From Sven.Feyerabend at stuvus.uni-stuttgart.de Mon Oct 3 11:20:32 2022
From: Sven.Feyerabend at stuvus.uni-stuttgart.de (Sven Feyerabend)
Date: Mon, 3 Oct 2022 11:20:32 +0200
Subject: [midPoint] Problem with post-registration configuration
Message-ID: <48794894-db92-dd84-464b-5e824ada97d9@stuvus.uni-stuttgart.de>
Hello everyone,
I'm trying to implement an invite based user registration system and
want to use midpoints self post-registration feature.
I'm using midpoint 4.4.2 and the flexible authentication mechanism. I
tried to follow the example in the documentation at
https://docs.evolveum.com/midpoint/reference/misc/self-registration/configuration-before-4-6/#self-post-registration-or-invite-for-existing-users-in-midpoint
So far I have the following config in my SecurityPolicy:
selfRegistration
active
proposed
Aktivierung
selfRegistrationAuth
and for the authentication sequence:
selfRegistrationAuth
Just a nonce mail to validate e-mail
address.
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#selfRegistration
registration
RegistrationNonce
10
sufficient
Additionally I have configured a notification handler that sends the
necessary information via email.
If I create a new user the correct information is send via mail, namely
a link in the form https://my-midpoint-domain/midpoint/registration?user=oid
If I try to open the link in a browser, I get redirected to the login
page and the midpoint logs show the following error:
ERROR (com.evolveum.midpoint.web.security.filter.MidpointAuthFilter):
Couldn't find sequence for URI '/midpoint/registration' in
authentication of Security Policy with oid
00000000-0000-0000-0000-000000000120
java.lang.IllegalArgumentException: Couldn't find sequence for URI
'/midpoint/registration' in authentication of Security Policy with oid
00000000-0000-0000-0000-000000000120
But if I open midpoint in the browser, then click on the Sign Up button
and then paste the link into the url bar, I get the user specific
registration form and can complete the activation process.
My guess is, that simply opening the link in the browser does not
qualify as the selfRegistration channel and therefore the process does
not work.
What would be the correct way to fix this?
Thanks in advance!
Regards
Sven
From jhaywo1 at ilstu.edu Tue Oct 4 20:32:55 2022
From: jhaywo1 at ilstu.edu (Haywood, Jeremiah)
Date: Tue, 4 Oct 2022 18:32:55 +0000
Subject: [midPoint] Livesynch Task Suspended on Error
Message-ID:
Afternoon all,
We are experimenting with live synch in a clustered deployment and have come
across some situations where it experiences a fatal error and moves to a
suspended state. The most recent error we received was the following after
container reboot:
GUI Results:
Operation:
com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally
Status: FATAL_ERROR
Message:
Bucket
PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)],
PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)],
PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum
.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[
])]] is not ready
I have also attached the stack trace from the logs. Is it possible to
configure Midpoint to continue subsequent runs after permanent errors?
Additionally, have others experienced similar behavior?
Thank you,
Jeremiah Haywood
Lead IAM Administrator
Office of Technology Solutions | Illinois State University
Phone Number (309) 438-3829
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 58001 bytes
Desc: not available
URL:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: livesynch-fatal-error-log.txt
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7264 bytes
Desc: not available
URL:
From mederly at evolveum.com Tue Oct 4 20:40:46 2022
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 4 Oct 2022 20:40:46 +0200
Subject: [midPoint] Livesynch Task Suspended on Error
In-Reply-To:
References:
Message-ID: <0f81dd44-ddac-2b61-8c0f-550a8ff433ac@evolveum.com>
Jeremiah,
this reminds me of situations when the same task runs *independently* on
multiple nodes at once. It should not, as the Quartz scheduler should
take care of that; but sometimes it does. Very weird things are possible
in such cases, and what you describe is exactly one of them. See e.g.
https://jira.evolveum.com/browse/MID-5500. (And maybe search our jira
for similar issues.)
You may check the logs to see if this occurs and then try to determine
why. Usually this points to some kind of infrastructure problem
(overloaded nodes? faulty DB connections? clocks out of sync? this is a
typical case for our professional support :).
My advice is to diagnose and fix this, and not to somehow "sweep that
under the carpet" -> as it would hurt you sometimes in the future.
(Of course, I may be wrong and this could be a genuine midPoint bug. But
I doubt that.)
Best regards,
--
Pavol Mederly
Software developer
evolveum.com
On 04/10/2022 20:32, Haywood, Jeremiah via midPoint wrote:
>
> Afternoon all,
>
> We are experimenting with live synch in a clustered deployment and
> have come across some situations where it experiences a fatal error
> and moves to a suspended state. The most recent error we received was
> the following after container reboot:
>
> GUI Results:
>
> Operation:
> com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally
>
> Status: FATAL_ERROR
>
> Message:
>
> Bucket
> PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)],
> PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)],
> PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[])]]
> is not ready
>
> I have also attached the stack trace from the logs. Is it possible to
> configure Midpoint to continue subsequent runs after permanent errors?
> Additionally, have others experienced similar behavior?
>
> Thank you,
>
> Jeremiah Haywood
>
> Lead IAM Administrator
>
> Office of Technology Solutions | Illinois State University
>
> Phone Number (309) 438-3829
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 58001 bytes
Desc: not available
URL:
From vitor.alves at gerencianet.com.br Tue Oct 4 20:45:39 2022
From: vitor.alves at gerencianet.com.br (Vitor Alves | Gerencianet)
Date: Tue, 4 Oct 2022 18:45:39 +0000
Subject: [midPoint] RES: Livesynch Task Suspended on Error
In-Reply-To:
References:
Message-ID:
Hi Jeremiah,
Yes, that is possible.
I currently use version 4.4.3 LTS, and I had the same problem as you, in some cases the resource fails, but we must continue with the task. Following are the actions that must be done in the task XML.
<...>
runnable
ready
ImportingAccounts
recurring
* 3 * * *
-------
If you want, you can do it via UI (particularly I prefer). Within the task, access the "Schedule" submenu and add:
"Recurrence": Recurring
Access the "Operational attributes (state)" submenu
"Execution state": Runnable
"Scheduling state": Ready
I hope I could have helped.
Atenciosamente,
-----
Vitor Alves
Analista Cloud Pleno II
vitor.alves at gerencianet.com.br
Infraestrutura de TI e Segurança
gerencianet.com.br | 1ª Região - Brasil
Atendimento a clientes:
4000 1234 para capitais e regiões metropolitanas e 0800 941 2343 para demais cidades.
Expediente: de segunda a segunda, das 07h às 22h (horário de Brasília), inclusive em feriados nacionais.
AVISO DE CONFIDENCIALIDADE - Esta mensagem da Gerencianet é enviada exclusivamente a seus destinatários e pode conter informações confidenciais, protegidas por sigilo profissional. Se você a recebeu indevidamente, a utilização posterior desta mensagem é desautorizada. Solicitamos que seja devolvida ao remetente para esclarecimento do equívoco.
-----Mensagem original-----
De: midPoint Em nome de midpoint-request at lists.evolveum.com
Enviada em: terça-feira, 4 de outubro de 2022 15:33
Para: midpoint at lists.evolveum.com
Assunto: midPoint Digest, Vol 126, Issue 3
Send midPoint mailing list submissions to
midpoint at lists.evolveum.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.evolveum.com/mailman/listinfo/midpoint
or, via email, send a message with subject or body 'help' to
midpoint-request at lists.evolveum.com
You can reach the person managing the list at
midpoint-owner at lists.evolveum.com
When replying, please edit your Subject line so it is more specific than "Re: Contents of midPoint digest..."
Today's Topics:
1. Livesynch Task Suspended on Error (Haywood, Jeremiah)
----------------------------------------------------------------------
Message: 1
Date: Tue, 4 Oct 2022 18:32:55 +0000
From: "Haywood, Jeremiah"
To: "midpoint at lists.evolveum.com"
Subject: [midPoint] Livesynch Task Suspended on Error
Message-ID:
Content-Type: text/plain; charset="utf-8"
Afternoon all,
We are experimenting with live synch in a clustered deployment and have come across some situations where it experiences a fatal error and moves to a suspended state. The most recent error we received was the following after container reboot:
GUI Results:
Operation:
com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally
Status: FATAL_ERROR
Message:
Bucket
PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)],
PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)],
PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum
.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[
])]] is not ready
I have also attached the stack trace from the logs. Is it possible to configure Midpoint to continue subsequent runs after permanent errors?
