[midPoint] Changing Distinguished Name of ldap account which is member of group leads to Error modifying LDAP entry noSuchAttribute
Ivan Noris
ivan.noris at evolveum.com
Thu Sep 28 12:03:40 CEST 2017
Hi Oleksandr,
from midpoint common schema:
<xsd:element name="explicitReferentialIntegrity"
type="xsd:boolean" minOccurs="0" default="true">
<xsd:annotation>
<xsd:documentation>
Whether you require midPoint to provide
referential integrity for object-to-subject associations.
Used for resources that do not provide
referential integrity by themselves, e.g. for OpenDJ with
default settings (i.e. with referential
integrity plugin turned off).
For resources having referential
integrity, e.g. for Active Directory, set this parameter to false.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
As turning OFF (false) helped, your directory server must have been
configured to update group membership according to the DN change. And
that collided with midPoint behaviour.
Typically you have to turn this off (set to false) for Active Directory.
FYI: our OpenLDAP installation and configuration wiki:
https://wiki.evolveum.com/display/midPoint/OpenLDAP+Installation+and+Configuration
mentions how to turn referential integrity for OpenLDAP...
Best regards,
Ivan
On 28.09.2017 11:19, Oleksandr Nekriach wrote:
> Hello Ivan,
>
> Thank you for help!
> I turned off explicitReferentialIntegrity and this solved my problem.
> What does this setting mean?
>
> Best regards, Oleksandr
>
> 2017-09-27 18:07 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
> Hi Oleksandr,
>
> AFAIK memberof overlay is to compute "memberof" attribute of the
> LDAP account. But your exception comes from group modification:
> Error modifying LDAP entry
> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
> [remove:member:
> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
> noSuchAttribute: (16)
>
> My first guess was that you have "refint" module and corresponding
> overlay activated on OpenLDAP side. If you are really not using
> OpenLDAP's referential integrity, then it should work as it is
> configured. You have even configured "usePermissiveModify"...
>
> I remember when I was playing with referential integrity, if I
> renamed account in LDAP (through mp) and it failed with similar
> error, but the group membership was still correct after this
> operation (showing renamed account), the problem was that LDAP
> server was doing the referential integrity automatically and I
> needed to turn off explicitReferentialIntegrity in association
> configuration.
>
> No more ideas yet.
>
> Regards,
>
> Ivan
>
>
> On 27.09.2017 16:16, Oleksandr Nekriach wrote:
>> Hi Ivan,
>> We have added to OpenLdap memberOf overlay (see config below).
>> But I don't sure that is good idea to remove it. Do you have some
>> idea?
>>
>> dn: cn=module{2},cn=config
>> cn: module{2}
>> changetype: modify
>> objectClass: olcModuleList
>> olcModuleLoad: memberof
>> olcModulePath: /usr/lib/ldap
>>
>> dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
>> objectClass: olcConfig
>> objectClass: olcMemberOf
>> objectClass: olcOverlayConfig
>> objectClass: top
>> olcOverlay: memberof
>> olcMemberOfDangling: ignore
>> olcMemberOfRefInt: TRUE
>> olcMemberOfGroupOC: groupOfNames
>> olcMemberOfMemberAD: member
>> olcMemberOfMemberOfAD: memberOf
>>
>> 2017-09-27 15:49 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
>> <mailto:ivan.noris at evolveum.com>>:
>>
>> Hi Oleksandr,
>>
>> you have association set with explicitReferentialIntegrity,
>> that means midpoint will update group membership if user DN
>> changes. Could this collide with your OpenLDAP refint overlay
>> (or whatever is the name for automatic referential integrity)?
>>
>> I
>>
>>
>> On 27.09.2017 13:28, Oleksandr Nekriach wrote:
>>> Hello,
>>> Please help me understand what is wrong.
>>> I have role which assign a group to OpenLdap resource
>>> acount. Also I have resource with expresion which dynamical
>>> calculates Distinguished Name and has dependency on source
>>> attribute "Locality". Also I expand ldap resource schema
>>> with memberOf attribute.
>>> When I change Locality attribute I get an error
>>> InvalidAttributeValueException: Error modifying LDAP entry
>>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>>> [remove:member:
>>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>>> noSuchAttribute: (16)
>>>
>>> I can't understand why I got this error if resource account
>>> was modified successfuly as I want.
