet.
Regards,
Ivan
On 27.09.2017 16:16, Oleksandr Nekriach wrote:
> Hi Ivan,
> We have added to OpenLdap memberOf overlay (see config below). But I
> don't sure that is good idea to remove it. Do you have some idea?
>
> dn: cn=module{2},cn=config
> cn: module{2}
> changetype: modify
> objectClass: olcModuleList
> olcModuleLoad: memberof
> olcModulePath: /usr/lib/ldap
>
> dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
> objectClass: olcConfig
> objectClass: olcMemberOf
> objectClass: olcOverlayConfig
> objectClass: top
> olcOverlay: memberof
> olcMemberOfDangling: ignore
> olcMemberOfRefInt: TRUE
> olcMemberOfGroupOC: groupOfNames
> olcMemberOfMemberAD: member
> olcMemberOfMemberOfAD: memberOf
>
> 2017-09-27 15:49 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
> Hi Oleksandr,
>
> you have association set with explicitReferentialIntegrity, that
> means midpoint will update group membership if user DN changes.
> Could this collide with your OpenLDAP refint overlay (or whatever
> is the name for automatic referential integrity)?
>
> I
>
>
> On 27.09.2017 13:28, Oleksandr Nekriach wrote:
>> Hello,
>> Please help me understand what is wrong.
>> I have role which assign a group to OpenLdap resource acount.
>> Also I have resource with expresion which dynamical calculates
>> Distinguished Name and has dependency on source attribute
>> "Locality". Also I expand ldap resource schema with memberOf
>> attribute.
>> When I change Locality attribute I get an error
>> InvalidAttributeValueException: Error modifying LDAP entry
>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>> [remove:member:
>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>> noSuchAttribute: (16)
>>
>> I can't understand why I got this error if resource account was
>> modified successfuly as I want.
>>
>> <displayName>TestRole_forMidpoint</displayName>
>> <inducement id="5">
>> <construction>
>> <resourceRef oid="00000000-0004-0000-0000-00000000004"
>> relation="org:default"
>> type="c:ResourceType"><!-- myOpenLDAP4
>> --></resourceRef>
>> <association>
>> <c:ref>ri:Group</c:ref>
>> <outbound>
>> <expression>
>> <associationTargetSearch
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
>> <http://www.w3.org/2001/XMLSchema-instance>"
>>
>> xsi:type="c:SearchObjectExpressionEvaluatorType">
>> <filter>
>> <q:equal>
>> <q:path>declare namespace
>> icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>';
>> declare namespace
>> ri='http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>';
>> attributes/ri:cn</q:path>
>> <q:value>TestRole_forMidpoint_2</q:value>
>> </q:equal>
>> </filter>
>> <searchOnResource>true</searchOnResource>
>> </associationTargetSearch>
>> </expression>
>> </outbound>
>> </association>
>> </construction>
>> </inducement>
>>
>> <attribute>
>> <c:ref>ri:dn</c:ref>
>> <displayName>Distinguished Name</displayName>
>> <matchingRule
>> xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3
>> <http://prism.evolveum.com/xml/ns/public/matching-rule-3>">mr:distinguishedName</matchingRule>
>> <outbound>
>> <strength>strong</strength>
>> <source>
>> <c:path>$user/name</c:path>
>> </source>
>> <source>
>> <c:path>$user/description</c:path>
>> </source>
>> <source>
>> <c:path>$user/locality</c:path>
>> </source>
>> <expression>
>> <script xsi:type="c:ScriptExpressionEvaluatorType">
>> <code>
>> String
>> rightPartOfDN=",ou=InternalUsers,ou=Users,ou=LV";
>> String dc=",dc=dyninno,dc=test";
>> if(name!=null &&
>> description!=null && locality!=null){
>>
>> if(locality.toString().equalsIgnoreCase("RIX") &&
>> description.toString().contains("Agent")){
>> rightPartOfDN=",ou=Agents,ou=Users,ou=LV";
>> }
>>
>> if(locality.toString().equalsIgnoreCase("KIV") &&
>> description.toString().contains("Agent")){
>> rightPartOfDN=",ou=Agents,ou=Users,ou=MD";
>> }
>> }
>> return "uid=" + name.toString() +
>> iterationToken + rightPartOfDN+dc;
>> </code>
>> </script>
>> </expression>
>> </outbound>
>> </attribute>
>>
>>
>>
>> 2017-09-27 13:59:42,925 [] [Thread-24] WARN
>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>> method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15,
>> cannot determine if it is binary
>> 2017-09-27 13:59:42,939 [] [Thread-23] WARN
>> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
>> The resource: myOpenLDAP4
>> (OID:00000000-0004-0000-0000-00000000004) does not provide
>> definition for null value of simulated activation attribute
>> 2017-09-27 13:59:43,893 [] [Thread-23] WARN
>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>> method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15,
>> cannot determine if it is binary
>> 2017-09-27 13:59:44,410 [] [Thread-23] WARN
>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>> method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15,
>> cannot determine if it is binary
>> 2017-09-27 13:59:44,712 [] [Thread-23] WARN
>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>> method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.12,
>> cannot determine if it is binary
>> 2017-09-27 13:59:45,077 [] [Thread-23] WARN