Additionally, have others experienced similar behavior?
Thank you,
Jeremiah Haywood
Lead IAM Administrator
Office of Technology Solutions | Illinois State University
Phone Number (309) 438-3829
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 58001 bytes
Desc: not available
URL:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: livesynch-fatal-error-log.txt
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7264 bytes
Desc: not available
URL:
------------------------------
Subject: Digest Footer
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
------------------------------
End of midPoint Digest, Vol 126, Issue 3
****************************************
From mederly at evolveum.com Tue Oct 4 21:06:39 2022
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 4 Oct 2022 21:06:39 +0200
Subject: [midPoint] Livesynch Task Suspended on Error
In-Reply-To:
References:
Message-ID:
I've just looked at the details...
2022-10-03 19:37:01,932 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 19:48:25,090 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected
1 failed or restarted instances.
2022-10-03 19:48:25,090 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning
for instance "ilstu-midpoint-dev-01"'s failed in-progress jobs.
2022-10-03 19:50:11,947 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 20:05:53,283 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 20:19:10,271 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 20:32:45,142 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected
1 failed or restarted instances.
2022-10-03 20:32:45,142 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning
for instance "ilstu-midpoint-dev-01"'s failed in-progress jobs.
2022-10-03 20:32:45,164 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager:
......Scheduled 1 recoverable job(s) for recovery.
2022-10-03 20:32:45,193 [] [midPointScheduler_Worker-9] INFO
(com.evolveum.midpoint.task.quartzimpl.run.JobExecutor): Task
Task(id:1664827507317-0-1, name:identityTable (livesynch),
oid:9d446a2e-0819-4041-9f66-bf716d76b084) is recovering
This points to the cluster issue with 100% certainty. :)
--
Pavol Mederly
Software developer
evolveum.com
On 04/10/2022 20:32, Haywood, Jeremiah via midPoint wrote:
>
> Afternoon all,
>
> We are experimenting with live synch in a clustered deployment and
> have come across some situations where it experiences a fatal error
> and moves to a suspended state. The most recent error we received was
> the following after container reboot:
>
> GUI Results:
>
> Operation:
> com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally
>
> Status: FATAL_ERROR
>
> Message:
>
> Bucket
> PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)],
> PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)],
> PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[])]]
> is not ready
>
> I have also attached the stack trace from the logs. Is it possible to
> configure Midpoint to continue subsequent runs after permanent errors?
> Additionally, have others experienced similar behavior?
>
> Thank you,
>
> Jeremiah Haywood
>
> Lead IAM Administrator
>
> Office of Technology Solutions | Illinois State University
>
> Phone Number (309) 438-3829
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 58001 bytes
Desc: not available
URL:
From jhaywo1 at ilstu.edu Tue Oct 4 21:14:58 2022
From: jhaywo1 at ilstu.edu (Haywood, Jeremiah)
Date: Tue, 4 Oct 2022 19:14:58 +0000
Subject: [midPoint] Livesynch Task Suspended on Error
In-Reply-To:
References:
Message-ID:
Thanks for the information and looking into that log file. Would this be
addressed by having a tight binding to a specific node for the livesynch
task? Or would increasing the quartzClusterCheckinGracePeriod still be
required (based off details in [MID-5500] Reconc error: Couldn't complete
work bucket for task - Evolveum Jira
)?
Thank you,
Jeremiah Haywood
Lead IAM Administrator
Office of Technology Solutions | Illinois State University
Phone Number (309) 438-3829
From: midPoint On Behalf Of Pavol
Mederly via midPoint
Sent: Tuesday, October 4, 2022 2:07 PM
To: midpoint at lists.evolveum.com
Cc: Pavol Mederly
Subject: Re: [midPoint] Livesynch Task Suspended on Error
This message originated from outside of the Illinois State University email
system. Learn why this is important
I've just looked at the details...
2022-10-03 19:37:01,932 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 19:48:25,090 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected 1
failed or restarted instances.
2022-10-03 19:48:25,090 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning for
instance "ilstu-midpoint-dev-01"'s failed in-progress jobs.
2022-10-03 19:50:11,947 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 20:05:53,283 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 20:19:10,271 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance
(ilstu-midpoint-dev-02) is still active but was recovered by another
instance in the cluster. This may cause inconsistent behavior.
2022-10-03 20:32:45,142 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected 1
failed or restarted instances.
2022-10-03 20:32:45,142 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning for
instance "ilstu-midpoint-dev-01"'s failed in-progress jobs.
2022-10-03 20:32:45,164 []
[QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager]
INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager:
......Scheduled 1 recoverable job(s) for recovery.
2022-10-03 20:32:45,193 [] [midPointScheduler_Worker-9] INFO
(com.evolveum.midpoint.task.quartzimpl.run.JobExecutor): Task
Task(id:1664827507317-0-1, name:identityTable (livesynch),
oid:9d446a2e-0819-4041-9f66-bf716d76b084) is recovering
This points to the cluster issue with 100% certainty. :)
--
Pavol Mederly
Software developer
evolveum.com
On 04/10/2022 20:32, Haywood, Jeremiah via midPoint wrote:
Afternoon all,
We are experimenting with live synch in a clustered deployment and have come
across some situations where it experiences a fatal error and moves to a
suspended state. The most recent error we received was the following after
container reboot:
GUI Results:
Operation:
com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally
Status: FATAL_ERROR
Message:
Bucket
PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)],
PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)],
PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum
.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[
])]] is not ready
I have also attached the stack trace from the logs. Is it possible to
configure Midpoint to continue subsequent runs after permanent errors?
Additionally, have others experienced similar behavior?
Thank you,
Jeremiah Haywood
Lead IAM Administrator
Office of Technology Solutions | Illinois State University
Phone Number (309) 438-3829
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 58001 bytes
Desc: not available
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7264 bytes
Desc: not available
URL:
From yrevyakin at gmail.com Wed Oct 5 17:00:22 2022
From: yrevyakin at gmail.com (Yakov Revyakin)
Date: Wed, 5 Oct 2022 18:00:22 +0300
Subject: [midPoint] NULL validTo in condition for assignment
Message-ID:
Hi all,
I've found that if I assign an org (using objectTemplate) with the
condition
validTo == null (for example, if validTo was changed from a real value to
empty) and use assignmentTaretSearch to get target org there is no any
effect and nothing is assigned.
It looks like the same as in this post in our maillist
https://lists.evolveum.com/pipermail/midpoint/2018-November/005102.html
Could someone confirm this is a bug or a feature?
It looks like we can consider empty validTo as valid value when an employee
has no finish date in case of assignments and assignmentTargetSearch.
If I assign a static org by oid there is no problem.
Thanks,
J
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From yrevyakin at gmail.com Wed Oct 5 17:01:46 2022
From: yrevyakin at gmail.com (Yakov Revyakin)
Date: Wed, 5 Oct 2022 18:01:46 +0300
Subject: [midPoint] NULL validTo in condition for assignment
In-Reply-To:
References:
Message-ID:
Sorry for misspelling:
It looks like we CAN'T consider empty validTo as valid value when an
employee has no finish date in case of assignments and
assignmentTargetSearch.
On Wed, 5 Oct 2022 at 18:00, Yakov Revyakin wrote:
> Hi all,
> I've found that if I assign an org (using objectTemplate) with the
> condition
> validTo == null (for example, if validTo was changed from a real value to
> empty) and use assignmentTaretSearch to get target org there is no any
> effect and nothing is assigned.
>
> It looks like the same as in this post in our maillist
> https://lists.evolveum.com/pipermail/midpoint/2018-November/005102.html
>
> Could someone confirm this is a bug or a feature?
