[midPoint] unavailableCriticalExtension: 000020EF: SvcErr: DSID-03140552, problem 5010 (UNAVAIL_EXTENSION)
Radovan Semancik
radovan.semancik at evolveum.com
Thu Jul 25 11:26:51 CEST 2019
Hi,
LDAP protocol is extensible by using a mechanisms of extended operations
and controls. This error suggests, that AD does not support one of the
controls that are used in operation that midPoint has requested. You can
have a look at AD log files and hope that you will find more information
as to which particular control is not supported. Or you can contact
Microsoft support. However, according to my experience, both are quite
pointless exercises. When it comes to that particular technology,
trial-and-error is the best approach that I could find.
Therefore I would suggest to follow our troubleshooting guide:
https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Troubleshooting
I would recommend to find the LDAP operation that caused the error. The
connector should log all important parts of the operations, including
the controls. Look for "controls=....". One of those controls is
probably the cause of the problem. Once you know what control is the
problem, you can try enable that control in the AD. Or, if that is not
possible, then the connector has several configuration options that
control the use those LDAP controls. However, the connector is only
using a very basic set of controls that make LDAP protocol barely usable
for IDM purposes. Disabling any of them may affect usability of
midPoint's connection to AD. But I'm speculating here. Let's see what
control is the problem first.
--
Radovan Semancik
Software Architect
evolveum.com
On 7/24/19 3:44 PM, JStanczak at vinu.edu wrote:
> When accessing all users on the resource I get the below error.
> Searching for users works fine too. Is this some AD limitation?
>
>
> com.evolveum.polygon.connector.ldap.ad.AdLdapConnector - 2.0
> java.version - 1.8.0_191
> Version - 3.9
> ConnId framework version - 1.5.0.0
>
> com.evolveum.midpoint.util.exception.CommunicationException: Error
> communicating with the connector
> ConnectorInstanceIcfImpl(connector:cd7ec95b-9007-47b4-b6f6-9a95ec085f68(ConnId
> com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0)): IO
> error:
> org.identityconnectors.framework.common.exceptions.ConnectorIOException(LDAP
> error during search in DC=local-test,DC=vinu,DC=edu:
> unavailableCriticalExtension: 000020EF: SvcErr: DSID-03140552, problem
> 5010 (UNAVAIL_EXTENSION), data 0?? (12))
> at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1330)
>
> Thanks.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190725/150aefd7/attachment.htm>
More information about the midPoint
mailing list