[midPoint] AD computer & userAccountControl if adminStatus = disabled

Yakov Revyakin yrevyakin at gmail.com
Fri Mar 1 13:49:59 CET 2024


I've migrated to MP v.4.8.2 with LDAP connector v3.7
I have AD user & computer objectTypes. I manage AD 'computer' status in the
same way as 'user' using MP administrative status.
I can see that disabling 'user' works as expected. But disabling 'computer'
throws the error:

com.evolveum.midpoint.util.exception.SchemaException: Error modifying LDAP
entry CN=WS164,OU=Computers,OU=...........,DC=local: [
*replace:userAccountControl=FALSE,*]: invalid
AttributeSyntax: 00000057: LdapErr: DSID-0C091284, comment: Error in
attribute conversion operation, data 0, v4563? (21)

It looks like MP tries to update userAccountControl with boolean value when
integer is expected.

Do you have any ideas on how to solve this?
Yakov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240301/eae89e0f/attachment.htm>


More information about the midPoint mailing list