>
> It looks like we can consider empty validTo as valid value when an
> employee has no finish date in case of assignments and
> assignmentTargetSearch.
>
> If I assign a static org by oid there is no problem.
>
> Thanks,
> J
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From kamil.jires at evolveum.com Thu Oct 6 02:55:54 2022
From: kamil.jires at evolveum.com (Kamil Jires)
Date: Thu, 6 Oct 2022 02:55:54 +0200
Subject: [midPoint] Midpoint Repository Load Balancing/Failover
In-Reply-To:
References:
Message-ID:
Hi Jeremiah,
Thanks for the question. Let me redirect the focus a little bit.
Midpoint using JDBC driver to connect to the database. The native
repository design expect the postgresql database. In case we put these
together the focus may be "targeted" to the postgresql JDBC driver which
seems to natively support it.
By the documentation (
https://jdbc.postgresql.org/documentation/use/#connection-fail-over )
the example of the syntax may be:
- jdbc:postgresql://host1:port1,host2:port2/database
- jdbc:postgresql://node1,node2,node3/accounting?targetServerType=primary
-
jdbc:postgresql://node1,node2,node3/accounting?targetServerType=preferSecondary&loadBalanceHosts=true
For sure it would be good to test it. In case of hands-on experience the
feedback would be appreciated.
Thank you,
Kamil
On 23/09/2022 22:17, Haywood, Jeremiah via midPoint wrote:
>
> Hey all,
>
> Does anyone know if Midpoint natively supports multiple
> repository/failover nodes via config.xml
> (configuration.midpoint.repository.jdbcUrl) or environment variable
> (REPO_JDBC_URL)? Or would this need to be handled with a proxy in
> front of the database nodes? Possibly Pgpool or HAProxy.
>
> Thank you,
>
> Jeremiah Haywood
>
> Lead IAM Administrator
>
> Office of Technology Solutions | Illinois State University
>
> Phone Number (309) 438-3829
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From barvepratik7721 at gmail.com Fri Oct 7 10:23:25 2022
From: barvepratik7721 at gmail.com (Pratik Barve)
Date: Fri, 7 Oct 2022 13:53:25 +0530
Subject: [midPoint] Not able to build Midpoint code present on master branch
Message-ID:
Hi all,
I am trying to build midpoint code available on the GitHub master branch. I
followed this
document and I am getting Build Failure.
Attaching screenshots for reference
[image: image.png]
[image: image.png]
[image: image.png]
Regards
Pratik
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 1238387 bytes
Desc: not available
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 1288919 bytes
Desc: not available
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 1312008 bytes
Desc: not available
URL:
From jfellmann at gmail.com Fri Oct 7 16:38:25 2022
From: jfellmann at gmail.com (Joaquim Fellmann)
Date: Fri, 7 Oct 2022 16:38:25 +0200
Subject: [midPoint] PR for midpoint book
Message-ID:
Hello,
I'd like to submit a PR that fixes some typos in midpoint
book
but cannot find the adoc sources in the midpoint/docs github repository
(only the html/epub/pdf files are available). Could someone point me to the
right direction ?
Thanks
--
Joaquim
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From barvepratik7721 at gmail.com Mon Oct 10 10:35:20 2022
From: barvepratik7721 at gmail.com (Pratik Barve)
Date: Mon, 10 Oct 2022 14:05:20 +0530
Subject: [midPoint] Running midpoint from Intellij idea doesn't show ui with
CSS
Message-ID:
Hi all,
I am running midpoint application within IntelliJ with the steps described
here . I am able
to start midpoint, but it is with no UI. How can I achieve running midpoint
with UI as if we are running midpoint distribution package?
Attaching current midpoint UI and current configuration that I did to get
this
[image: image.png]
[image: image.png]
Regards,
Pratik
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 21912 bytes
Desc: not available
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 226397 bytes
Desc: not available
URL:
From stephane.delcourt at ulb.be Mon Oct 10 12:54:04 2022
From: stephane.delcourt at ulb.be (=?iso-8859-1?Q?Delcourt_St=E9phane?=)
Date: Mon, 10 Oct 2022 10:54:04 +0000
Subject: [midPoint] hasNoAssignment policy constraint
Message-ID:
Hi all,
Does someone know how to deal with this policy constraint ?
My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068
So I want to add policy constraint in role B to block user receiving it if not assigned of role A
Here's the code sample I'm using in role B:
exclude-if-no-role-a
But this does not trigger any error when I try to assign role B to a user not having role A.
What am I missing here ?
I don't even know how to debug this.
Thanks for your help
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
[www.ulb.be]
Département informatique, Service Applications métier
Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: image001.jpg
URL:
From radovan.semancik at evolveum.com Mon Oct 10 13:38:12 2022
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Mon, 10 Oct 2022 13:38:12 +0200
Subject: [midPoint] PR for midpoint book
In-Reply-To:
References:
Message-ID: <2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com>
Hello,
Book sources are not (yet) on github. Book is using a "non-commercial"
Creative Commons license, which is somehow different that open source
licenses for source code. We are not yet sure about all the differences
and legal implications, we are still considering whether it is OK for us
to publish book source code as well.
How much typos have you found? If it is just a few, please send any kind
of description of the typos directly to me, and I will fix the book
manually. If there are a lot of typos ... then it would be best to make
the book source code available ... and perhaps this could speed up our
decision.
--
Radovan Semancik
Software Architect
evolveum.com
On 10/7/22 16:38, Joaquim Fellmann via midPoint wrote:
> Hello,
>
> I'd like to submit a PR that fixes some typos in midpoint
> book
> but cannot find the adoc sources in
> the midpoint/docs github repository (only the html/epub/pdf files are
> available). Could someone point me to the right direction ?
>
> Thanks
>
> --
> Joaquim
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From jfellmann at gmail.com Mon Oct 10 14:13:20 2022
From: jfellmann at gmail.com (Joaquim Fellmann)
Date: Mon, 10 Oct 2022 14:13:20 +0200
Subject: [midPoint] PR for midpoint book
In-Reply-To: <2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com>
References:
<2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com>
Message-ID:
Hi Radovan,
I found quite a lot (and will probably find more as I dig into it). I'll
send you a diff against the latest master since the sources are not
available yet.
Regards
--
Joaquim
On Mon, 10 Oct 2022 at 13:38, Radovan Semancik via midPoint <
midpoint at lists.evolveum.com> wrote:
> Hello,
>
> Book sources are not (yet) on github. Book is using a "non-commercial"
> Creative Commons license, which is somehow different that open source
> licenses for source code. We are not yet sure about all the differences and
> legal implications, we are still considering whether it is OK for us to
> publish book source code as well.
>
> How much typos have you found? If it is just a few, please send any kind
> of description of the typos directly to me, and I will fix the book
> manually. If there are a lot of typos ... then it would be best to make the
> book source code available ... and perhaps this could speed up our decision.
>
> --
> Radovan Semancik
> Software Architectevolveum.com
>
>
>
> On 10/7/22 16:38, Joaquim Fellmann via midPoint wrote:
>
> Hello,
>
> I'd like to submit a PR that fixes some typos in midpoint
> book
> but cannot find the adoc sources in the midpoint/docs github repository
> (only the html/epub/pdf files are available). Could someone point me to the
> right direction ?
>
> Thanks
>
> --
> Joaquim
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From zeipelt at uni-wuppertal.de Tue Oct 11 13:25:39 2022
From: zeipelt at uni-wuppertal.de (Rene Zeipelt)
Date: Tue, 11 Oct 2022 13:25:39 +0200
Subject: [midPoint] Compile Error on connector-ldap v3.4
Message-ID: <7fa2a85f-93f2-5a5c-bdb7-9025d9c65167@uni-wuppertal.de>
Hello, for testing hash tags with openldap pw-sha2 module I compile my
git clone (with v3.4 tag) and got
[ERROR] Failed to execute goal on project connector-ldap: Could not
resolve dependencies for project
com.evolveum.polygon:connector-ldap:jar:3.4: Failed to collect
dependencies at org.apache.directory.api:api-all:jar:2.1.0e3: Failed to
read artifact descriptor for
org.apache.directory.api:api-all:jar:2.1.0e3: Failure to find
org.apache.directory.project:project:pom:46-SNAPSHOT in
https://nexus.evolveum.com/nexus/content/groups/public/ was cached in
the local repository, resolution will not be reattempted until the
update interval of evolveum has elapsed or updates are forced
So version 3.6-snapshot have no compiling errors but the provisioning
framework version is different and jar file would not loaded to midpoint
by the icf-connectors dir. Running a midpoint 4.5 with native postgresql
(13) on tomcat (9) deployment. Thank you for any hint or help.
