[midPoint] Attempt to add shadow without any attributes

Ethan Kromhout kromhout at unc.edu
Tue Sep 15 16:45:42 CEST 2020 

I'm working with the experimental MS Graph connector to Azure AD. My 
initial use case is just creating groups and updating memberships, so my 
mappings are just an association for the AccountObjectClass and a more 
complete set of mappings for the GroupObjectClass. The schema this 
connector generates contain no mandatory attributes, e.g. nothing is 
marked minOccurs="1".. Group creation is working just fine, but I'm 
having  a problem with the membership management. If I go into a user 
who is a member of an organization that should connect the user to the 
Azure AD group, and preview a reconciliation change, it sees that it 
should add the Azure AD group, but when I hit save on the user, the 
change fails with this error:

2020-09-15 14:22:05,611 [MODEL] [pool-3-thread-16] WARN 
(com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor): 
Can't do reconciliation. Account context doesn't contain current version 
of account.
2020-09-15 14:22:05,820 [MODEL] [pool-3-thread-16] ERROR 
(com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl): 
Attempt to add shadow without any attributes: shadow:null(null)
com.evolveum.midpoint.util.exception.SchemaException: Attempt to add 
shadow without any attributes: shadow:null(null)
     at 
com.evolveum.midpoint.provisioning.impl.ShadowCache.addShadowAttempt(ShadowCache.java:508)

And indeed, no Account shadow is created for the Azure AD resource for 
that user. If I import the the Account object for that user directly 
from the Azure AD resource, then the shadow is created, and the 
membership in Azure AD is updated. So I'm confused as to why saving a 
user on reconciliation would fail with this error, but an import on the 
resource succeeds.

Thanks for any experience or advise, I've attached the resource 
definition in case that is of interest,

Ethan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ExportedData_ResourceType_2020_09_15_14_9_33.xml
Type: text/xml
Size: 73272 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200915/810719df/attachment.xml>

More information about the midPoint mailing list