[midPoint] Synchronization Trouble - Active Directory to MP
Gus Lou
gugalou38 at gmail.com
Mon Dec 14 20:30:03 CET 2020
My AD is a fresh installation, it has 96 objects (user accounts and groups).
Em seg., 14 de dez. de 2020 às 16:21, Al Lilianstrom via midPoint <
midpoint at lists.evolveum.com> escreveu:
> Check your paging settings
>
> AD defaults to 1000 for a page size so make sure you're set to that or less
>
> I found that
>
> pagingStrategy spr
> pagingBlockSize 500
>
> worked in my domain with ~7000 users in a single OU
>
>
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> www.fnal.gov
> lilstrom at fnal.gov
>
>
> ________________________________________
> From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Gus Lou
> via midPoint <midpoint at lists.evolveum.com>
> Sent: Monday, December 14, 2020 1:06 PM
> To: midPoint General Discussion
> Cc: Gus Lou
> Subject: Re: [midPoint] Synchronization Trouble - Active Directory to MP
>
> Sorry
>
> PS:
> The group synchronization task is now running and did not show any errors.
>
> The task of synchronizing users continues to show errors.
>
> Regards
>
> Gus
>
>
> Em seg., 14 de dez. de 2020 às 16:03, Gus Lou <gugalou38 at gmail.com<mailto:
> gugalou38 at gmail.com>> escreveu:
> Hi Al Lilianstrom
> I changed baseContext from "OU=Funcionarios,OU=Usuarios,DC=xyz,DC=net" to
> "DC=xyz,DC=net"
>
> The task of synchronizing users continues to show errors.
> I'm still investigating, but at least one item has evolved.
> Thanks for the tip about baseContext
>
> Regards
>
> Gus
>
>
> Em seg., 14 de dez. de 2020 às 14:03, Al Lilianstrom via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> escreveu:
> My test environment is midPoint 4.2 and Windows Server 2016
>
> AD sync account is non DA and granted Directory sync access at the root of
> the domain.
>
> One issue I had in getting sync to work properly was to set the
> baseContext for the AD connector to the root of the domain. I had set it
> originally to the OU I was trying to restrict my testing to and that
> prevented sync from working.
>
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> www.fnal.gov<http://www.fnal.gov>
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>
>
>
> ________________________________________
> From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:
> midpoint-bounces at lists.evolveum.com>> on behalf of Gus Lou via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
> Sent: Monday, December 14, 2020 10:51 AM
> To: midPoint General Discussion
> Cc: Gus Lou
> Subject: Re: [midPoint] Synchronization Trouble - Active Directory to MP
>
>
>
> My Active Directory is running on Windows Server 2016, does anyone run
> this version with Midpoint 4.1 or 4.2?
>
> Regards
>
> Gus
>
> Em seg., 14 de dez. de 2020 às 10:37, Al Lilianstrom via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>>
> escreveu:
> Also
>
> Check your System and Directory Service event logs on the Domain
> Controllers. There might be a hint there as to the problem.
>
>
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> www.fnal.gov<http://www.fnal.gov><http://www.fnal.gov>
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov><mailto:lilstrom at fnal.gov
> <mailto:lilstrom at fnal.gov>>
>
>
> ________________________________________
> From: Al Lilianstrom <lilstrom at fnal.gov<mailto:lilstrom at fnal.gov><mailto:
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>>>
> Sent: Monday, December 14, 2020 7:19 AM
> To: midPoint General Discussion
> Subject: Re: [midPoint] Synchronization Trouble - Active Directory to MP
>
>
> Gus,
>
> Please pull the DA permissions as soon as you can
>
> Replicating directory changes is necessary. Check for that.