Best regards
Rene Zeipelt
--
_________________________________________________________
BERGISCHE UNIVERSITÄT WUPPERTAL
Zentrum fuer Informations- und Medienverarbeitung - ZIM
Gaussstr. 20
DEU-42119 Wuppertal
_________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4200 bytes
Desc: S/MIME Cryptographic Signature
URL:
From dmitri at asgardsecurity.eu Tue Oct 11 16:54:45 2022
From: dmitri at asgardsecurity.eu (dmitri at asgardsecurity.eu)
Date: Tue, 11 Oct 2022 17:54:45 +0300
Subject: [midPoint] Database table connector to MS SQL
Message-ID: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu>
Hello!
�
I have a MS SQL with View, accessible with SQL Management Studio, all ok.
Now I’ve used next configuration to setup the resource in Midpoint:
�
XXX.com
1433
XXX
http://www.w3.org/2001/04/xmlenc#aes256-cbc
XXXXX
XXX
XXXX
Profiles
Staff Id
com.microsoft.sqlserver.jdbc.SQLServerDriver
Single
jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d;
�
�
Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception:
Operation
org.identityconnectors.framework.api.ConnectorFacade.search
Message
Configuration error: SQL param name should be not null
Parameters
objectClass
[ObjectClass: __ACCOUNT__]
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From hsin-fang.hsu at itconcepts.ch Wed Oct 12 10:53:53 2022
From: hsin-fang.hsu at itconcepts.ch (Hsin-Fang Hsu)
Date: Wed, 12 Oct 2022 08:53:53 +0000
Subject: [midPoint] use extensionAttributes in AD --
ERR_13219_NULL_SYNTAX_CHECKER Cannot validate with a null SyntaxChecker
Message-ID:
Hi,
I am using com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v3.3
I want to use extensionAttribute in the outbound but got this error: ERR_13219_NULL_SYNTAX_CHECKER Cannot validate with a null SyntaxChecker
If I replace ri:extensionAttribute11 with ri:street then everything works fine.
Did I miss anything? Or if there is anything need to be donw from the AD side?
Here is the resource configuration:
[cid:image001.png at 01D8DE28.844E4610]
The outbound mapping
[cid:image002.png at 01D8DE28.EA904090]
Thank you very much for the help in advance!
Best regards,
Hsin-Fang
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 90756 bytes
Desc: image001.png
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 15058 bytes
Desc: image002.png
URL:
From mederly at evolveum.com Wed Oct 12 12:34:01 2022
From: mederly at evolveum.com (Pavol Mederly)
Date: Wed, 12 Oct 2022 12:34:01 +0200
Subject: [midPoint] hasNoAssignment policy constraint
In-Reply-To:
References:
Message-ID:
Hello, Stéphane,
just a few general comments:
1. I would search the midPoint sources for string. We
try to do the development seriously, so every feature should have
(at least) one test for it. This one is no exception.
2. I would search the docs.evolveum.com for "hasNoAssignment". Here the
situation is a bit worse. The feature is not quite finished - it was
sponsored to some extent; but additional resources are needed to
document it properly. However, this work-in-progress document could
help:
https://docs.evolveum.com/midpoint/devel/design/policy-constraints/.
(The formatting problems are due to wiki migration.)
3. As for debugging, policy constraints do not have "" flag
nor the comprehensive troubleshooting methodology (as mappings do).
So I use the (experimental) troubleshooting with traces
to diagnose issues with them.
4. Personally, I would be greatly interested in how many installations
do use policy rules, and this one in particular.
--
Pavol Mederly
Software developer
evolveum.com
On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote:
>
> Hi all,
>
> Does someone know how to deal with this policy constraint ?
>
> My idea is to use it for role dependency as intended
> https://jira.evolveum.com/browse/MID-4068
>
> So I want to add policy constraint in role B to block user receiving
> it if not assigned of role A
>
> Here’s the code sample I’m using in role B:
>
>
>
>
>
> exclude-if-no-role-a
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> But this does not trigger any error when I try to assign role B to a
> user not having role A.
>
> What am I missing here ?
>
> I don’t even know how to debug this.
>
> Thanks for your help
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
> www.ulb.be
> *Département informatique, Service Applications métier*
> Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: not available
URL:
From stefano at everythinginfo.cloud Wed Oct 12 22:41:53 2022
From: stefano at everythinginfo.cloud (Stefano Belluomini | EI)
Date: Wed, 12 Oct 2022 20:41:53 +0000
Subject: [midPoint] Database table connector to MS SQL
In-Reply-To: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu>
References: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu>
Message-ID:
Is the staffId column in your database configured to allow NULL? I use the same connector and the column I’m using as the key does not allow nulls.
________________________________
From: midPoint on behalf of dmitri--- via midPoint
Sent: Wednesday, October 12, 2022 12:54:45 AM
To: midpoint at lists.evolveum.com
Cc: dmitri at asgardsecurity.eu
Subject: [midPoint] Database table connector to MS SQL
Hello!
I have a MS SQL with View, accessible with SQL Management Studio, all ok.
Now I’ve used next configuration to setup the resource in Midpoint:
>
XXX.com
1433
XXX
>http://www.w3.org/2001/04/xmlenc#aes256-cbc>
XXXXX
XXX
XXXX
Profiles
Staff Id
com.microsoft.sqlserver.jdbc.SQLServerDriver
Single
jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d;
Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception:
Operation
org.identityconnectors.framework.api.ConnectorFacade.search
Message
Configuration error: SQL param name should be not null
Parameters
objectClass
[ObjectClass: __ACCOUNT__]
Error
Configuration error: SQL param name should be not null
show
com.evolveum.midpoint.util.exception.ConfigurationException: Configuration error: SQL param name should be not null at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:169) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:87) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.executeConnIdSearch(SearchExecutor.java:236) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.execute(SearchExecutor.java:110) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.search(ConnectorInstanceConnIdImpl.java:1787) at com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1382)
Timeout wise seems that Midpoint is getting the data – query takes around 27 seconds to run on server, more-or-less same time I wait till I get this error in Midpoint interface.
Any suggestions would be much appreciated, thank you!
Cheers,
Dmitry
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From berezkin.dmitriy at gmail.com Thu Oct 13 07:54:00 2022
From: berezkin.dmitriy at gmail.com (Dmitriy Berezkin)
Date: Thu, 13 Oct 2022 09:54:00 +0400
Subject: [midPoint] Recompute Task Performance
In-Reply-To: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark>
References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark>
Message-ID: <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark>
Hi!
Could you tell me with parameter has the greatest impact on recompute task performance? Is it CPU or RAM or DB performance or anything else?
I want to know how we can reduce task processing time. Is there any knowledge about it besides profiling?
–––
Dmitry Berezkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From gustav.palos at gmail.com Thu Oct 13 07:56:20 2022
From: gustav.palos at gmail.com (=?UTF-8?B?UMOhbG9zIEd1c3TDoXY=?=)
Date: Thu, 13 Oct 2022 07:56:20 +0200
Subject: [midPoint] Recompute Task Performance
In-Reply-To: <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark>
References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark>
<60469662-3da9-4819-bd63-ab01fabf0e9d@Spark>
Message-ID:
Hi,
Are you using multiple workerThreads & buckets & nodes?
https://docs.evolveum.com/midpoint/reference/tasks/activities/distribution/
best regards,
Gustav
št 13. 10. 2022 o 7:54 Dmitriy Berezkin via midPoint <
midpoint at lists.evolveum.com> napísal(a):
> Hi!
