[midPoint] Synchronization Trouble - Active Directory to MP
Gus Lou
gugalou38 at gmail.com
Sat Dec 12 18:38:25 CET 2020
Hi Richard
I checked the permissions of the midpooint account in AD again and it is in
accordance with the guidelines in the link below:
Active Directory with LDAP connector - midPoint - Evolveum Confluence
<https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector>
I applied permissions at the domain level xyz.net
Here it is part of midpoint log:
----------------------------------------------------------------------------------------------------------------
2020-12-11 16:53:22,996 [] [Thread-327] ERROR
(com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy): method: null
msg:LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
2020-12-11 16:53:22,997 [] [midPointScheduler_Worker-2] WARN
(com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId
exception (might be handled by upper layers later)
org.identityconnectors.framework.common.exceptions.PermissionDeniedException
in connector:a0c5bb85-f4f0-4954-af1d-17ec4f27233e(ConnId
com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v3.1):
ConnectorSpec(resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa Active
Directory (LDAP)), name=null, oid=a0c5bb85-f4f0-4954-af1d-17ec4f27233e):
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50), reason: LDAP error during DirSync search: insufficientAccessRights:
00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data
0, v3839? (50) (class
org.identityconnectors.framework.common.exceptions.PermissionDeniedException)
2020-12-11 16:53:22,997 [PROVISIONING] [midPointScheduler_Worker-2] ERROR
(com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl): Got
unexpected exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
com.evolveum.midpoint.util.exception.SystemException: Got unexpected
exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)
at
com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)
at
com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)
at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)
at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)
at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)
at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)
at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)
Caused by:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
at
com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)
at
com.evolveum.polygon.connector.ldap.ad.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)
at
com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)
at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
at com.sun.proxy.$Proxy249.sync(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
at com.sun.proxy.$Proxy249.sync(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)
2020-12-11 16:53:22,997 [] [midPointScheduler_Worker-2] ERROR
(com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler): Live Sync:
Unspecified error: Got unexpected exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
com.evolveum.midpoint.util.exception.SystemException: Got unexpected
exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)
at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)
at
com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)
at
com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)
at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)
at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)
at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)
at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)
at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)
Caused by:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
(50)
at
com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)
at
com.evolveum.polygon.connector.ldap.ad.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)
at
com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)
at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
at com.sun.proxy.$Proxy249.sync(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
at com.sun.proxy.$Proxy249.sync(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)
2020-12-11 16:53:23,015 [] [midPointScheduler_Worker-2] INFO
(com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor): Task
encountered permanent error, suspending the task. Task =
Task(id:1546210629125-0-1, name:Sync: Active Directory (Groups),
oid:36d98518-9db1-49ce-a4d7-75be1047bac6)
2020-12-11 16:53:23,015 [TASK_MANAGER] [midPointScheduler_Worker-2] INFO
(com.evolveum.midpoint.task.quartzimpl.TaskManagerQuartzImpl): Suspending
tasks [Task(id:1546210629125-0-1, name:Sync: Active Directory (Groups),
oid:36d98518-9db1-49ce-a4d7-75be1047bac6)]; do not stop tasks.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Best Regards
Gus
Em sex., 11 de dez. de 2020 às 20:22, Richard Richter via midPoint <
midpoint at lists.evolveum.com> escreveu:
> Hello
>
> I have no idea why this happens, just looking at the message, it seems to
> come from *java.util.Base64.decode(...)* call, it is in the code and
> probably some Base64 encoded string is not correct.
> It always helps if you can provide also a stacktrace, part of the log or
> something. If it's easy to answer without it, it doesn't hurt. Here, I have
> no idea where the call originates from.
>
> Regards
>
> Richard Richter
> midPoint developer
>
> ------------------------------
> *From: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *Cc: *"Gus Lou" <gugalou38 at gmail.com>
> *Sent: *Friday, December 11, 2020 11:44:56 PM
> *Subject: *[midPoint] Synchronization Trouble - Active Directory to MP
>
> Hi Guys
>
> I need to import groups, users and users and their existing access into
> Active Directory to Midpoint (MP version 4.2, ADLdapConector 3.1)
>
> To achieve this goal, I did the following:
>
> 1-I imported the active directory resource template from the address below:
>
> https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml
>
> 2-I created two synchronization tasks, one for users and one for groups.
>
> When I run the synchronization tasks, I get the following error:
>
> *Unspecified error: Got unexpected exception:
> java.lang.IllegalArgumentException: Last unit does not have enough valid
> bits*
>
> I have already checked the required permissions following the guidelines
> in the link below:
>
> https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector
>
>
> Does anyone have any ideas to resolve or any other documentation that I
> can review.?
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201212/6fedbbf4/attachment-0001.htm>
More information about the midPoint
mailing list