[midPoint] Active Directory Bind Error

Brandon Powers brandon at exclamationlabs.com
Tue Nov 24 23:06:32 CET 2020 

Hey MidPoint Community!

We are currently struggling with an Active Directory Connector/connectivity
issue that we have not encountered in any other midPoint implementation to
date, and hoping someone may be able to shed some light or provide some
guidance.

*Short Summary:*
Receiving the following error *occasionally* when importing many Active
Directory accounts using the Active Directory (LDAP) Connector.
*Error Message:* In order to perform this operation a successful bind must
be completed on the connection.

*Context:*
MidPoint Version: 3.9
Active Directory Resource defined using the Active Directory Connector
(LDAP): https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393
Active Directory Connector Version: 2.0
Active Directory

Issue is not with the bind credentials themselves - connection works
otherwise: Test connection is successful; recomputing individual users
(even those that the issue shows up for during import); manually importing
AD objects (users, groups) all work fine.

*Where we do have the issue:*
- When running import task for Active Directory resource including ~320
user accounts
- Issue appears consistently during each import attempt, but inconsistently
on varying user accounts
- When the bind error occurs with both domain controllers, it halts the
import and import task fails
- During import, midPoint is generally able to import most user accounts
before the issue starts manifesting

*Stacktrace:*
2020-11-24 02:34:19,110 [] [midPointScheduler_Worker-8] ERROR
(com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId
Exception
org.identityconnectors.framework.common.exceptions.ConnectorIOException in
connector:a399ee77-234c-4ae3-9880-65d557a67bc6(ConnId
com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0):
ConnectorSpec(resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active
Directory (LDAP)), name=null, oid=a399ee77-234c-4ae3-9880-65d557a67bc6):
LDAP error during search: operationsError: 000004DC: LdapErr:
DSID-0C0907E9, comment: In order to perform this operation a successful
bind must be completed on the connection., data 0, v2580? (1)
org.identityconnectors.framework.common.exceptions.ConnectorIOException:
LDAP error during search: operationsError: 000004DC: LdapErr:
DSID-0C0907E9, comment: In order to perform this operation a successful
bind must be completed on the connection., data 0, v2580? (1)
at
com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:580)
at
com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy.search(SimplePagedResultsSearchStrategy.java:239)
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:691)
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:497)
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:130)
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:197)
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:133)
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
at com.sun.proxy.$Proxy219.search(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
at com.sun.proxy.$Proxy219.search(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)

Has anyone seen this issue before or have any ideas? Because the import
fails, it causes issues with other resources and processes.

Appreciate any advice anyone has to offer!

Brandon Powers
Exclamation Labs
300 Washington Street
Cumberland, MD 21502
888.545.5008 or 301.722.5008 ext 144
fax 301.722.2183
brandon at exclamationlabs.com
www.exclamationlabs.com <brandon at exclamationlabs.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201124/a0293f79/attachment.htm>

More information about the midPoint mailing list