[midPoint] Active Directory Bind Error

Ivan Noris ivan.noris at evolveum.com
Wed Nov 25 08:07:32 CET 2020


Hi Brandon,

could be this? https://jira.evolveum.com/browse/MID-6439

We had this issue too, but it seems to not happen again with midPoint
4.2 and more important - newest AD connector 3.1.

Best regards,

Ivan

On 24. 11. 2020 23:06, Brandon Powers via midPoint wrote:
> Hey MidPoint Community!
>
> We are currently struggling with an Active Directory
> Connector/connectivity issue that we have not encountered in any other
> midPoint implementation to date, and hoping someone may be able to
> shed some light or provide some guidance.
>
> *Short Summary:*
> Receiving the following error /occasionally/ when importing many
> Active Directory accounts using the Active Directory (LDAP) Connector.
> *Error Message:* In order to perform this operation a successful bind
> must be completed on the connection.
> *
> *
> *Context:*
> MidPoint Version: 3.9
> Active Directory Resource defined using the Active Directory Connector
> (LDAP): https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393
> Active Directory Connector Version: 2.0
> Active Directory
>
> Issue is not with the bind credentials themselves - connection works
> otherwise: Test connection is successful; recomputing individual users
> (even those that the issue shows up for during import); manually
> importing AD objects (users, groups) all work fine.
>
> *Where we do have the issue:*
> - When running import task for Active Directory resource including
> ~320 user accounts
> - Issue appears consistently during each import attempt, but
> inconsistently on varying user accounts
> - When the bind error occurs with both domain controllers, it halts
> the import and import task fails
> - During import, midPoint is generally able to import most user
> accounts before the issue starts manifesting
>
> *Stacktrace:*
> 2020-11-24 02:34:19,110 [] [midPointScheduler_Worker-8] ERROR
> (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
> ConnId Exception
> org.identityconnectors.framework.common.exceptions.ConnectorIOException
> in connector:a399ee77-234c-4ae3-9880-65d557a67bc6(ConnId
> com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0):
> ConnectorSpec(resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active
> Directory (LDAP)), name=null,
> oid=a399ee77-234c-4ae3-9880-65d557a67bc6): LDAP error during search:
> operationsError: 000004DC: LdapErr: DSID-0C0907E9, comment: In order
> to perform this operation a successful bind must be completed on the
> connection., data 0, v2580? (1)
> org.identityconnectors.framework.common.exceptions.ConnectorIOException:
> LDAP error during search: operationsError: 000004DC: LdapErr:
> DSID-0C0907E9, comment: In order to perform this operation a
> successful bind must be completed on the connection., data 0, v2580? (1)
> at
> com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:580)
> at
> com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy.search(SimplePagedResultsSearchStrategy.java:239)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:691)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:497)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:130)
> at
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:197)
> at
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:133)
> at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
> at com.sun.proxy.$Proxy219.search(Unknown Source)
> at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
> at com.sun.proxy.$Proxy219.search(Unknown Source)
> at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)
>
> Has anyone seen this issue before or have any ideas? Because the
> import fails, it causes issues with other resources and processes.
>
> Appreciate any advice anyone has to offer!
>
> Brandon Powers
> Exclamation Labs
> 300 Washington Street
> Cumberland, MD 21502
> 888.545.5008 <tel:888.545.5008> or 301.722.5008 ext 144
> <tel:301.722.5008+ext+144>
> fax 301.722.2183
> brandon at exclamationlabs.com <mailto:brandon at exclamationlabs.com>
> www.exclamationlabs.com <mailto:brandon at exclamationlabs.com>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201125/d36ea2c1/attachment-0001.htm>


More information about the midPoint mailing list