>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>> method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.12,
>> cannot determine if it is binary
>> 2017-09-27 13:59:45,120 [] [Thread-23] ERROR
>> (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
>> ConnId Exception
>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
>> in connector:cb288b2c-1e5f-4b78-924e-a215b723137d(ConnId
>> com.evolveum.polygon.connector.ldap.LdapConnector v1.4.5):
>> ConnectorSpec(object:00000000-0004-0000-0000-00000000004(myOpenLDAP4),
>> name=null, oid=cb288b2c-1e5f-4b78-924e-a215b723137d) while
>> removing attribute values from object identified by ConnId UID
>> '57ef6422-32fa-1037-9380-3b12ae02d26c': Error modifying LDAP
>> entry
>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>> [remove:member:
>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>> noSuchAttribute: (16)
>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
>> Error modifying LDAP entry
>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>> [remove:member:
>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>> noSuchAttribute: (16)
>> at
>> com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:455)
>> ~[connector-ldap-1.4.5.jar:na]
>> at
>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:1119)
>> ~[connector-ldap-1.4.5.jar:na]
>> at
>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:1110)
>> ~[connector-ldap-1.4.5.jar:na]
>> at
>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdateAttempt(AbstractLdapConnector.java:1060)
>> ~[connector-ldap-1.4.5.jar:na]
>> at
>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:1019)
>> ~[connector-ldap-1.4.5.jar:na]
>> at
>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.removeAttributeValues(AbstractLdapConnector.java:990)
>> ~[connector-ldap-1.4.5.jar:na]
>> at
>> org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.removeAttributeValues(UpdateImpl.java:171)
>> ~[connector-framework-internal-1.4.2.35.jar:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[na:1.8.0_131]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_131]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_131]
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_131]
>> at
>> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
>> ~[connector-framework-internal-1.4.2.35.jar:na]
>> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>> Source) ~[na:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[na:1.8.0_131]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_131]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_131]
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_131]
>> at
>> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
>> ~[connector-framework-internal-1.4.2.35.jar:na]
>> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>> Source) ~[na:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[na:1.8.0_131]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_131]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_131]
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_131]
>> at
>> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
>> ~[connector-framework-internal-1.4.2.35.jar:na]
>> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>> Source) ~[na:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[na:1.8.0_131]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_131]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_131]
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_131]
>> at
>> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
>> ~[connector-framework-internal-1.4.2.35.jar:na]
>> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>> Source) ~[na:na]
>> at
>> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.removeAttributeValues(AbstractConnectorFacade.java:225)
>> ~[connector-framework-internal-1.4.2.35.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1843)
>> ~[ucf-impl-connid-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1253)
>> ~[model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1240)
>> ~[model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:479)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:327)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:203)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:569)
>> ~[model-impl-3.6.jar:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[na:1.8.0_131]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_131]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_131]
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_131]
>> at
>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>> ~[wicket-ioc-7.6.0.jar:7.6.0]
>> at com.sun.proxy.$Proxy156.executeChanges(Unknown Source)
>> ~[na:na]
>> at
>> com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187)
>> ~[classes/:na]
>> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
>> 2017-09-27 13:59:45,129 [] [Thread-23] ERROR
>> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
>> Error while modifying entitlement ProvisioningContext(for
>> RSD(entitlement (Group) @00000000-0004-0000-0000-00000000004) in