>
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> www.fnal.gov<http://www.fnal.gov><http://www.fnal.gov>
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov><mailto:lilstrom at fnal.gov
> <mailto:lilstrom at fnal.gov>>
>
>
> ________________________________________
> From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:
> midpoint-bounces at lists.evolveum.com><mailto:
> midpoint-bounces at lists.evolveum.com<mailto:
> midpoint-bounces at lists.evolveum.com>>> on behalf of Gus Lou via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>>
> Sent: Monday, December 14, 2020 7:00 AM
> To: midPoint General Discussion
> Cc: Gus Lou
> Subject: Re: [midPoint] Synchronization Trouble - Active Directory to MP
>
> Hi Ivan
>
> I'm checking the permissions again. I assigned full control permission at
> the domain level to the midpoint bind account in the active directory and
> enabled inheritance for all objects. It also assigns domain admin
> permission as well. I know that both permissions are not necessary and not
> recommended as they are highly permissive, but it was the way I found to
> try to eliminate possible permission errors.
> But unfortunately the problems persist.
> I will continue to investigate.
>
> Regards
>
> Gus
>
>
> Em seg., 14 de dez. de 2020 às 09:49, Ivan Noris via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>>>
> escreveu:
>
> Hi Gus,
>
> seems to be permission problem in your AD.
>
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
>
>
> Best regards,
>
> Ivan
>
> On 12. 12. 2020 18:38, Gus Lou via midPoint wrote:
> Hi Richard
> I checked the permissions of the midpooint account in AD again and it is
> in accordance with the guidelines in the link below:
> Active Directory with LDAP connector - midPoint - Evolveum Confluence<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_Active-2BDirectory-2Bwith-2BLDAP-2Bconnector&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=lHe5YrQxLZ9dY8yXVQ8agTsQ5ligaXbx6hhseaon4ig&e=
> >
>
> I applied permissions at the domain level xyz.net<
> https://urldefense.proofpoint.com/v2/url?u=http-3A__xyz.net&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=rMOLUi8qLyBnZOHEAECxMhI3cUYgoP2tCJjXS_JPnII&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__xyz.net&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=eviNFLKCYKRsy_ywcGQhBQDY4-yWtipRraU9QTwXaFg&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__xyz.net&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=x6rOMc9P-OQ_aUeBF43Xg7Vv_j0lMAyQgdUdwLIbiFk&e=
> >
>
> Here it is part of midpoint log:
>
> ----------------------------------------------------------------------------------------------------------------
> 2020-12-11 16:53:22,996 [] [Thread-327] ERROR
> (com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy): method: null
> msg:LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> 2020-12-11 16:53:22,997 [] [midPointScheduler_Worker-2] WARN
> (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId
> exception (might be handled by upper layers later)
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException
> in connector:a0c5bb85-f4f0-4954-af1d-17ec4f27233e(ConnId
> com.evolveum.polygon.connector.ldap.ad<
> https://urldefense.proofpoint.com/v2/url?u=http-3A__com.evolveum.polygon.connector.ldap.ad&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=cT-zPgsJDBPSqaQZqtskqYDtVq9NPqNLyUw9UWUa-zk&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__connector.ldap.ad&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=zPKSSIXl3fZVpNvhm4TkLk4tj7Rnyo-UssDnjCMdYUE&e=>.AdLdapConnector
> v3.1): ConnectorSpec(resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa
> Active Directory (LDAP)), name=null,
> oid=a0c5bb85-f4f0-4954-af1d-17ec4f27233e): LDAP error during DirSync
> search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9,
> comment: Error processing control, data 0, v3839? (50), reason: LDAP error
> during DirSync search: insufficientAccessRights: 00002105: LdapErr:
> DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)
> (class
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException)
> 2020-12-11 16:53:22,997 [PROVISIONING] [midPointScheduler_Worker-2] ERROR
> (com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl): Got
> unexpected exception:
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> com.evolveum.midpoint.util.exception.SystemException: Got unexpected
> exception:
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)
> at
> com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)
> at
> com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)
> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
> at
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)
> Caused by:
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> at
> com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)
> at com.evolveum.polygon.connector.ldap.ad<
> https://urldefense.proofpoint.com/v2/url?u=http-3A__com.evolveum.polygon.connector.ldap.ad&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=cT-zPgsJDBPSqaQZqtskqYDtVq9NPqNLyUw9UWUa-zk&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__connector.ldap.ad&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=zPKSSIXl3fZVpNvhm4TkLk4tj7Rnyo-UssDnjCMdYUE&e=
> >.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)
> at
> com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)
> at
> org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)
> at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
> at com.sun.proxy.$Proxy249.sync(Unknown Source)
> at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
> at com.sun.proxy.$Proxy249.sync(Unknown Source)
> at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)
> 2020-12-11 16:53:22,997 [] [midPointScheduler_Worker-2] ERROR
> (com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler): Live Sync:
> Unspecified error: Got unexpected exception:
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> com.evolveum.midpoint.util.exception.SystemException: Got unexpected
> exception:
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)
> at
> com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)
> at
> com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)
> at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)
> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
> at
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)
> Caused by:
> org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
> LDAP error during DirSync search: insufficientAccessRights: 00002105:
> LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839?