>
> Could you tell me with parameter has the greatest impact on recompute task
> performance? Is it CPU or RAM or DB performance or anything else?
> I want to know how we can reduce task processing time. Is there any
> knowledge about it besides profiling?
>
> –––
> Dmitry Berezkin
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
--
s pozdravom
Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From berezkin.dmitriy at gmail.com Thu Oct 13 08:10:58 2022
From: berezkin.dmitriy at gmail.com (Dmitriy Berezkin)
Date: Thu, 13 Oct 2022 10:10:58 +0400
Subject: [midPoint] Recompute Task Performance
In-Reply-To:
References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark>
<60469662-3da9-4819-bd63-ab01fabf0e9d@Spark>
Message-ID:
We’re using 8 workerThreads and separate node for scheduled tasks.
–––
Dmitry Berezkin
13 окт. 2022 г., 09:56 +0400, Pálos Gustáv via midPoint , писал:
> Hi,
>
> Are you using multiple workerThreads & buckets & nodes?
> https://docs.evolveum.com/midpoint/reference/tasks/activities/distribution/
>
> best regards,
>
> Gustav
>
> > št 13. 10. 2022 o 7:54 Dmitriy Berezkin via midPoint napísal(a):
> > > Hi!
> > >
> > > Could you tell me with parameter has the greatest impact on recompute task performance? Is it CPU or RAM or DB performance or anything else?
> > > I want to know how we can reduce task processing time. Is there any knowledge about it besides profiling?
> > >
> > > –––
> > > Dmitry Berezkin
> > > _______________________________________________
> > > midPoint mailing list
> > > midPoint at lists.evolveum.com
> > > https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> s pozdravom
>
> Gustáv Pálos
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dmitri at asgardsecurity.eu Thu Oct 13 10:41:53 2022
From: dmitri at asgardsecurity.eu (dmitri at asgardsecurity.eu)
Date: Thu, 13 Oct 2022 11:41:53 +0300
Subject: [midPoint] Database table connector to MS SQL
In-Reply-To:
References: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu>
Message-ID: <003c01d8dedf$a5556520$f0002f60$@asgardsecurity.eu>
‘Staff id’ – IS configured to allow NULL values as I see, could this be a problem?
I can ask the IT to change this behavior in SQL View query, although I don’t see any NULL value there in the data.
�
Cheers,
Dmitry
�
From: Stefano Belluomini | EI
Sent: Wednesday, October 12, 2022 11:42 PM
To: midPoint General Discussion
Cc: dmitri at asgardsecurity.eu
Subject: Re: [midPoint] Database table connector to MS SQL
�
Is the staffId column in your database configured to allow NULL? I use the same connector and the column I’m using as the key does not allow nulls.
_____
From: midPoint > on behalf of dmitri--- via midPoint >
Sent: Wednesday, October 12, 2022 12:54:45 AM
To: midpoint at lists.evolveum.com >
Cc: dmitri at asgardsecurity.eu >
Subject: [midPoint] Database table connector to MS SQL
�
Hello!
�
I have a MS SQL with View, accessible with SQL Management Studio, all ok.
Now I’ve used next configuration to setup the resource in Midpoint:
�
� � � � � � �
>
� � � � � � �
� � � � � � � � � � � XXX.com
� � � � � � � � � � �1433
� � � � � � � � � � � XXX
� � � � � � � � � � �
� � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � � � � � � � � >http://www.w3.org/2001/04/xmlenc#aes256-cbc
� � � � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � � � � � � � � XXXXX
� � � � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � � � � � � � � � � XXX
� � � � � � � � � � � � � � � � � � �
� � � � � � � � � � � � � � �
� � � � � � � � � � �
� � � � � � � � � � � XXXX
� � � � � � � � � � � Profiles
� � � � � � � � � � � Staff Id
� � � � � � � � � � �com.microsoft.sqlserver.jdbc.SQLServerDriver
� � � � � � � � � � � Single
� � � � � � � � � � � jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d;
� � � � � � �
�
�
Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception:
Operation
org.identityconnectors.framework.api.ConnectorFacade.search
Message
Configuration error: SQL param name should be not null
Parameters
objectClass
[ObjectClass: __ACCOUNT__]
Error
Configuration error: SQL param name should be not null
show
com.evolveum.midpoint.util.exception.ConfigurationException: Configuration error: SQL param name should be not null at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:169) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:87) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.executeConnIdSearch(SearchExecutor.java:236) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.execute(SearchExecutor.java:110) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.search(ConnectorInstanceConnIdImpl.java:1787) at com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1382)
�
�
Timeout wise seems that Midpoint is getting the data – query takes around 27 seconds to run on server, more-or-less same time I wait till I get this error in Midpoint interface.
�
Any suggestions would be much appreciated, thank you!
�
Cheers,
Dmitry
�
�
�
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From stefano at everythinginfo.cloud Thu Oct 13 10:43:53 2022
From: stefano at everythinginfo.cloud (Stefano Belluomini | EI)
Date: Thu, 13 Oct 2022 08:43:53 +0000
Subject: [midPoint] Database table connector to MS SQL
In-Reply-To: <003c01d8dedf$a5556520$f0002f60$@asgardsecurity.eu>
References: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu>
<003c01d8dedf$a5556520$f0002f60$@asgardsecurity.eu>
Message-ID:
Hi Dmitry,
The connector will complain if a reference column allows nulls, even if none of the cells have nulls. I’m confident that’s your problem.
Regards,
Stefano
________________________________
From: dmitri at asgardsecurity.eu
Sent: Thursday, October 13, 2022 6:41:53 PM
To: Stefano Belluomini | EI ; 'midPoint General Discussion'
Subject: RE: [midPoint] Database table connector to MS SQL
‘Staff id’ – IS configured to allow NULL values as I see, could this be a problem?
I can ask the IT to change this behavior in SQL View query, although I don’t see any NULL value there in the data.
Cheers,
Dmitry
From: Stefano Belluomini | EI
Sent: Wednesday, October 12, 2022 11:42 PM
To: midPoint General Discussion
Cc: dmitri at asgardsecurity.eu
Subject: Re: [midPoint] Database table connector to MS SQL
Is the staffId column in your database configured to allow NULL? I use the same connector and the column I’m using as the key does not allow nulls.
________________________________
From: midPoint > on behalf of dmitri--- via midPoint >
Sent: Wednesday, October 12, 2022 12:54:45 AM
To: midpoint at lists.evolveum.com >
Cc: dmitri at asgardsecurity.eu >
Subject: [midPoint] Database table connector to MS SQL
Hello!
I have a MS SQL with View, accessible with SQL Management Studio, all ok.
Now I’ve used next configuration to setup the resource in Midpoint:
>
XXX.com
1433
XXX
>http://www.w3.org/2001/04/xmlenc#aes256-cbc>
XXXXX
XXX
XXXX
Profiles
Staff Id
com.microsoft.sqlserver.jdbc.SQLServerDriver
Single
jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d;
Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception:
Operation
org.identityconnectors.framework.api.ConnectorFacade.search
Message
Configuration error: SQL param name should be not null
Parameters
objectClass
[ObjectClass: __ACCOUNT__]
Error
Configuration error: SQL param name should be not null
show
com.evolveum.midpoint.util.exception.ConfigurationException: Configuration error: SQL param name should be not null at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:169) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:87) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.executeConnIdSearch(SearchExecutor.java:236) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.execute(SearchExecutor.java:110) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.search(ConnectorInstanceConnIdImpl.java:1787) at com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1382)
Timeout wise seems that Midpoint is getting the data – query takes around 27 seconds to run on server, more-or-less same time I wait till I get this error in Midpoint interface.
Any suggestions would be much appreciated, thank you!