>>>
>>> <displayName>TestRole_forMidpoint</displayName>
>>> <inducement id="5">
>>> <construction>
>>> <resourceRef oid="00000000-0004-0000-0000-00000000004"
>>> relation="org:default"
>>> type="c:ResourceType"><!-- myOpenLDAP4
>>> --></resourceRef>
>>> <association>
>>> <c:ref>ri:Group</c:ref>
>>> <outbound>
>>> <expression>
>>> <associationTargetSearch
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
>>> <http://www.w3.org/2001/XMLSchema-instance>"
>>>
>>> xsi:type="c:SearchObjectExpressionEvaluatorType">
>>> <filter>
>>> <q:equal>
>>> <q:path>declare namespace
>>> icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>';
>>> declare namespace
>>> ri='http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>';
>>> attributes/ri:cn</q:path>
>>>
>>> <q:value>TestRole_forMidpoint_2</q:value>
>>> </q:equal>
>>> </filter>
>>> <searchOnResource>true</searchOnResource>
>>> </associationTargetSearch>
>>> </expression>
>>> </outbound>
>>> </association>
>>> </construction>
>>> </inducement>
>>>
>>> <attribute>
>>> <c:ref>ri:dn</c:ref>
>>> <displayName>Distinguished Name</displayName>
>>> <matchingRule
>>> xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3
>>> <http://prism.evolveum.com/xml/ns/public/matching-rule-3>">mr:distinguishedName</matchingRule>
>>> <outbound>
>>> <strength>strong</strength>
>>> <source>
>>> <c:path>$user/name</c:path>
>>> </source>
>>> <source>
>>> <c:path>$user/description</c:path>
>>> </source>
>>> <source>
>>> <c:path>$user/locality</c:path>
>>> </source>
>>> <expression>
>>> <script
>>> xsi:type="c:ScriptExpressionEvaluatorType">
>>> <code>
>>> String
>>> rightPartOfDN=",ou=InternalUsers,ou=Users,ou=LV";
>>> String dc=",dc=dyninno,dc=test";
>>> if(name!=null &&
>>> description!=null && locality!=null){
>>>
>>> if(locality.toString().equalsIgnoreCase("RIX") &&
>>> description.toString().contains("Agent")){
>>>
>>> rightPartOfDN=",ou=Agents,ou=Users,ou=LV";
>>> }
>>>
>>> if(locality.toString().equalsIgnoreCase("KIV") &&
>>> description.toString().contains("Agent")){
>>>
>>> rightPartOfDN=",ou=Agents,ou=Users,ou=MD";
>>> }
>>> }
>>> return "uid=" + name.toString() +
>>> iterationToken + rightPartOfDN+dc;
>>> </code>
>>> </script>
>>> </expression>
>>> </outbound>
>>> </attribute>
>>>
>>>
>>>
>>> 2017-09-27 13:59:42,925 [] [Thread-24] WARN
>>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>>> method: null msg:Uknown attribute
>>> 1.3.6.1.4.1.1466.115.121.1.15, cannot determine if it is binary
>>> 2017-09-27 13:59:42,939 [] [Thread-23] WARN
>>> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
>>> The resource: myOpenLDAP4
>>> (OID:00000000-0004-0000-0000-00000000004) does not provide
>>> definition for null value of simulated activation attribute
>>> 2017-09-27 13:59:43,893 [] [Thread-23] WARN
>>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>>> method: null msg:Uknown attribute
>>> 1.3.6.1.4.1.1466.115.121.1.15, cannot determine if it is binary
>>> 2017-09-27 13:59:44,410 [] [Thread-23] WARN
>>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>>> method: null msg:Uknown attribute
>>> 1.3.6.1.4.1.1466.115.121.1.15, cannot determine if it is binary
>>> 2017-09-27 13:59:44,712 [] [Thread-23] WARN
>>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>>> method: null msg:Uknown attribute
>>> 1.3.6.1.4.1.1466.115.121.1.12, cannot determine if it is binary
>>> 2017-09-27 13:59:45,077 [] [Thread-23] WARN
>>> (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator):
>>> method: null msg:Uknown attribute
>>> 1.3.6.1.4.1.1466.115.121.1.12, cannot determine if it is binary
>>> 2017-09-27 13:59:45,120 [] [Thread-23] ERROR
>>> (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
>>> ConnId Exception
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
>>> in connector:cb288b2c-1e5f-4b78-924e-a215b723137d(ConnId
>>> com.evolveum.polygon.connector.ldap.LdapConnector v1.4.5):
>>> ConnectorSpec(object:00000000-0004-0000-0000-00000000004(myOpenLDAP4),
>>> name=null, oid=cb288b2c-1e5f-4b78-924e-a215b723137d) while
>>> removing attribute values from object identified by ConnId
>>> UID '57ef6422-32fa-1037-9380-3b12ae02d26c': Error modifying
>>> LDAP entry
>>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>>> [remove:member:
>>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>>> noSuchAttribute: (16)
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
>>> Error modifying LDAP entry
>>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>>> [remove:member:
>>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>>> noSuchAttribute: (16)
>>> at
>>> com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:455)
>>> ~[connector-ldap-1.4.5.jar:na]
>>> at
>>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.pr
>>> <http://ldap.AbstractLdapConnector.pr>ocessModifyResult(AbstractLdapConnector.java:1119)
>>> ~[connector-ldap-1.4.5.jar:na]
>>> at
>>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:1110)
>>> ~[connector-ldap-1.4.5.jar:na]
>>> at
>>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdateAttempt(AbstractLdapConnector.java:1060)
>>> ~[connector-ldap-1.4.5.jar:na]
