[midPoint] Active Directory v2.0 connector and strange problems

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Wed Apr 24 17:15:09 CEST 2019


Hello Community!

I have a strange problem with my Active Directory resource (and v2.0 connector, midPoint 3.9).

The Active Directory account shadows for the mP users are duplicated somehow.
At the moment I have many users with for example 4 or 5 projections (shadows) on AD resource in the same account intent.

I cleaned this up today morning but now I see the duplicated shadows again. I don't know what is going on.

In the error log file I see entries like this:

2019-04-24 14:40:07,678 [] [midPointScheduler_Worker-31] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId Exception org.identityconnectors.framework.common.exceptions.ConnectorIOException in connector:7cba6b73-fab6-4305-ae9b-a208afae9a10(ConnId com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0): ConnectorSpec(resource:b2fdc856-6ec4-4b6a-b44b-96063b66fcba(Active Directory), name=null, oid=7cba6b73-fab6-4305-ae9b-a208afae9a10): Error adding LDAP entry 
CN=AAAAAAAA,OU=BBBBBBB,OU=CCCCCCC,OU=DDDDDDD,DC=EEEEEE,DC=FFFFFFF,DC=GG: operationsError: 000004DC: LdapErr: DSID-0C090FEF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839? (1)
org.identityconnectors.framework.common.exceptions.ConnectorIOException: Error adding LDAP entry CN=AAAAAAAA,OU=BBBBBBB,OU=CCCCCCC,OU=DDDDDDD,DC=EEEEEE,DC=FFFFFFF,DC=GG: operationsError: 000004DC: LdapErr: DSID-0C090FEF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839? (1)

The log applies to an user that already has an AD account which is correctly linked in midPoint (adding LDAP entry?)
But the connection test is passing OK, new accounts provisioning for new users is OK, If I clean up the mess with multiple shadows and run reconciliation, it finishes with no error.

Any ideas?
Thanks a lot!
WS

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.



More information about the midPoint mailing list