> (50)
> at
> com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)
> at com.evolveum.polygon.connector.ldap.ad<
> https://urldefense.proofpoint.com/v2/url?u=http-3A__com.evolveum.polygon.connector.ldap.ad&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=cT-zPgsJDBPSqaQZqtskqYDtVq9NPqNLyUw9UWUa-zk&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__connector.ldap.ad&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=zPKSSIXl3fZVpNvhm4TkLk4tj7Rnyo-UssDnjCMdYUE&e=
> >.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)
> at
> com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)
> at
> org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)
> at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
> at com.sun.proxy.$Proxy249.sync(Unknown Source)
> at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
> at com.sun.proxy.$Proxy249.sync(Unknown Source)
> at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)
> 2020-12-11 16:53:23,015 [] [midPointScheduler_Worker-2] INFO
> (com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor): Task
> encountered permanent error, suspending the task. Task =
> Task(id:1546210629125-0-1, name:Sync: Active Directory (Groups),
> oid:36d98518-9db1-49ce-a4d7-75be1047bac6)
> 2020-12-11 16:53:23,015 [TASK_MANAGER] [midPointScheduler_Worker-2] INFO
> (com.evolveum.midpoint.task.quartzimpl.TaskManagerQuartzImpl): Suspending
> tasks [Task(id:1546210629125-0-1, name:Sync: Active Directory (Groups),
> oid:36d98518-9db1-49ce-a4d7-75be1047bac6)]; do not stop tasks.
>
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Best Regards
>
> Gus
>
>
>
> Em sex., 11 de dez. de 2020 às 20:22, Richard Richter via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com><mailto:
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>>>
> escreveu:
> Hello
>
> I have no idea why this happens, just looking at the message, it seems to
> come from java.util.Base64.decode(...) call, it is in the code and probably
> some Base64 encoded string is not correct.
> It always helps if you can provide also a stacktrace, part of the log or
> something. If it's easy to answer without it, it doesn't hurt. Here, I have
> no idea where the call originates from.
>
> Regards
>
> Richard Richter
> midPoint developer
>
> ________________________________
> From: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com>><mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com>>>>
> To: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com>><mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com>>>>
> Cc: "Gus Lou" <gugalou38 at gmail.com<mailto:gugalou38 at gmail.com><mailto:
> gugalou38 at gmail.com<mailto:gugalou38 at gmail.com>><mailto:
> gugalou38 at gmail.com<mailto:gugalou38 at gmail.com><mailto:gugalou38 at gmail.com
> <mailto:gugalou38 at gmail.com>>>>
> Sent: Friday, December 11, 2020 11:44:56 PM
> Subject: [midPoint] Synchronization Trouble - Active Directory to MP
>
> Hi Guys
>
> I need to import groups, users and users and their existing access into
> Active Directory to Midpoint (MP version 4.2, ADLdapConector 3.1)
>
> To achieve this goal, I did the following:
>
> 1-I imported the active directory resource template from the address below:
>
> https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml
> <
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Evolveum_midpoint-2Dsamples_blob_master_samples_resources_ad-2Dldap_ad-2Dldap-2Dmedusa-2Dmedium.xml&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=-xqRAsLpPFBzE5ODRgR5fCE370DVC2JI8f3fO6aL00Y&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Evolveum_midpoint-2Dsamples_blob_master_samples_resources_ad-2Dldap_ad-2Dldap-2Dmedusa-2Dmedium.xml&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=9yP12hvPUSwi7Te3O8h4xFggK_S13QJjJ1R_9jqdYvw&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Evolveum_midpoint-2Dsamples_blob_master_samples_resources_ad-2Dldap_ad-2Dldap-2Dmedusa-2Dmedium.xml&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=bVVmWuKEVUDl6AusI04NjeiRqTBkD2Ktg23DkJaiIZI&e=
> >
>
> 2-I created two synchronization tasks, one for users and one for groups.
