[midPoint] Active Directory Bind Error

Brandon Powers brandon at exclamationlabs.com
Wed Nov 25 15:21:48 CET 2020 

Thanks, Ivan - really appreciate your response!

We are reviewing the ticket you referenced.  It does look the same LDAP
error messaging is being reported.  We are considering the scope of and
effort behind an upgrade.

Per your first comment in that ticket, we may attempt re-uploading the
resource XML first.
> There is a chance that this was caused by something "else": either the
Resource was somehow "corrupted" in repository or memory. After reuploading
the resource XML AND restarting all midPoint nodes, this error seems to
stop.

Will report back once we've had a chance to consider these options and let
the community know of the outcome.

Brandon Powers
Exclamation Labs
300 Washington Street
Cumberland, MD 21502
888.545.5008 or 301.722.5008 ext 144
fax 301.722.2183
brandon at exclamationlabs.com
www.exclamationlabs.com <brandon at exclamationlabs.com>


On Wed, Nov 25, 2020 at 2:07 AM Ivan Noris via midPoint <
midpoint at lists.evolveum.com> wrote:

> Hi Brandon,
>
> could be this? https://jira.evolveum.com/browse/MID-6439
>
> We had this issue too, but it seems to not happen again with midPoint 4.2
> and more important - newest AD connector 3.1.
>
> Best regards,
>
> Ivan
> On 24. 11. 2020 23:06, Brandon Powers via midPoint wrote:
>
> Hey MidPoint Community!
>
> We are currently struggling with an Active Directory
> Connector/connectivity issue that we have not encountered in any other
> midPoint implementation to date, and hoping someone may be able to shed
> some light or provide some guidance.
>
> *Short Summary:*
> Receiving the following error *occasionally* when importing many Active
> Directory accounts using the Active Directory (LDAP) Connector.
> *Error Message:* In order to perform this operation a successful bind
> must be completed on the connection.
>
> *Context:*
> MidPoint Version: 3.9
> Active Directory Resource defined using the Active Directory Connector
> (LDAP): https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393
> Active Directory Connector Version: 2.0
> Active Directory
>
> Issue is not with the bind credentials themselves - connection works
> otherwise: Test connection is successful; recomputing individual users
> (even those that the issue shows up for during import); manually importing
> AD objects (users, groups) all work fine.
>
> *Where we do have the issue:*
> - When running import task for Active Directory resource including ~320
> user accounts
> - Issue appears consistently during each import attempt, but
> inconsistently on varying user accounts
> - When the bind error occurs with both domain controllers, it halts the
> import and import task fails
> - During import, midPoint is generally able to import most user accounts
> before the issue starts manifesting
>
> *Stacktrace:*
> 2020-11-24 02:34:19,110 [] [midPointScheduler_Worker-8] ERROR
> (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId
> Exception
> org.identityconnectors.framework.common.exceptions.ConnectorIOException in
> connector:a399ee77-234c-4ae3-9880-65d557a67bc6(ConnId
> com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0): ConnectorSpec(
> resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active Directory (LDAP)),
> name=null, oid=a399ee77-234c-4ae3-9880-65d557a67bc6): LDAP error during
> search: operationsError: 000004DC: LdapErr: DSID-0C0907E9, comment: In
> order to perform this operation a successful bind must be completed on the
> connection., data 0, v2580? (1)
> org.identityconnectors.framework.common.exceptions.ConnectorIOException:
> LDAP error during search: operationsError: 000004DC: LdapErr:
> DSID-0C0907E9, comment: In order to perform this operation a successful
> bind must be completed on the connection., data 0, v2580? (1)
> at
> com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:580)
> at
> com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy.search(SimplePagedResultsSearchStrategy.java:239)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:691)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:497)
> at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:130)
> at
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:197)
> at
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:133)
> at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)
> at com.sun.proxy.$Proxy219.search(Unknown Source)
> at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
> at com.sun.proxy.$Proxy219.search(Unknown Source)
> at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)
>
> Has anyone seen this issue before or have any ideas? Because the import
> fails, it causes issues with other resources and processes.
>
> Appreciate any advice anyone has to offer!
>
> Brandon Powers
> Exclamation Labs
> 300 Washington Street
> Cumberland, MD 21502
> 888.545.5008 or 301.722.5008 ext 144 <301.722.5008+ext+144>
> fax 301.722.2183
> brandon at exclamationlabs.com
> www.exclamationlabs.com <brandon at exclamationlabs.com>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201125/1014dc21/attachment.htm>

More information about the midPoint mailing list