[midPoint] Active Directory v2.0 connector and strange problems
Wojciech Staszewski
wojciech.staszewski at diagnostyka.pl
Tue Apr 30 08:46:53 CEST 2019
Thanks Petr!
According to the info at Evolveum web page, the 2.1 version has a new option for SSL certificate validation only.
There is no changelog/release notes available where we could read what else this version provides: fixed bugs, enhancements, or anything else.
Or I cannot find it.
I had to switch back to v1.6-SNAPSHOT and there's a second day with no issues for now:
[code] select name_orig, count(name_orig) from m_object where name_orig like 'CN=%' group by name_orig having count(name_orig)>1; [/code]
RESULT: 0
At this moment I consider the v2.0 as useless for production usage because of the bugs.
Of course I have to wait for one of the subscribers to confirm this issue.
Best regards!
WS
W dniu 24.04.2019 o 21:02, Petr Gašparík - AMI Praha a.s. pisze:
> Hi Wojciech,
> there's already 2.1 version, maybe it will help?
> https://github.com/Evolveum/connector-ldap/tree/v2.1
>
> --
>
> s pozdravem
>
> *Petr Gašparík*
> solution architect
>
> gsm: [+420] 603 523 860
> e‑mail: petr.gasparik at ami.cz <mailto:petr.gasparik at ami.cz>
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz>
>
> AMI Praha a.s.
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
>
>
>
> st 24. 4. 2019 v 17:16 odesílatel Wojciech Staszewski <wojciech.staszewski at diagnostyka.pl <mailto:wojciech.staszewski at diagnostyka.pl>> napsal:
>
> Hello Community!
>
> I have a strange problem with my Active Directory resource (and v2.0 connector, midPoint 3.9).
>
> The Active Directory account shadows for the mP users are duplicated somehow.
> At the moment I have many users with for example 4 or 5 projections (shadows) on AD resource in the same account intent.
>
> I cleaned this up today morning but now I see the duplicated shadows again. I don't know what is going on.
>
> In the error log file I see entries like this:
>
> 2019-04-24 14:40:07,678 [] [midPointScheduler_Worker-31] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId Exception org.identityconnectors.framework.common.exceptions.ConnectorIOException in connector:7cba6b73-fab6-4305-ae9b-a208afae9a10(ConnId com.evolveum.polygon.connector.ldap.ad <http://connector.ldap.ad>.AdLdapConnector v2.0): ConnectorSpec(resource:b2fdc856-6ec4-4b6a-b44b-96063b66fcba(Active Directory), name=null, oid=7cba6b73-fab6-4305-ae9b-a208afae9a10):
> Error adding LDAP entry
> CN=AAAAAAAA,OU=BBBBBBB,OU=CCCCCCC,OU=DDDDDDD,DC=EEEEEE,DC=FFFFFFF,DC=GG: operationsError: 000004DC: LdapErr: DSID-0C090FEF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839? (1)
> org.identityconnectors.framework.common.exceptions.ConnectorIOException: Error adding LDAP entry CN=AAAAAAAA,OU=BBBBBBB,OU=CCCCCCC,OU=DDDDDDD,DC=EEEEEE,DC=FFFFFFF,DC=GG: operationsError: 000004DC: LdapErr: DSID-0C090FEF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839? (1)
>
> The log applies to an user that already has an AD account which is correctly linked in midPoint (adding LDAP entry?)
> But the connection test is passing OK, new accounts provisioning for new users is OK, If I clean up the mess with multiple shadows and run reconciliation, it finishes with no error.
>
> Any ideas?
> Thanks a lot!
> WS
>
> --
> Wojciech Staszewski
> Administrator Systemów Sieciowych
> www.diagnostyka.pl <http://www.diagnostyka.pl>
> Diagnostyka Sp. z o. o.
> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
> NIP: 675-12-65-009; REGON: 356366975
> Kapitał zakładowy: 33 756 500 zł.
>
> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
--
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.
Pomyśl o środowisku zanim wydrukujesz ten e-mail.
More information about the midPoint
mailing list