>
> When I run the synchronization tasks, I get the following error:
>
> Unspecified error: Got unexpected exception:
> java.lang.IllegalArgumentException: Last unit does not have enough valid
> bits
>
> I have already checked the required permissions following the guidelines
> in the link below:
>
> https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector
> <
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_Active-2BDirectory-2Bwith-2BLDAP-2Bconnector&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=K1xYLaOcB5ZHRfg5Aow3RbCAWnJrtdodhX0vaAct7eQ&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_Active-2BDirectory-2Bwith-2BLDAP-2Bconnector&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=4iyUJ5oQ6Ewa9sZDg6ax3PxmA4HkygIkWSNExdZshSg&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_Active-2BDirectory-2Bwith-2BLDAP-2Bconnector&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=lHe5YrQxLZ9dY8yXVQ8agTsQ5ligaXbx6hhseaon4ig&e=
> >
>
>
> Does anyone have any ideas to resolve or any other documentation that I
> can review.?
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>>>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=fB6dtwHjhFwkI16IiimCy3fhh63poBycUhh0n2M2x_w&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=ATLdnWzKazUTJXbWbc0e8YoGe6hA1j_6j8U92u2ncNc&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=fu0kKh3PJtFtx1S7XMUYcbuU4mxOMy_qdu1CnIGOi1s&e=
> >
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>>>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=fB6dtwHjhFwkI16IiimCy3fhh63poBycUhh0n2M2x_w&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=ATLdnWzKazUTJXbWbc0e8YoGe6hA1j_6j8U92u2ncNc&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=fu0kKh3PJtFtx1S7XMUYcbuU4mxOMy_qdu1CnIGOi1s&e=
> >
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>>>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=fB6dtwHjhFwkI16IiimCy3fhh63poBycUhh0n2M2x_w&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=ATLdnWzKazUTJXbWbc0e8YoGe6hA1j_6j8U92u2ncNc&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=fu0kKh3PJtFtx1S7XMUYcbuU4mxOMy_qdu1CnIGOi1s&e=
> >
>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com<
> https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=Oao-ew8EOECZQ9Hg_5yGPi2OCqArBqHEh6DW5DO3NIM&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=yCD-kBBZoT459ZC4HFqoU4CaOUXZ0ifqSglVGxcOEUU&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=JqE8PF_lIP5TxW9nhmnWfhsO2uYb3OrjAV8HReP_WN4&e=
> >
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>>>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=fB6dtwHjhFwkI16IiimCy3fhh63poBycUhh0n2M2x_w&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=ATLdnWzKazUTJXbWbc0e8YoGe6hA1j_6j8U92u2ncNc&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=t3Y2sKnNRhcFDCgp_cjRSkN2sOieLk7ktdB0p5trDAg&s=fu0kKh3PJtFtx1S7XMUYcbuU4mxOMy_qdu1CnIGOi1s&e=
> >
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=fB6dtwHjhFwkI16IiimCy3fhh63poBycUhh0n2M2x_w&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=GpSagELmz_koDWUzSAJN_NRBaoW_Iu2SMLtXsJwLbwE&s=ATLdnWzKazUTJXbWbc0e8YoGe6hA1j_6j8U92u2ncNc&e=
> >
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=UB88hlhLNHTOiEXGUk7yMagyQiQ9mFigIhYYxng3NnQ&s=fB6dtwHjhFwkI16IiimCy3fhh63poBycUhh0n2M2x_w&e=
> >
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201214/8a999baa/attachment-0001.htm>
More information about the midPoint
mailing list