[midPoint] MidPoint gives error (OpenLDAP)

Parttimaa Jan jan.parttimaa at myy.haaga-helia.fi
Thu Nov 8 17:28:20 CET 2018


Hi,

I’m quite a noob of this Midpoint and IdM in general so I think I don’t understand what do you trying to say, sorry about that :/ This is a school project what I am doing right now.

Could you clarify what should I do?

Here is my resource file<https://haagahelia-my.sharepoint.com/:u:/g/personal/a1602738_myy_haaga-helia_fi/EclOfC2uQcNBlYxU8soVOh4BH-lH8EGUnbBGfu640USiOQ?e=L633nn> and here is my meta group file<https://haagahelia-my.sharepoint.com/:u:/g/personal/a1602738_myy_haaga-helia_fi/EYECsxDVixVPj-7vhQ0F5qABQM8fwRHsXNPxA6Gh-J3LEg?e=GgONEe>. My installed schema is here<https://github.com/Evolveum/midpoint/blob/master/testing/story/src/test/resources/schema/unix.xsd>.

I tried to do just like they said on this blog post<https://evolveum.com/blog/simplifying-ldap-group-management-using-midpoint-posix-groups/> (check also comments).

Best Regards,
Jan Parttimaa

Jan Parttimaa
1602738,
Tietojenkäsittelyn koulutusohjelma,
Haaga-Helia ammattikorkeakoulu, Pasilan kampus

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Arnošt Starosta - AMI Praha a.s.
Sent: torstai 8. marraskuuta 2018 16.10
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] MidPoint gives error (OpenLDAP)

So the extension is there, that's good news.

From the second screenshot it seems your mapping 'sequenceGID' is in resource schema handling for different object type. I guess you want to map the unix groups to roles, not 'user' type.

Please check your resource definition - the objectClass in schema handling must match the intended complexType in your schema. If in doubt, look in one of the many resource examples in the midpoint/samples directory. This is the first one i found

https://github.com/Evolveum/midpoint/blob/680ca92b5c7cf4173f41cc04be4e1256d0d0dfb6/samples/demo-rs/resource-ldap-openldap.xml#L115

arnost

čt 8. 11. 2018 v 14:27 odesílatel Parttimaa Jan <jan.parttimaa at myy.haaga-helia.fi<mailto:jan.parttimaa at myy.haaga-helia.fi>> napsal:

Hi Arnošt,



Thank you for the response. Here is my answers:



"can you see the 'gidNumber' attribute in GUI when you create new role manually (there is that tricky checkbox to show all attributes)?"



Yes. Here is the screenshot<https://haagahelia-my.sharepoint.com/:i:/g/personal/a1602738_myy_haaga-helia_fi/EVdscvFhPhRDrSMwmnp_MO8BGx170aBLp0WO3X8pzp3Fjw?e=imUs9g>.



"If you can't midpoint does not see your role schema extension. In your startup log there is a line 'Loading extension schemas from folder /home/....' or similar that points to the right folder for extensions. Are there any extension related problems in the log?"



I'm not sure. I took copy from my log file. Can you find something odd? Copy of the log is here: midpoint.log<https://haagahelia-my.sharepoint.com/:u:/g/personal/a1602738_myy_haaga-helia_fi/EXi1-vQly0BMlAo933RjCcIB3N6ONsBnNUoJj56PRQXmxA?e=gs0Uv3>. On this log there are no sensitive and private information.



"Also check your file and folder permissions if on linux."



My schema-folder (/opt/midpoint/var/schema) rights are following:



Octal: 0750

Group: root

Owner: root



And schema extension file (unix.xsd) was following ones:



Octal: 0744

Group: root

Owner: root



I also discover this error message on "Resource -> [my resource name] -> "Show using wizard":



screenshot2.PNG<https://haagahelia-my.sharepoint.com/:i:/g/personal/a1602738_myy_haaga-helia_fi/EbuDUktIqq5CkKcYfuKsuMQBrUW2RJBstZb_zYeNEV8YFg?e=SPJQFO>

Could this be the main problem for this issue?



Best Regards,

Jan Parttimaa



Jan Parttimaa

1602738,

Tietojenkäsittelyn koulutusohjelma,

Haaga-Helia ammattikorkeakoulu, Pasilan kampus

________________________________
Lähettäjä: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> käyttäjän Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz<mailto:arnost.starosta at ami.cz>> puolesta
Lähetetty: torstai 8. marraskuuta 2018 11.18
Vastaanottaja: midPoint General Discussion
Aihe: Re: [midPoint] MidPoint gives error (OpenLDAP)

Hi Jan,

can you see the 'gidNumber' attribute in GUI when you create new role manually (there is that tricky checkbox to show all attributes)?

If you can't midpoint does not see your role schema extension. In your startup log there is a line 'Loading extension schemas from folder /home/....' or similar that points to the right folder for extensions. Are there any extension related problems in the log? Also check your file and folder permissions if on linux.

arnost

st 7. 11. 2018 v 13:56 odesílatel Parttimaa Jan <jan.parttimaa at myy.haaga-helia.fi<mailto:jan.parttimaa at myy.haaga-helia.fi>> napsal:

Hi,



I'm trying to add new Posix group called "linux-group" to Midpoint but the Midpoint gives following error:



No target item that would conform to the path extension/gidNumber in mapping 'sequenceGID' in role:31ea66ac-1a8e-11e5-8ab8-001e8c717e5b(LDAP Unix Group Metarole) in delta for role:null(linux-group)



The complete error is in the attachments.



I have installed this schema<https://raw.githubusercontent.com/Evolveum/midpoint/master/testing/story/src/test/resources/schema/unix.xsd> to Midpoint on the following location ("/opt/midpoint/var/schema"). I have also checked this wiki article<https://wiki.evolveum.com/display/midPoint/LDAP+PosixAccount+and+PosixGroup+Management> (including imported all files in the table) and this blog post<https://evolveum.com/blog/simplifying-ldap-group-management-using-midpoint-posix-groups/>.



What should I do so I can make Posix groups?



I use MidPoint 3.8. OpenLDAP server has been connected successfully to MidPoint.



Best regards,

Jan Parttimaa



Jan Parttimaa

1602738,

Tietojenkäsittelyn koulutusohjelma,

Haaga-Helia ammattikorkeakoulu, Pasilan kampus
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--


Arnošt Starosta
solution architect



gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz<mailto:arnost.starosta at ami.cz>



AMI Praha a.s.
Pláničkova 11, 162 00 Praha 6



tel.: [+420] 274 783 239 | web: www.ami.cz<http://dtp.ami.cz/www.ami.cz>



[AMI Praha a.s.]



Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.



Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním s neoprávněně získanými informacemi se vystavujete riziku právního postihu.

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--


Arnošt Starosta
solution architect



gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz<mailto:arnost.starosta at ami.cz>



AMI Praha a.s.
Pláničkova 11, 162 00 Praha 6



tel.: [+420] 274 783 239 | web: www.ami.cz<http://dtp.ami.cz/www.ami.cz>



[AMI Praha a.s.]



Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.



Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním s neoprávněně získanými informacemi se vystavujete riziku právního postihu.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181108/86bb1aa5/attachment.htm>


More information about the midPoint mailing list