>>> at
>>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:1019)
>>> ~[connector-ldap-1.4.5.jar:na]
>>> at
>>> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.re
>>> <http://ldap.AbstractLdapConnector.re>moveAttributeValues(AbstractLdapConnector.java:990)
>>> ~[connector-ldap-1.4.5.jar:na]
>>> at
>>> org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.removeAttributeValues(UpdateImpl.java:171)
>>> ~[connector-framework-internal-1.4.2.35.jar:na]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> ~[na:1.8.0_131]
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> ~[na:1.8.0_131]
>>> at
>>> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
>>> ~[connector-framework-internal-1.4.2.35.jar:na]
>>> at
>>> com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>>> Source) ~[na:na]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> ~[na:1.8.0_131]
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> ~[na:1.8.0_131]
>>> at
>>> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
>>> ~[connector-framework-internal-1.4.2.35.jar:na]
>>> at
>>> com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>>> Source) ~[na:na]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> ~[na:1.8.0_131]
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> ~[na:1.8.0_131]
>>> at
>>> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
>>> ~[connector-framework-internal-1.4.2.35.jar:na]
>>> at
>>> com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>>> Source) ~[na:na]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> ~[na:1.8.0_131]
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> ~[na:1.8.0_131]
>>> at
>>> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
>>> ~[connector-framework-internal-1.4.2.35.jar:na]
>>> at
>>> com.sun.proxy.$Proxy184.removeAttributeValues(Unknown
>>> Source) ~[na:na]
>>> at
>>> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.removeAttributeValues(AbstractConnectorFacade.java:225)
>>> ~[connector-framework-internal-1.4.2.35.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1843)
>>> ~[ucf-impl-connid-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679)
>>> [provisioning-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.LensUtil.partialExecute(LensUtil.java:1253)
>>> ~[model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.LensUtil.partialExecute(LensUtil.java:1240)
>>> ~[model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.processSecondary(Clockwork.java:479)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.click(Clockwork.java:327)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.run(Clockwork.java:203)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.controller.ModelController.executeChanges(ModelController.java:569)
>>> ~[model-impl-3.6.jar:na]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> ~[na:1.8.0_131]
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> ~[na:1.8.0_131]
>>> at
>>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>>> ~[wicket-ioc-7.6.0.jar:7.6.0]
>>> at com.sun.proxy.$Proxy156.executeChanges(Unknown
>>> Source) ~[na:na]
>>> at
>>> com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187)
>>> ~[classes/:na]
>>> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
>>> 2017-09-27 13:59:45,129 [] [Thread-23] ERROR
>>> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
>>> Error while modifying entitlement ProvisioningContext(for
>>> RSD(entitlement (Group)
>>> @00000000-0004-0000-0000-00000000004) in
>>> object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)) of
>>> ProvisioningContext(for
>>> shadow:9873b7ed-3679-4a66-9445-344e9b52dd34(uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test)
>>> in object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)):
>>> Schema violation: Invalid attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
>>> modifying LDAP entry
>>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>>> [remove:member:
>>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>>> noSuchAttribute: (16))
>>> com.evolveum.midpoint.util.exception.SchemaException: Schema
>>> violation: Invalid attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
>>> modifying LDAP entry
>>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>>> [remove:member:
>>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>>> noSuchAttribute: (16))
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:797)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684)
>>> [provisioning-impl-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679)
>>> [provisioning-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.LensUtil.partialExecute(LensUtil.java:1253)
>>> ~[model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.LensUtil.partialExecute(LensUtil.java:1240)
>>> ~[model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.processSecondary(Clockwork.java:479)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.click(Clockwork.java:327)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.lens.Clockwork.run(Clockwork.java:203)
>>> [model-impl-3.6.jar:na]
>>> at com.evolveum.midpoint.model.im
