[midPoint] Error add credential

Mon May 25 13:22:56 CEST 2020

Hi Anton,

yes, definitely should have permissions for that.

Please check in
https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector

"Reset user passwords and force password change at next logon"

And as Davy mentioned, you also need to go with port 636 and not 389.

Last thing I remember is that AD has its own password complexity
checking and your password cannot contain username or some other AD
account attributes. You would get Unwilling to perform then.

If you encounter any incorrect documentation, please let us know.

Thanks.

Best regards,

Ivan

On 25. 5. 2020 12:05, Щенев Антон Вячеславович wrote:
> Hi, Ivan
> I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )
> I think that  bind DN  must be with the rights to change the password..
>
>
>
> С уважением, 
> Щенев Антон
>
> -----Original Message-----
> From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of midpoint-request at lists.evolveum.com
> Sent: Monday, May 25, 2020 2:49 PM
> To: midpoint at lists.evolveum.com
> Subject: midPoint Digest, Vol 97, Issue 53
>
> Send midPoint mailing list submissions to
> 	midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> 	midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> 	midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
>    1. Re: Error add credential (Ivan Noris)
>    2. User password expiration notifications (Vladislavs Filipciks)
>    3. Re: User password expiration notifications (Pálos Gustáv)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 25 May 2020 08:17:03 +0200
> From: Ivan Noris <ivan.noris at evolveum.com>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Error add credential
> Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c at evolveum.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> if you get permission denied exception from AD, then the error probably
> happens somewhere else and not in the inbound password mapping you
> pasted. Is there any outbound mapping for password as well?
>
> Ivan
>
> On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:
>> Hi,
>>
>> I get
>> error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error
>> adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:
>> DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))
>>
>> when I try to add user
>>
>> Is there not enough rights for this operation?
>> It’s absolutely certain that this problem is due to a password.
>>
>>  
>>
>> <credentials>
>>
>>             <password>
>>
>>                <inbound>
>>
>>                   <strength>weak</strength>
>>
>>                   <expression>
>>
>>                      <script>
>>
>>                         <code>basic.encrypt("??????????")</code>
>>
>>                      </script>
>>
>>                   </expression>
>>
>>                </inbound>
>>
>>             </password>
>>
>>          </credentials>
>>
>>  
>>
>> Описание: Описание: Описание: cid:image004.png at 01D47D0D.3B8B0380
>>
>>  
>>
>>  
>>
>> Суважением,
>>
>> Щенев Антон Вячеславович
>>
>>  
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com