[midPoint] AD Account Import Task Error
Jason Everling
jeverling at bshp.edu
Mon Jan 4 18:07:56 CET 2021
You need to add all the object classes for the attributes your users have, whichever object class those 2 attributes belong to add them as auxiliary object class in resource
________________________________
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Gus Lou via midPoint <midpoint at lists.evolveum.com>
Sent: Sunday, January 3, 2021 2:00:41 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Gus Lou <gugalou38 at gmail.com>
Subject: Re: [midPoint] AD Account Import Task Error
Hi Guys
Unfortunately the strategy of filtering by the path I mentioned earlier did not work.
The active directory environment has several accounts that have attributes such as:
msDS-KeyCredentialLink and msExchUserBL than Midpoint
When I run the account import task I get the error extracted from the log
Couldn't convert resource object from ConnID to midPoint: uid=Attribute: {Name=__UID__, Value=[f10eed2a-1a67-4484-97c9-b9c28646fb12]}, name=Attribute: {Name=__NAME__, Value=[CN=Exchange Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]}, class=ObjectClass: user: Unknown attribute msExchUserBL in definition of object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}user<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Duser>. Original ConnId name: msExchUserBL in resource object identified by Attribute: {Name=__NAME__, Value=[CN=Exchange Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]}
Error dealing with schema: Couldn't convert resource object from ConnID to midPoint: uid=Attribute: {Name=__UID__, Value=[20c2b611-1716-3c77-98c8-a8ba87e5c571]}, name=Attribute: {Name=__NAME__, Value=[CN=joe doe,OU=users,DC=xyz,DC=net]}, class=ObjectClass: user: Unknown attribute msDS-KeyCredentialLink in definition of object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}user<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Duser>. Original ConnId name: msDS-KeyCredentialLink in resource object identified by Attribute: {Name=__NAME__, Value=[CN=joe doe,OU=users,DC=xyz,DC=net]}
If anyone has any tips I would appreciate it.
Em sáb., 2 de jan. de 2021 às 22:39, Gus Lou <gugalou38 at gmail.com<mailto:gugalou38 at gmail.com>> escreveu:
It seems that using a filter on the resource may be a solution.
<condition>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
<code>
obj = basic.getAttributeValue(shadow, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3','dn');
return (obj.contains('OU=employees,DC=xyz,DC=net'));
</code>
</script>
</condition>
Em sáb., 2 de jan. de 2021 às 21:21, Gus Lou <gugalou38 at gmail.com<mailto:gugalou38 at gmail.com>> escreveu:
Hello Guys Happy New Year
I created a task to import existing accounts in Active Directory. After the task to import some accounts it stop and presents an error regarding an account that could not be imported. It is a default exchange account that for some reason is not being recognized by the midpoint. Is there a way to exclude this account from import so that it doesn't stop the task?
Task error:
Couldn't convert resource object from ConnID to midPoint: uid=Attribute: {Name=__UID__, Value=[f10eed2a-1a67-4484-97c9-b9c28646fb12]}, name=Attribute: {Name=__NAME__, Value=[CN=Exchange Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]}, class=ObjectClass: user: Unknown attribute msExchUserBL in definition of object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}user<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Duser>. Original ConnId name: msExchUserBL in resource object identified by Attribute: {Name=__NAME__, Value=[CN=Exchange Online-ApplicationAccount,OU=UserDisable,DC=xyz,DC=net]}
Regards
Gus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210104/bd1fc416/attachment.htm>
More information about the midPoint
mailing list