[midPoint] Recompute all users is not working for me
Gus Lou
gugalou38 at gmail.com
Mon Jun 22 19:39:32 CEST 2020
Sorry Guys, my mistake
My Recon Task was config with ri:group rather than ri:user
Still unable to recompute
Regards
Gus
Em seg., 22 de jun. de 2020 às 14:12, Gus Lou <gugalou38 at gmail.com>
escreveu:
> Hi Guys
>
> I tried to perform a reconciliation task instead of recompute.
> Users were assigned to the new group inserted in the role rbac, but the
> task had several errors.
> Analyzing the midpoint logs I detected the following:
>
> 020-06-22 13:53:08,868 [SYNCHRONIZATION_SERVICE]
> [midPointScheduler_Worker-6] ERROR
> (com.evolveum.midpoint.model.impl.sync.SynchronizationServiceImpl):
> SYNCHRONIZATION: Error in synchronization on
> resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa Active Directory
> (LDAP)) for situation LINKED: SchemaException: Expected to find 'UserType'
> but found 'RoleType'
> (role:9d22cbe8-c67f-4248-9c21-26aa7ce2215f(gs_jira_sec_soc)). Bad OID in a
> reference?. Change was
> ResourceObjectShadowChangeDescription(objectDelta=null,
> currentShadow=shadow:7bdf855b-b748-4b94-9a23-037f32021005(CN=gs_jira_sec_soc,OU=Usuarios,DC=xyz,DC=net),
> oldShadow=null, sourceChannel=
> http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#reconciliation,
> resource=resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa Active
> Directory (LDAP)))
> com.evolveum.midpoint.util.exception.SchemaException: Expected to find
> 'UserType' but found 'RoleType'
> (role:9d22cbe8-c67f-4248-9c21-26aa7ce2215f(gs_jira_sec_soc)). Bad OID in a
> reference?
>
> Regards
>
> Gus
>
> Em seg., 22 de jun. de 2020 às 11:02, Gus Lou <gugalou38 at gmail.com>
> escreveu:
>
>> Hi Ivan
>>
>> I've attached my configs:
>> Resource: AD Resource
>> Role: Rbac Role - SOC - Sec
>> Role: Metarole AD Group
>> Role: gs_snow_sec_soc
>> Role: gs_jira_sec_soc
>> Role: gs_spo_sec_soc
>>
>> I checked the mapping and there is only one field like strong in my
>> Resource - AD:
>> <attribute id="18">
>> <c:ref xmlns:ri="
>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>> ">ri:description</c:ref>
>> <outbound>
>> <strength>strong</strength>
>> <source>
>> <c:path>description</c:path>
>> </source>
>> </outbound>
>> <inbound id="20">
>> <target>
>> <c:path>description</c:path>
>> </target>
>> </inbound>
>> </attribute>
>>
>> Best Regards
>>
>> Gus
>>
>>
>> Em seg., 22 de jun. de 2020 às 08:29, Ivan Noris <ivan.noris at evolveum.com>
>> escreveu:
>>
>>> Hi Gus,
>>>
>>> I don't know if you are referring to a specific sample, e.g. for the
>>> metarole.
>>>
>>> Sharing it would be helpful.
>>>
>>> So far my only idea is to check if the (2nd order) mapping for
>>> association has strong strength.
>>>
>>> Best regards,
>>>
>>> Ivan
>>> On 22. 6. 2020 1:18, Gus Lou wrote:
>>>
>>> Hi Guys
>>> I need the permissions of users assigned to a Role (Rbac role named "Sec
>>> - SOC") to be updated after adding a new group (gs_spo_sec_soc) to this
>>> Role.
>>> After adding the group to the role, I ran a recompute task, I expected
>>> the new group to be added to users but it didn't. If I add a new user to
>>> the role he receives all groups.
>>>
>>> Did I do something wrong, did any steps miss?
>>>
>>> I followed the instructions on the wiki:
>>> https://wiki.evolveum.com/display/midPoint/Recompute+Task
>>>
>>> And also in this thread:
>>> https://lists.evolveum.com/pipermail/midpoint/2014-November/000639.html
>>>
>>> *My Lab*
>>> 01 Midpoint 4.1
>>> 01 Active Directory (Connector Ldap / AD 3.0) Resource
>>> 01 Metarole: "Metarole for groups - AD" (inducement to Active Directory
>>> (LDAP) Resource
>>> 03 Groups (gs_snow_sec_soc, gs_jira_sec_soc, gs_spo_sec_soc) assigned to
>>> Metarole
>>> 01 Rbac Role "Sec - SOC" inducements (gs_snow_sec_soc, gs_jira_sec_soc,
>>> gs_spo_sec_soc)
>>>
>>>
>>> Best Regards
>>> Gus
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> --
>>> Ivan Noris
>>> Senior Identity Engineerevolveum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200622/e6dec67d/attachment.htm>
More information about the midPoint
mailing list