[midPoint] AD Account Import Task Error

Gus Lou gugalou38 at gmail.com
Sun Jan 3 21:00:41 CET 2021 

Hi Guys

Unfortunately the strategy of filtering by the path I mentioned earlier did
not work.
The active directory environment has several accounts that have attributes
such as:

msDS-KeyCredentialLink and msExchUserBL than Midpoint

When I run the account import task I get the error extracted from the log

Couldn't convert resource object from ConnID to midPoint: uid=Attribute:
{Name=__UID__, Value=[f10eed2a-1a67-4484-97c9-b9c28646fb12]},
name=Attribute: {Name=__NAME__, Value=[CN=Exchange
Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]},
class=ObjectClass: user: Unknown attribute msExchUserBL in definition of
object class {
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}user.
Original ConnId name: msExchUserBL in resource object identified by
Attribute: {Name=__NAME__, Value=[CN=Exchange
Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]}

Error dealing with schema: Couldn't convert resource object from ConnID to
midPoint: uid=Attribute: {Name=__UID__,
Value=[20c2b611-1716-3c77-98c8-a8ba87e5c571]},
name=Attribute: {Name=__NAME__, Value=[CN=joe doe,OU=users,DC=xyz,DC=net]},
class=ObjectClass: user: Unknown attribute msDS-KeyCredentialLink in
definition of object class {
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}user.
Original ConnId name: msDS-KeyCredentialLink in resource object identified
by Attribute: {Name=__NAME__, Value=[CN=joe doe,OU=users,DC=xyz,DC=net]}

If anyone has any tips I would appreciate it.

Em sáb., 2 de jan. de 2021 às 22:39, Gus Lou <gugalou38 at gmail.com> escreveu:

> It seems that using a filter on the resource may be a solution.
>
> <condition>
>        <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="c:ScriptExpressionEvaluatorType">
>            <code>
>                obj = basic.getAttributeValue(shadow, '
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3','dn');
>                return (obj.contains('OU=employees,DC=xyz,DC=net'));
>            </code>
>        </script>
> </condition>
>
> Em sáb., 2 de jan. de 2021 às 21:21, Gus Lou <gugalou38 at gmail.com>
> escreveu:
>
>> Hello Guys Happy New Year
>>
>> I created a task to import existing accounts in Active Directory. After
>> the task to import some accounts it stop and presents an error regarding an
>> account that could not be imported. It is a default exchange account that
>> for some reason is not being recognized by the midpoint. Is there a way to
>> exclude this account from import so that it doesn't stop the task?
>>
>> Task error:
>> Couldn't convert resource object from ConnID to midPoint: uid=Attribute:
>> {Name=__UID__, Value=[f10eed2a-1a67-4484-97c9-b9c28646fb12]},
>> name=Attribute: {Name=__NAME__, Value=[CN=Exchange
>> Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]},
>> class=ObjectClass: user: Unknown attribute msExchUserBL in definition of
>> object class {
>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}user.
>> Original ConnId name: msExchUserBL in resource object identified by
>> Attribute: {Name=__NAME__, Value=[CN=Exchange
>> Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]}
>>
>>
>> Regards
>>
>> Gus
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210103/bffb8c88/attachment.htm>

More information about the midPoint mailing list