Cheers,
Dmitry
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From zeipelt at uni-wuppertal.de Thu Oct 13 11:26:12 2022
From: zeipelt at uni-wuppertal.de (Rene Zeipelt)
Date: Thu, 13 Oct 2022 11:26:12 +0200
Subject: [midPoint] Compile Error on connector-ldap v3.4
In-Reply-To: <7fa2a85f-93f2-5a5c-bdb7-9025d9c65167@uni-wuppertal.de>
References: <7fa2a85f-93f2-5a5c-bdb7-9025d9c65167@uni-wuppertal.de>
Message-ID:
Am 11.10.22 um 13:25 schrieb Rene Zeipelt via midPoint:
> Hello, for testing hash tags with openldap pw-sha2 module I compile my
> git clone (with v3.4 tag) and got
>
> [ERROR] Failed to execute goal on project connector-ldap: Could not
> resolve dependencies for project
> com.evolveum.polygon:connector-ldap:jar:3.4: Failed to collect
> dependencies at org.apache.directory.api:api-all:jar:2.1.0e3: Failed
> to read artifact descriptor for
> org.apache.directory.api:api-all:jar:2.1.0e3: Failure to find
> org.apache.directory.project:project:pom:46-SNAPSHOT in
> https://nexus.evolveum.com/nexus/content/groups/public/ was cached in
> the local repository, resolution will not be reattempted until the
> update interval of evolveum has elapsed or updates are forced
>
> So version 3.6-snapshot have no compiling errors but the provisioning
> framework version is different and jar file would not loaded to
> midpoint by the icf-connectors dir. Running a midpoint 4.5 with native
> postgresql (13) on tomcat (9) deployment. Thank you for any hint or help.
> Best regards
> Rene Zeipelt
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
Hello, I got error free compiling on v.3.3.1 of connector-ldap jar and
add the algorithm name SSHA512 to hashBytes function on the
schema/AbstractSchemaTranslator.java. The function build the hash tag
from alg name to {SSHA-512} and this does not work on openldap pw-sha2
module. But with the algorithm name equal to hash tag it build the right
tag {SSHA512} and it works on ldap bind.
Best regards
Rene Zeipelt
--
_________________________________________________________
BERGISCHE UNIVERSITÄT WUPPERTAL
Zentrum fuer Informations- und Medienverarbeitung - ZIM
Gaussstr. 20
DEU-42119 Wuppertal
_________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4942 bytes
Desc: S/MIME Cryptographic Signature
URL:
From stephane.delcourt at ulb.be Thu Oct 13 17:08:08 2022
From: stephane.delcourt at ulb.be (=?iso-8859-1?Q?Delcourt_St=E9phane?=)
Date: Thu, 13 Oct 2022 15:08:08 +0000
Subject: [midPoint] hasNoAssignment policy constraint
In-Reply-To:
References:
Message-ID:
Hi Pavol,
Thanks for all your suggestions, I did not knew about the third one and give it a try.
IT helps me to understand that my policy constraint did not apply user having assignment to role A but role B having assignment to role A.
I now understand the meaning of "evaluated on" column in the wiki sorry about that.
Then I'm back at the beginning and my main goal is to achieve the opposite of exclusion constraint.
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
From: midPoint On Behalf Of Pavol Mederly via midPoint
Sent: Wednesday, 12 October 2022 12:34
To: midpoint at lists.evolveum.com
Cc: Pavol Mederly
Subject: Re: [midPoint] hasNoAssignment policy constraint
Hello, Stéphane,
just a few general comments:
1. I would search the midPoint sources for string. We try to do the development seriously, so every feature should have (at least) one test for it. This one is no exception.
2. I would search the docs.evolveum.com for "hasNoAssignment". Here the situation is a bit worse. The feature is not quite finished - it was sponsored to some extent; but additional resources are needed to document it properly. However, this work-in-progress document could help: https://docs.evolveum.com/midpoint/devel/design/policy-constraints/. (The formatting problems are due to wiki migration.)
3. As for debugging, policy constraints do not have "" flag nor the comprehensive troubleshooting methodology (as mappings do). So I use the (experimental) troubleshooting with traces to diagnose issues with them.
4. Personally, I would be greatly interested in how many installations do use policy rules, and this one in particular.
--
Pavol Mederly
Software developer
evolveum.com
On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote:
Hi all,
Does someone know how to deal with this policy constraint ?
My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068
So I want to add policy constraint in role B to block user receiving it if not assigned of role A
Here's the code sample I'm using in role B:
exclude-if-no-role-a
But this does not trigger any error when I try to assign role B to a user not having role A.
What am I missing here ?
I don't even know how to debug this.
Thanks for your help
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
[www.ulb.be]
Département informatique, Service Applications métier
Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: image001.jpg
URL:
From mederly at evolveum.com Thu Oct 13 19:26:19 2022
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 13 Oct 2022 19:26:19 +0200
Subject: [midPoint] hasNoAssignment policy constraint
In-Reply-To:
References:
Message-ID: <36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com>
Hello Stéphane,
I would consider formulating the rule like this: "It is illegal to have
a role B and not have role A (at the same time)" - forgetting about the
assignment-oriented, transition-related "assignment" constraint, but
simply using two object-oriented, state-related ones: hasAssignment,
hasNoAssignment.
--
Pavol Mederly
Software developer
evolveum.com
On 13/10/2022 17:08, Delcourt Stéphane via midPoint wrote:
>
> Hi Pavol,
>
> Thanks for all your suggestions, I did not knew about the third one
> and give it a try.
>
> IT helps me to understand that my policy constraint did not apply user
> having assignment to role A but role B having assignment to role A.
>
> I now understand the meaning of “evaluated on” column in the wiki
> sorry about that.
>
> Then I’m back at the beginning and my main goal is to achieve the
> opposite of exclusion constraint.
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
>
> *From:*midPoint *On Behalf Of
> *Pavol Mederly via midPoint
> *Sent:* Wednesday, 12 October 2022 12:34
> *To:* midpoint at lists.evolveum.com
> *Cc:* Pavol Mederly
> *Subject:* Re: [midPoint] hasNoAssignment policy constraint
>
> Hello, Stéphane,
>
> just a few general comments:
>
> 1. I would search the midPoint sources for string.
> We try to do the development seriously, so every feature should
> have (at least) one test for it. This one is no exception.
> 2. I would search the docs.evolveum.com for "hasNoAssignment". Here
> the situation is a bit worse. The feature is not quite finished -
> it was sponsored to some extent; but additional resources are
> needed to document it properly. However, this work-in-progress
> document could help:
> https://docs.evolveum.com/midpoint/devel/design/policy-constraints/
> .
> (The formatting problems are due to wiki migration.)
> 3. As for debugging, policy constraints do not have "" flag
> nor the comprehensive troubleshooting methodology (as mappings
> do). So I use the (experimental) troubleshooting with traces
> to
> diagnose issues with them.
> 4. Personally, I would be greatly interested in how many
> installations do use policy rules, and this one in particular.
>
> --
> Pavol Mederly
> Software developer
> evolveum.com
>
> On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote:
>
> Hi all,
>
> Does someone know how to deal with this policy constraint ?
>
> My idea is to use it for role dependency as intended
> https://jira.evolveum.com/browse/MID-4068
>
>
> So I want to add policy constraint in role B to block user
> receiving it if not assigned of role A
>
> Here’s the code sample I’m using in role B:
>
>
>
>
>
> exclude-if-no-role-a
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> But this does not trigger any error when I try to assign role B to
> a user not having role A.
>
> What am I missing here ?
>
> I don’t even know how to debug this.
>
> Thanks for your help
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
> www.ulb.be
>
> *Département informatique, Service Applications métier*
> Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: not available
URL:
From stephane.delcourt at ulb.be Fri Oct 14 10:30:15 2022
From: stephane.delcourt at ulb.be (=?iso-8859-1?Q?Delcourt_St=E9phane?=)
Date: Fri, 14 Oct 2022 08:30:15 +0000
Subject: [midPoint] hasNoAssignment policy constraint
In-Reply-To: <36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com>
References:
<36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com>
Message-ID:
Thanks a lot and sorry about the misunderstanding of documentation here.
Found the solution:
I was placing policy rule on role B as assignment instead of inducement.
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
From: midPoint On Behalf Of Pavol Mederly via midPoint
Sent: Thursday, 13 October 2022 19:26
To: midpoint at lists.evolveum.com
Cc: Pavol Mederly
Subject: Re: [midPoint] hasNoAssignment policy constraint
Hello Stéphane,
I would consider formulating the rule like this: "It is illegal to have a role B and not have role A (at the same time)" - forgetting about the assignment-oriented, transition-related "assignment" constraint, but simply using two object-oriented, state-related ones: hasAssignment, hasNoAssignment.
