[midPoint] midPoint gives a critical error on protected account (AD)

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Thu Feb 28 09:45:21 CET 2019


I removed the shadow from repository. Now it's working.

The problem was (i think):
1. this account was created as not protected in AD.
2. midPoint tried to process this account but the access rights of mP AD user were insufficient so the operation failed.
3. Then the account was marked as "Protected" in AD schema handling.
4. In the shadow were failed operations saved that midPoint was trying to finish though the account was marked as "protected" meanwhile.

Regards!
WS

W dniu 21.02.2019 o 08:35, Oleksandr Nekriach pisze:
> Hi,
> It is not about IDM.
> The "Insufficient access rights"  is a typical AD error, so you should find what is wrong with access rights on AD.
> On IDM you can check only what attribute IDM tries to modify.
> 
> On Wed, 20 Feb 2019 at 22:41, Wojciech Staszewski <wojciech.staszewski at diagnostyka.pl <mailto:wojciech.staszewski at diagnostyka.pl>> wrote:
> 
>     Hello everybody!
> 
>     The Active Directory account reconciliation task is stopping with
>     critical error on **protected** account.
> 
>     Screenshot:
>     https://www.skygge.com/midpoint/AD_critical_error_protected_account.png
> 
>     As usual, I have no idea what is the cause and I'll be grateful for any
>     help.
> 
>     Thanks,
>     WS
> 
>     -- 
>     Wojciech Staszewski
>     Administrator Systemów Sieciowych
>     www.diagnostyka.pl <http://www.diagnostyka.pl>
>     Diagnostyka Sp. z o. o.
>     ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
>     Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
>     NIP: 675-12-65-009; REGON: 356366975
>     Kapitał zakładowy: 33 756 500 zł.
> 
>     Pomyśl o środowisku zanim wydrukujesz ten e-mail.
> 
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> 
> 
> -- 
> Best regards,
> 
> 
> 
> Oleksandr Nekriach | Identity and access management engineer
> 
> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
> 
> +37125314685 <tel:+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
> |
> www.dynatech.lv <http://www.dynatech.lv>
> 
> 
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
> 
> 
> Confidentiality Notice: This message contains confidential information and is intended only for the named recipient(s). If you are not the addressee you may not copy, distribute or perform any other activities with this information. If you have received this transmission in error, please notify us by e-mail immediately. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.



More information about the midPoint mailing list