>> object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)) of
>> ProvisioningContext(for
>> shadow:9873b7ed-3679-4a66-9445-344e9b52dd34(uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test)
>> in object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)):
>> Schema violation: Invalid attribute:
>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
>> modifying LDAP entry
>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>> [remove:member:
>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>> noSuchAttribute: (16))
>> com.evolveum.midpoint.util.exception.SchemaException: Schema
>> violation: Invalid attribute:
>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
>> modifying LDAP entry
>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>> [remove:member:
>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>> noSuchAttribute: (16))
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:797)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679)
>> [provisioning-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1253)
>> ~[model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1240)
>> ~[model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:479)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:327)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:203)
>> [model-impl-3.6.jar:na]
>> at
>> com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:569)
>> ~[model-impl-3.6.jar:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method) ~[na:1.8.0_131]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_131]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_131]
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_131]
>> at
>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>> ~[wicket-ioc-7.6.0.jar:7.6.0]
>> at com.sun.proxy.$Proxy156.executeChanges(Unknown Source)
>> ~[na:na]
>> at
>> com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187)
>> ~[classes/:na]
>> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
>> Caused by: com.evolveum.midpoint.util.exception.SchemaException:
>> Invalid attribute:
>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
>> modifying LDAP entry
>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>> [remove:member:
>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>> noSuchAttribute: (16))
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.lookForKnownCause(ConnIdUtil.java:352)
>> ~[ucf-impl-connid-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processIcfException(ConnIdUtil.java:215)
>> ~[ucf-impl-connid-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1850)
>> ~[ucf-impl-connid-3.6.jar:na]
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765)
>> [provisioning-impl-3.6.jar:na]
>> ... 24 common frames omitted
>>
>>
>> --
>> Best regards,
>>
>> Oleksandr Nekriach | Identity and access management engineer
>>
>> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
>>
>> +37125314685 <tel:+371%2025%20314%20685>
>> ,
>> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
>> |
>> www.dynatech.lv <http://www.dynatech.lv>
>>
>>
>>
>>
>> Stay connected:
>> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
>> <https://www.linkedin.com/company-beta/17893047/>
>>
>>
>> Confidentiality Notice: This message contains confidential
>> information and is intended only for the named recipient(s). If
>> you are not the addressee you may not copy, distribute or perform
>> any other activities with this information. If you have received
>> this transmission in error, please notify us by e-mail
>> immediately. E-mail transmission cannot be guaranteed to be
>> secure or error-free as information could be intercepted,
>> corrupted, lost, destroyed, arrive late or incomplete, or contain
>> viruses.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com <http://evolveum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> --
> Best regards,
>
> Oleksandr Nekriach | Identity and access management engineer
>
> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
>
> +37125314685 <tel:+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
> |
> www.dynatech.lv <http://www.dynatech.lv>
>
>
>
>
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
>
>
> Confidentiality Notice: This message contains confidential information
> and is intended only for the named recipient(s). If you are not the
> addressee you may not copy, distribute or perform any other activities
> with this information. If you have received this transmission in
> error, please notify us by e-mail immediately. E-mail transmission
> cannot be guaranteed to be secure or error-free as information could
> be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
> or contain viruses.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/26e8aa5f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7770
Type: image/png
Size: 2602 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/26e8aa5f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/26e8aa5f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/26e8aa5f/attachment-0002.png>
More information about the midPoint
mailing list