[midPoint] Recompute all users is not working for me
Gus Lou
gugalou38 at gmail.com
Mon Jun 22 19:12:09 CEST 2020
Hi Guys
I tried to perform a reconciliation task instead of recompute.
Users were assigned to the new group inserted in the role rbac, but the
task had several errors.
Analyzing the midpoint logs I detected the following:
020-06-22 13:53:08,868 [SYNCHRONIZATION_SERVICE]
[midPointScheduler_Worker-6] ERROR
(com.evolveum.midpoint.model.impl.sync.SynchronizationServiceImpl):
SYNCHRONIZATION: Error in synchronization on
resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa Active Directory
(LDAP)) for situation LINKED: SchemaException: Expected to find 'UserType'
but found 'RoleType'
(role:9d22cbe8-c67f-4248-9c21-26aa7ce2215f(gs_jira_sec_soc)). Bad OID in a
reference?. Change was
ResourceObjectShadowChangeDescription(objectDelta=null,
currentShadow=shadow:7bdf855b-b748-4b94-9a23-037f32021005(CN=gs_jira_sec_soc,OU=Usuarios,DC=xyz,DC=net),
oldShadow=null, sourceChannel=
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#reconciliation,
resource=resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa Active
Directory (LDAP)))
com.evolveum.midpoint.util.exception.SchemaException: Expected to find
'UserType' but found 'RoleType'
(role:9d22cbe8-c67f-4248-9c21-26aa7ce2215f(gs_jira_sec_soc)). Bad OID in a
reference?
Regards
Gus
Em seg., 22 de jun. de 2020 às 11:02, Gus Lou <gugalou38 at gmail.com>
escreveu:
> Hi Ivan
>
> I've attached my configs:
> Resource: AD Resource
> Role: Rbac Role - SOC - Sec
> Role: Metarole AD Group
> Role: gs_snow_sec_soc
> Role: gs_jira_sec_soc
> Role: gs_spo_sec_soc
>
> I checked the mapping and there is only one field like strong in my
> Resource - AD:
> <attribute id="18">
> <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:description</c:ref>
> <outbound>
> <strength>strong</strength>
> <source>
> <c:path>description</c:path>
> </source>
> </outbound>
> <inbound id="20">
> <target>
> <c:path>description</c:path>
> </target>
> </inbound>
> </attribute>
>
> Best Regards
>
> Gus
>
>
> Em seg., 22 de jun. de 2020 às 08:29, Ivan Noris <ivan.noris at evolveum.com>
> escreveu:
>
>> Hi Gus,
>>
>> I don't know if you are referring to a specific sample, e.g. for the
>> metarole.
>>
>> Sharing it would be helpful.
>>
>> So far my only idea is to check if the (2nd order) mapping for
>> association has strong strength.
>>
>> Best regards,
>>
>> Ivan
>> On 22. 6. 2020 1:18, Gus Lou wrote:
>>
>> Hi Guys
>> I need the permissions of users assigned to a Role (Rbac role named "Sec
>> - SOC") to be updated after adding a new group (gs_spo_sec_soc) to this
>> Role.
>> After adding the group to the role, I ran a recompute task, I expected
>> the new group to be added to users but it didn't. If I add a new user to
>> the role he receives all groups.
>>
>> Did I do something wrong, did any steps miss?
>>
>> I followed the instructions on the wiki:
>> https://wiki.evolveum.com/display/midPoint/Recompute+Task
>>
>> And also in this thread:
>> https://lists.evolveum.com/pipermail/midpoint/2014-November/000639.html
>>
>> *My Lab*
>> 01 Midpoint 4.1
>> 01 Active Directory (Connector Ldap / AD 3.0) Resource
>> 01 Metarole: "Metarole for groups - AD" (inducement to Active Directory
>> (LDAP) Resource
>> 03 Groups (gs_snow_sec_soc, gs_jira_sec_soc, gs_spo_sec_soc) assigned to
>> Metarole
>> 01 Rbac Role "Sec - SOC" inducements (gs_snow_sec_soc, gs_jira_sec_soc,
>> gs_spo_sec_soc)
>>
>>
>> Best Regards
>> Gus
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ivan Noris
>> Senior Identity Engineerevolveum.com
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200622/1a1946b2/attachment.htm>
More information about the midPoint
mailing list