>>> <http://com.evolveum.midpoint.model.im>pl.controller.ModelController.executeChanges(ModelController.java:569)
>>> ~[model-impl-3.6.jar:na]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> ~[na:1.8.0_131]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> ~[na:1.8.0_131]
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> ~[na:1.8.0_131]
>>> at
>>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>>> ~[wicket-ioc-7.6.0.jar:7.6.0]
>>> at com.sun.proxy.$Proxy156.executeChanges(Unknown
>>> Source) ~[na:na]
>>> at
>>> com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187)
>>> ~[classes/:na]
>>> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]
>>> Caused by:
>>> com.evolveum.midpoint.util.exception.SchemaException:
>>> Invalid attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
>>> modifying LDAP entry
>>> cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test:
>>> [remove:member:
>>> uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]:
>>> noSuchAttribute: (16))
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.lookForKnownCause(ConnIdUtil.java:352)
>>> ~[ucf-impl-connid-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processIcfException(ConnIdUtil.java:215)
>>> ~[ucf-impl-connid-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1850)
>>> ~[ucf-impl-connid-3.6.jar:na]
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765)
>>> [provisioning-impl-3.6.jar:na]
>>> ... 24 common frames omitted
>>>
>>>
>>> --
>>> Best regards,
>>>
>>> Oleksandr Nekriach | Identity and access management engineer
>>>
>>> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
>>>
>>> +37125314685 <tel:+371%2025%20314%20685>
>>> ,
>>> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
>>> |
>>> www.dynatech.lv <http://www.dynatech.lv>
>>>
>>>
>>>
>>>
>>> Stay connected:
>>> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
>>> <https://www.linkedin.com/company-beta/17893047/>
>>>
>>>
>>> Confidentiality Notice: This message contains confidential
>>> information and is intended only for the named recipient(s).
>>> If you are not the addressee you may not copy, distribute or
>>> perform any other activities with this information. If you
>>> have received this transmission in error, please notify us
>>> by e-mail immediately. E-mail transmission cannot be
>>> guaranteed to be secure or error-free as information could
>>> be intercepted, corrupted, lost, destroyed, arrive late or
>>> incomplete, or contain viruses.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>
>> --
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com <http://evolveum.com>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>
>>
>>
>>
>> --
>> Best regards,
>>
>> Oleksandr Nekriach | Identity and access management engineer
>>
>> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
>>
>> +37125314685 <tel:+371%2025%20314%20685>
>> ,
>> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
>> |
>> www.dynatech.lv <http://www.dynatech.lv>
>>
>>
>>
>>
>> Stay connected:
>> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
>> <https://www.linkedin.com/company-beta/17893047/>
>>
>>
>> Confidentiality Notice: This message contains confidential
>> information and is intended only for the named recipient(s). If
>> you are not the addressee you may not copy, distribute or perform
>> any other activities with this information. If you have received
>> this transmission in error, please notify us by e-mail
>> immediately. E-mail transmission cannot be guaranteed to be
>> secure or error-free as information could be intercepted,
>> corrupted, lost, destroyed, arrive late or incomplete, or contain
>> viruses.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com <http://evolveum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> --
> Best regards,
>
> Oleksandr Nekriach | Identity and access management engineer
>
> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
>
> +37125314685 <tel:+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
> |
> www.dynatech.lv <http://www.dynatech.lv>
>
>
>
>
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
>
>
> Confidentiality Notice: This message contains confidential information
> and is intended only for the named recipient(s). If you are not the
> addressee you may not copy, distribute or perform any other activities
> with this information. If you have received this transmission in
> error, please notify us by e-mail immediately. E-mail transmission
> cannot be guaranteed to be secure or error-free as information could
> be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
> or contain viruses.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170928/0048275e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7770
Type: image/png
Size: 2602 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170928/0048275e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170928/0048275e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1502777022855-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170928/0048275e/attachment-0002.png>
More information about the midPoint
mailing list