--
Pavol Mederly
Software developer
evolveum.com
On 13/10/2022 17:08, Delcourt Stéphane via midPoint wrote:
Hi Pavol,
Thanks for all your suggestions, I did not knew about the third one and give it a try.
IT helps me to understand that my policy constraint did not apply user having assignment to role A but role B having assignment to role A.
I now understand the meaning of "evaluated on" column in the wiki sorry about that.
Then I'm back at the beginning and my main goal is to achieve the opposite of exclusion constraint.
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
From: midPoint On Behalf Of Pavol Mederly via midPoint
Sent: Wednesday, 12 October 2022 12:34
To: midpoint at lists.evolveum.com
Cc: Pavol Mederly
Subject: Re: [midPoint] hasNoAssignment policy constraint
Hello, Stéphane,
just a few general comments:
1. I would search the midPoint sources for string. We try to do the development seriously, so every feature should have (at least) one test for it. This one is no exception.
2. I would search the docs.evolveum.com for "hasNoAssignment". Here the situation is a bit worse. The feature is not quite finished - it was sponsored to some extent; but additional resources are needed to document it properly. However, this work-in-progress document could help: https://docs.evolveum.com/midpoint/devel/design/policy-constraints/. (The formatting problems are due to wiki migration.)
3. As for debugging, policy constraints do not have "" flag nor the comprehensive troubleshooting methodology (as mappings do). So I use the (experimental) troubleshooting with traces to diagnose issues with them.
4. Personally, I would be greatly interested in how many installations do use policy rules, and this one in particular.
--
Pavol Mederly
Software developer
evolveum.com
On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote:
Hi all,
Does someone know how to deal with this policy constraint ?
My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068
So I want to add policy constraint in role B to block user receiving it if not assigned of role A
Here's the code sample I'm using in role B:
exclude-if-no-role-a
But this does not trigger any error when I try to assign role B to a user not having role A.
What am I missing here ?
I don't even know how to debug this.
Thanks for your help
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
[www.ulb.be]
Département informatique, Service Applications métier
Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: image001.jpg
URL:
From mederly at evolveum.com Fri Oct 14 11:03:42 2022
From: mederly at evolveum.com (Pavol Mederly)
Date: Fri, 14 Oct 2022 11:03:42 +0200
Subject: [midPoint] hasNoAssignment policy constraint
In-Reply-To:
References:
<36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com>
Message-ID: <87dd2042-afec-55da-db0d-9af8b85eb353@evolveum.com>
Stéphane,
I am glad you found the solution. And there is no need to apologize! :)
--
Pavol Mederly
Software developer
evolveum.com
On 14/10/2022 10:30, Delcourt Stéphane via midPoint wrote:
>
> Thanks a lot and sorry about the misunderstanding of documentation here.
>
> Found the solution:
>
> I was placing policy rule on role B as assignment instead of inducement.
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
>
> *From:*midPoint *On Behalf Of
> *Pavol Mederly via midPoint
> *Sent:* Thursday, 13 October 2022 19:26
> *To:* midpoint at lists.evolveum.com
> *Cc:* Pavol Mederly
> *Subject:* Re: [midPoint] hasNoAssignment policy constraint
>
> Hello Stéphane,
>
> I would consider formulating the rule like this: "It is illegal to
> have a role B and not have role A (at the same time)" - forgetting
> about the assignment-oriented, transition-related "assignment"
> constraint, but simply using two object-oriented, state-related ones:
> hasAssignment, hasNoAssignment.
>
> --
> Pavol Mederly
> Software developer
> evolveum.com
>
> On 13/10/2022 17:08, Delcourt Stéphane via midPoint wrote:
>
> Hi Pavol,
>
> Thanks for all your suggestions, I did not knew about the third
> one and give it a try.
>
> IT helps me to understand that my policy constraint did not apply
> user having assignment to role A but role B having assignment to
> role A.
>
> I now understand the meaning of “evaluated on” column in the wiki
> sorry about that.
>
> Then I’m back at the beginning and my main goal is to achieve the
> opposite of exclusion constraint.
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
>
> *From:*midPoint
> *On Behalf Of *Pavol
> Mederly via midPoint
> *Sent:* Wednesday, 12 October 2022 12:34
> *To:* midpoint at lists.evolveum.com
> *Cc:* Pavol Mederly
>
> *Subject:* Re: [midPoint] hasNoAssignment policy constraint
>
> Hello, Stéphane,
>
> just a few general comments:
>
> 1. I would search the midPoint sources for
> string. We try to do the development seriously, so every
> feature should have (at least) one test for it. This one is no
> exception.
> 2. I would search the docs.evolveum.com for "hasNoAssignment".
> Here the situation is a bit worse. The feature is not quite
> finished - it was sponsored to some extent; but additional
> resources are needed to document it properly. However, this
> work-in-progress document could help:
> https://docs.evolveum.com/midpoint/devel/design/policy-constraints/
> .
> (The formatting problems are due to wiki migration.)
> 3. As for debugging, policy constraints do not have ""
> flag nor the comprehensive troubleshooting methodology (as
> mappings do). So I use the (experimental) troubleshooting with
> traces
> to
> diagnose issues with them.
> 4. Personally, I would be greatly interested in how many
> installations do use policy rules, and this one in particular.
>
> --
>
> Pavol Mederly
>
> Software developer
>
> evolveum.com
>
> On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote:
>
> Hi all,
>
> Does someone know how to deal with this policy constraint ?
>
> My idea is to use it for role dependency as intended
> https://jira.evolveum.com/browse/MID-4068
>
>
> So I want to add policy constraint in role B to block user
> receiving it if not assigned of role A
>
> Here’s the code sample I’m using in role B:
>
>
>
>
>
> exclude-if-no-role-a
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> But this does not trigger any error when I try to assign role
> B to a user not having role A.
>
> What am I missing here ?
>
> I don’t even know how to debug this.
>
> Thanks for your help
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
> www.ulb.be
>
> *Département informatique, Service Applications métier*
> Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: not available
URL:
From ssimkova at evolveum.com Fri Oct 14 15:35:15 2022
From: ssimkova at evolveum.com (Simona Simkova)
Date: Fri, 14 Oct 2022 15:35:15 +0200 (CEST)
Subject: [midPoint] Evolveum at Educause in Denver
Message-ID: <1716831998.120349.1665754515926.JavaMail.zimbra@evolveum.com>
Dear midPoint community,
The higher education IT world is gathering once again and we cannot miss it this time. Hence, we would like to let you know that Evolveum team (Slavek Licehammer, Identity Engineer and Simona Simkova, Sales&Partnerships Representative) will be at [ https://events.educause.edu/annual-conference | EDUCAUSE ] this year, from October 24th-28th in Denver!
Are you planning to attend too? Let us know via email academia @evolveum.com and we could arrange some time to speak in person.
We are looking forward to live discussion!
Best regards
Simona Simkova | Sales Representative
[ mailto:simona.simkova at evolveum.com | simona.simkova at evolveum.com ] | [ http://www.evolveum.com/ | www.evolveum.com ]
+421 911 449 455 [ https://twitter.com/Evolveum ]
Disclaimer: The contents of this e-mail and attachment(s) thereto are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From PFSJ at senado.leg.br Fri Oct 14 17:14:25 2022
From: PFSJ at senado.leg.br (Paulo Fernandes de Souza Junior)
Date: Fri, 14 Oct 2022 15:14:25 +0000
Subject: [midPoint] Error in matchingRule
Message-ID:
After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error:
Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions.
In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version?
Paulo Fernandes de Souza Júnior
Senado Federal -
PRODASEN
Fone: 61 3303.3924
From ruy.takata at serpro.gov.br Fri Oct 14 19:00:13 2022
From: ruy.takata at serpro.gov.br (Ruy Minoru Ito Takata)
Date: Fri, 14 Oct 2022 17:00:13 +0000
Subject: [midPoint] Replace Manager from OrgUnit
Message-ID:
Hi,
I'm using CSV file to create a org tree and assign a manager to each one. But when there are a change in manager, the new manager is added and the old manager is not removed.
