[midPoint] Stackoverflow when configuring AdLdap connector

Nicolas Bouillon nicolas at bouillon.net
Mon Jul 22 23:18:35 CEST 2019 

Hi,

I discovered Midpoint lately and I'm evaluating how it could suit the
need we have to control our users accesses.

Unfortunately, my experience is not getting starting so good, as I
have issue when configuring my first resource with the AdLdapConnector
(midpoint 3.9).
After a bit of struggle, I finally got the configuration below working.

The configuration tests correctly, but I think when midpoint try to
get the data, I get an error 500 on the GUI, and no way to go back to
resources list (error 500 again).
(I'm testing with embedded h2 database, so the only way I found to try
again is to delete the db file)

The stacktrace in midpoint.log is not very helpful

2019-07-22 22:51:44,511 [] [http-nio-8080-exec-10] ERROR
(com.evolveum.midpoint.web.util.MidPointProfilingServletFilter):
Encountered exception: javax.servlet.ServletException: Filter
execution threw an exception
javax.servlet.ServletException: Filter execution threw an exception
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:200)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
   (...)
Caused by: java.lang.StackOverflowError: null
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1495)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)

I'm new to midpoint, so please excuse me if something is obviously
wrong in the configuration I tried.

Thank you.

Nicolas.

    <connectorConfiguration
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
        <icfc:configurationProperties
xmlns:gen449="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.ad.AdLdapConnector">
            <gen449:host>company.lan</gen449:host>
            <gen449:port>636</gen449:port>
            <gen449:connectionSecurity>ssl</gen449:connectionSecurity>
            <gen449:bindDn>CN=Service Account for LDAP
login,OU=Service Accounts,OU=Main,DC=company,DC=lan</gen449:bindDn>
            <gen449:bindPassword>
                <t:encryptedData>
                    <t:encryptionMethod>

<t:algorithm>http://www.w3.org/2001/04/xmlenc#aes128-cbc</t:algorithm>
                    </t:encryptionMethod>
                    <t:keyInfo>
                        <t:keyName>removed</t:keyName>
                    </t:keyInfo>
                    <t:cipherData>
                        <t:cipherValue>removed</t:cipherValue>
                    </t:cipherData>
                </t:encryptedData>
            </gen449:bindPassword>
            <gen449:baseContext>OU=Main,DC=company,DC=lan</gen449:baseContext>
            <gen449:servers>10.200.0.10</gen449:servers>
            <gen449:servers>10.200.0.11</gen449:servers>
            <gen449:baseContextsToSynchronize>OU=Main,DC=company,DC=lan</gen449:baseContextsToSynchronize>
            <gen449:baseContextsToSynchronize>OU=Groups,DC=company,DC=lan</gen449:baseContextsToSynchronize>
            <gen449:objectClassesToSynchronize>user</gen449:objectClassesToSynchronize>
            <gen449:objectClassesToSynchronize>group</gen449:objectClassesToSynchronize>
            <gen449:attributesToSynchronize>cn</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>distinguishedName</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>name</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>sAMAccountName</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>member</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>objectClass</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>givenName</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>displayName</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>mail</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>sn</gen449:attributesToSynchronize>
            <gen449:attributesToSynchronize>userPrincipalName</gen449:attributesToSynchronize>
        </icfc:configurationProperties>
    </connectorConfiguration>

More information about the midPoint mailing list