Like in the book, the org CSV has orgnum, orgname, and manager identifier. I made two resources, one to build the org tree, and another to assign manager to the orgs.
The resource that assigns manager to the orgs has a assignmentTargetSearch to find the org and change the assignment attribute of the user. So, when a user is no more manager of an org, his identifier disappear from the CSV file.
What is the correct way to do this?
My CSV org file is like:
orgnum,orgname,orgmanager
My schemahandling:
Organizational Unit Manager
ri:AccountObjectClass
account
true
[ri:orgmanager]
$focus/employeeNumber
[ri:orgnum]
c:OrgType
org:manager
csvorgmanager
identifier
$input
$focus/assignment
Thanks
[Serpro]
Ruy Minoru Ito Takata
Analista
Superintendência de Segurança da Informação
Diretoria de Operações
+55 (11) 2173-1799
"Essa mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente ao destinatário informado e pode conter dados pessoais, protegidos pela Lei Geral de Proteção de Dados (Lei 13.709/2018), assim como informações confidenciais, protegidas por sigilo profissional. O SERPRO ressalta seu comprometimento em assegurar a segurança e a proteção das informações contidas neste e-mail e informa que a sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você o recebeu indevidamente, queira, por gentileza, reenviá-lo ao emitente, esclarecendo o equívoco." "This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) - a government company established under Brazilian law (5.615/70) - is directed exclusively to its addressee and may contain personal data protected by the General Data Protection Law (13.709/2018) as well as confidencial data, protected under professional secrecy rules. SERPRO highlights its commitment to ensuring the security and protection of the information contained in this email and its unauthorized use is illegal and may subject the transgressor to the law´s penalties. If you´re not the addressee, please send it back, elucidating the failure."
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From smarbrier at positivethinking.tech Sun Oct 16 23:45:31 2022
From: smarbrier at positivethinking.tech (=?utf-8?B?U8OpYmFzdGllbiBNQVJCUklFUg==?=)
Date: Sun, 16 Oct 2022 21:45:31 +0000
Subject: [midPoint] Error in matchingRule
In-Reply-To:
References:
Message-ID:
Hello Paolo,
Can you tell me from which version you moved from and if you changed the version of your AD connector ?
Best regards,
Sébastien Marbrier
-----Original Message-----
From: midPoint On Behalf Of Paulo Fernandes de Souza Junior via midPoint
Sent: vendredi, 14 octobre 2022 17:14
To: midPoint General Discussion
Cc: Paulo Fernandes de Souza Junior
Subject: [midPoint] Error in matchingRule
After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error:
Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions.
In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version?
Paulo Fernandes de Souza Júnior
Senado Federal -
PRODASEN
Fone: 61 3303.3924
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
________________________________
Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document.
From PFSJ at senado.leg.br Mon Oct 17 13:38:53 2022
From: PFSJ at senado.leg.br (Paulo Fernandes de Souza Junior)
Date: Mon, 17 Oct 2022 11:38:53 +0000
Subject: [midPoint] Error in matchingRule
In-Reply-To:
References:
Message-ID:
Hi Sébastien,
We just upgrade from version 4.4.2. No changes in AD connector version.
Regards,
Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN
Fone: 61 3303.3924
________________________________
De: midPoint em nome de Sébastien MARBRIER via midPoint
Enviado: domingo, 16 de outubro de 2022 18:45
Para: midPoint General Discussion
Cc: Sébastien MARBRIER
Assunto: Re: [midPoint] Error in matchingRule
Hello Paolo,
Can you tell me from which version you moved from and if you changed the version of your AD connector ?
Best regards,
Sébastien Marbrier
-----Original Message-----
From: midPoint On Behalf Of Paulo Fernandes de Souza Junior via midPoint
Sent: vendredi, 14 octobre 2022 17:14
To: midPoint General Discussion
Cc: Paulo Fernandes de Souza Junior
Subject: [midPoint] Error in matchingRule
After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error:
Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions.
In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version?
Paulo Fernandes de Souza Júnior
Senado Federal -
PRODASEN
Fone: 61 3303.3924
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
________________________________
Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From davy.priem at vives.be Mon Oct 17 16:28:47 2022
From: davy.priem at vives.be (Davy Priem)
Date: Mon, 17 Oct 2022 14:28:47 +0000
Subject: [midPoint] Error in matchingRule
In-Reply-To:
References:
Message-ID: <2007739D-C62A-48DD-906D-3B2E663A8249@vives.be>
Hi,
FYI: I have the same issue, but this is not blocking from operation correctly. I thought this was because we didn’t switch to native Postgress yet.
2022-10-17 15:17:48,559 [REPOSITORY] [pool-2-thread-135] ERROR (com.evolveum.midpoint.repo.sql.query.matcher.StringMatcher): Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. Property name: '_s2.value', value: ‘cn=xxxx,ou=xxxx,ou=xxxx,dc=xxxx,dc=xxxx'
Davy Priem
Coördinator IT architectuur, operations en security
Hogeschool VIVES | Dienst studentenzaken, informatie en technologie
Doorniksesteenweg 145 | 8500 Kortrijk
tel. + 32 56 27 05 61
e-mail davy.priem at vives.be
Op 17 okt. 2022, om 13:38 heeft Paulo Fernandes de Souza Junior via midPoint > het volgende geschreven:
Hi Sébastien,
We just upgrade from version 4.4.2. No changes in AD connector version.
Regards,
Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN
Fone: 61 3303.3924
________________________________
De: midPoint > em nome de Sébastien MARBRIER via midPoint >
Enviado: domingo, 16 de outubro de 2022 18:45
Para: midPoint General Discussion >
Cc: Sébastien MARBRIER >
Assunto: Re: [midPoint] Error in matchingRule
Hello Paolo,
Can you tell me from which version you moved from and if you changed the version of your AD connector ?
Best regards,
Sébastien Marbrier
-----Original Message-----
From: midPoint > On Behalf Of Paulo Fernandes de Souza Junior via midPoint
Sent: vendredi, 14 octobre 2022 17:14
To: midPoint General Discussion >
Cc: Paulo Fernandes de Souza Junior >
Subject: [midPoint] Error in matchingRule
After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error:
Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions.
In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version?
Paulo Fernandes de Souza Júnior
Senado Federal -
PRODASEN
Fone: 61 3303.3924
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
________________________________
Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dantrob at uwo.ca Mon Oct 17 16:51:29 2022
From: dantrob at uwo.ca (Dennis Antrobus)
Date: Mon, 17 Oct 2022 14:51:29 +0000
Subject: [midPoint] Error in matchingRule
Message-ID:
Hi,
We encountered this issue during our upgrade to MidPoint 4.4.3 and discovered via consultation with Evolveum that it's since been fixed in the MidPoint 4.4.4 support branch. In order to move past this issue you'll likely need to either upgrade your instances to a snapshot version of MidPoint 4.4.4 (https://nexus.evolveum.com/nexus/#browse/browse:snapshots:com%2Fevolveum%2Fmidpoint%2Fdist%2F4.4.4-SNAPSHOT) or wait until the finalized MidPoint 4.4.4 version has been released.
Dennis Antrobus
Western Technology Services
Western University
From: midPoint >> On Behalf Of Paulo Fernandes de Souza Junior via midPoint
Sent: vendredi, 14 octobre 2022 17:14
To: midPoint General Discussion >>
Cc: Paulo Fernandes de Souza Junior >>
Subject: [midPoint] Error in matchingRule
After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error:
Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions.
In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version?
Paulo Fernandes de Souza Júnior
Senado Federal -
PRODASEN
Fone: 61 3303.3924
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From smarbrier at positivethinking.tech Mon Oct 17 17:28:21 2022
From: smarbrier at positivethinking.tech (=?iso-8859-1?Q?S=E9bastien_MARBRIER?=)
Date: Mon, 17 Oct 2022 15:28:21 +0000
Subject: [midPoint] Error in matchingRule
In-Reply-To:
References: