From mani.pasarla at h-kare.com Mon May 5 05:59:54 2025 From: mani.pasarla at h-kare.com (Mani Pasarla) Date: Mon, 5 May 2025 03:59:54 +0000 Subject: [midPoint] Midpoint - Entitlement Level Request Access Message-ID: Hi , Can you please help to confirm on the following questions? Midpoint Version: 4.9.2 AD Connector Version: 3.9.1 1. Requesting at Entitlement level instead of the role - Is this approach recommended in MidPoint? Compared to other IGA solutions, which typically support entitlement-level access requests out of the box. Does MidPoint require additional configuration to achieve similar functionality?. Is there a way to enable entitlement-level access requests in MidPoint? 2. We've explored using Application Roles as an alternative to direct Entitlement Access Requests, where relevant entitlements are grouped under a role. Is this considered a recommended approach over requesting individual entitlements? Additionally, we're facing an issue with our Active Directory application?we're unable to add entitlements to an Application Role. When attempting to add them as inducements, the option to select entitlements doesn't appear. Could you provide any references or suggestions to help resolve this? Regards, Manikanta -------------- next part -------------- An HTML attachment was scrubbed... URL: From dakle at evolveum.com Mon May 5 15:21:29 2025 From: dakle at evolveum.com (David Klement) Date: Mon, 5 May 2025 15:21:29 +0200 (CEST) Subject: [midPoint] searching by date in a task In-Reply-To: References: Message-ID: <242825649.17113014.1746451289401.JavaMail.zimbra@evolveum.com> Hi Steven, regarding your question about log level - could the following possibly help? - Logging Configuration : https://docs.evolveum.com/midpoint/reference/support-4.8/diag/logging/configuration/ - Understanding Logging: Loggers, Levels and Appenders : https://docs.evolveum.com/midpoint/guides/admin-gui-user-guide/#understanding-logging-loggers-levels-and-appenders You could set log level for tasks indirectly by defining log level for task-related packages like this: DEBUG MIDPOINT_LOG com.evolveum.midpoint.task.quartzimpl `quartzimpl` is the task package name as it appears in the code (e.g. in /repo/task-quartz-impl/src/main/java/com/evolveum/midpoint/task/quartzimpl/TaskBeans.java) Hope it helps, I didn't directly test this, though - sorry for possible inaccuracies. Best regards, David Klement | Technical Writer Evolveum, s. r. o. dakle at evolveum.com | www.evolveum.com ----- Original Message ----- From: "midPoint General Discussion" To: "midPoint General Discussion" Cc: "Ashwill, Steven L" Sent: Wednesday, April 30, 2025 3:47:40 PM Subject: Re: [midPoint] searching by date in a task I think I found a solution to my filter issue but I still am curious about the logging. This is what I ended up doing to filter: activation/validTo lessOrEqual `basic.addDuration(basic.currentDateTime(), "P21D")` and activation/validTo greaterOrEqual `basic.addDuration(basic.currentDateTime(), "P15D")` and extension/lastPasswordExpirationNotification less `basic.addDuration(basic.currentDateTime(), "-P21D")` _____________________________________________ From: Ashwill, Steven L Sent: Wednesday, April 30, 2025 7:39 AM To: midpoint at lists.evolveum.com Subject: searching by date in a task This task(below)I have running in 4.8.7 works, however I need to be able to change the dates in the search objects. I can't figure out how to put a scripting section in for the filter. Also, It creates a lot of logging in the task, is there a way to turn that off? Set PasswordResetNotification value 2025-04-29T13:09:41.930-05:00 2025-04-29T13:09:42.036-05:00 [ http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest%3C/createChannel | http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest enabled 0 <_metadata> 2025-04-29T13:03:51.267-05:00 1 4 true 1745930885838-1939-1 loose reschedule UserType activation/validTo greaterOrEqual "2025-05-14" and activation/validTo less "2025-05-20" and extension/lastPasswordExpirationNotification less "2025-04-08" execute-script script

 
import com.evolveum.midpoint.xml.ns._public.common.common_3.* 
import javax.xml.datatype.DatatypeFactory; 
import javax.xml.namespace.QName; 
import javax.xml.datatype.XMLGregorianCalendar; 
XMLGregorianCalendar xmldate = basic.currentDateTime() as XMLGregorianCalendar; 
def deltas = midpoint.deltaFor(UserType.class) 
.item(UserType.F_EXTENSION, new QName(" [ http://illinois.edu/application | http://illinois.edu/application ] ", "lastPasswordExpirationNotification")) 
.replace(xmldate) 
.item(UserType.F_EXTENSION, new QName(" [ http://illinois.edu/application | http://illinois.edu/application ] ", "sendPasswordResetNotification")) 
.replace(true) 
.asObjectDeltas(input.oid) 
midpoint.executeChanges(deltas, null)

c:iterativeScripting c:UserType full production STEVEN L ASHWILL Software Engineer Coordinator Administrative Information Technology Services University of Illinois at Urbana-Champaign 50 Gerty Drive | M/C 673 Champaign, IL 61820 217.265.6337 | [ mailto:sashwill at uillinois.edu | sashwill at uillinois.edu ] [ http://www.aits.uillinois.edu/ | www.aits.uillinois.edu ] Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint From Sebastian.Dornieden at comramo.de Wed May 14 15:46:49 2025 From: Sebastian.Dornieden at comramo.de (Dornieden, Sebastian) Date: Wed, 14 May 2025 13:46:49 +0000 Subject: [midPoint] Unexpected behaviour with group import from Active Directory in MidPoint 4.8.6 and 4.8.8 Message-ID: <9b35c61b365842838098d149da17ba48@comramo.de> Hi, I installed an AD connector that worked well for a few weeks. However, for the past few days, the groups from Active Directory are no longer being automatically imported into MidPoint. Since I can't find the problem, I'm hoping someone from the community might be able to give me a hint. When I add an AD group to Active Directory, the object appears under Resource Objects in MidPoint. Normally, the situation would now be "Unmatched" and MidPoint would create a MidPoint object from it. But that just doesn't happen. The LiveSync job does not recognize the object. The Import job doesn't either. The object does not receive any situation. However, if I click on the object once in the Resource Objects menu in the connector (without changing anything) and look at the projection, I see that the projection is correctly assigned to the corresponding kind and intent. After that, the object appears in the repository, but still without a situation. But if I then change a field in AD (e.g., Description), the LiveSync job recognizes the object and imports it into MidPoint as intended. I don't understand this behavior. Maybe someone can help me. Here's the objectType-Definition: entitlement dfs-group DFS-Share AD Group false ri:group ri:organizationalUnit attributes/dn specificOU one required ServiceType ri:cn mr:stringIgnoreCase strong name name ri:displayName displayName displayName ri:description 1 description description ri:dn mr:stringIgnoreCase strong name ri:sAMAccountName strong name linked unlinked unmatched deleted Sebastian Dornieden Application Service Providing Informationstechnologie COMRAMO AG Bischofsholer Damm 89 30173 Hannover Handelsregister: Hannover HRB 202670 Vorstand: Herr Peter Nohr Aufsichtsratsvorsitzender: Herr Adalbert Schmidt Mail: Sebastian.Dornieden at comramo.de Web: www.comramo.de Hotline der Informationstechnologie: +49 511 12401-767 [cid:SocialLink_Xing_32x32_848acab4-3513-404f-a578-e50432709e36.png] [cid:SocialLink_Linkedin_32x32_7b54cdbf-158e-4dac-8294-603684fbd067.png] [cid:KUNUNU_Banner2_b3ca3919-1929-4889-98dd-c9bfecf9dfd9.png] Diese Information ist ausschlie?lich f?r den Adressaten bestimmt und kann vertraulich oder gesetzlich gesch?tzte Informationen enthalten. Wenn Sie nicht der bestimmungsgem??e Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgem??en Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Diese E-Mail enth?lt kein Anerkenntnis, dass es sich beim Inhalt dieser E-Mail um eine rechtsverbindliche Erkl?rung der COMRAMO AG handelt. Erkl?rungen, welche die COMRAMO AG verpflichten, bed?rfen jeweils der Unterschrift der zeichnungsberechtigten Person der COMRAMO AG. Die Allgemeinen Gesch?ftsbedingungen der COMRAMO AG finden Sie auf www.comramo.de und k?nnen sie dort als PDF-Datei herunterladen. Bitte beachten Sie unsere Datenschutzhinweise. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SocialLink_Xing_32x32_848acab4-3513-404f-a578-e50432709e36.png Type: image/png Size: 725 bytes Desc: SocialLink_Xing_32x32_848acab4-3513-404f-a578-e50432709e36.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SocialLink_Linkedin_32x32_7b54cdbf-158e-4dac-8294-603684fbd067.png Type: image/png Size: 468 bytes Desc: SocialLink_Linkedin_32x32_7b54cdbf-158e-4dac-8294-603684fbd067.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: KUNUNU_Banner2_b3ca3919-1929-4889-98dd-c9bfecf9dfd9.png Type: image/png Size: 12993 bytes Desc: KUNUNU_Banner2_b3ca3919-1929-4889-98dd-c9bfecf9dfd9.png URL: From brownolb1 at gmail.com Wed May 14 21:52:38 2025 From: brownolb1 at gmail.com (Orlandis Brown) Date: Wed, 14 May 2025 11:52:38 -0800 Subject: [midPoint] Resource Connection Test Configuration Reference Message-ID: While configuring a new AdLdapConnector resource "from scratch" in MidPoint 4.9 deployed via Docker Compose, clicking "Next" at the second step of testing the connection produces the error message: IO error: org.identityconnectors.framework.common.exceptions.ConnectorIOException(Failed to retrieve root DSE: ERR_04170_TIMEOUT_OCCURED TimeOut occurred)->org.apache.directory.ldap.client.api.exception.LdapConnectionTimeOutException(ERR_04170_TIMEOUT_OCCURED TimeOut occurred I've verified that MidPoint can reach the DC, and that a bind request is sent and responded to (attempting to bind with invalid credentials gives the expected error message of "invalid credentials"). Attempting to bind with valid credentials results in the timeout error above. Is there a configuration reference for setting the timeout interval for this test portion of the resource configuration wizard, or some other potential fix to apply in this case? Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From joparibeiro at gmail.com Wed May 21 21:52:36 2025 From: joparibeiro at gmail.com (=?UTF-8?Q?Jo=C3=A3o_Paulo_Ribeiro?=) Date: Wed, 21 May 2025 16:52:36 -0300 Subject: [midPoint] PostgreSQL permissions for cross-database/audit queries Message-ID: Hello! I have a midPoint installation where I've separated the main and audit databases, as recommended by the documentation. However, when I try to run an advanced query like the following in the Log Viewer, I'm getting a PostgreSQL exception: targetRef/@/name contains "michelangelo" ERROR (com.evolveum.midpoint.gui.impl.component.data.provider.SelectableBeanContainerDataProvider): Couldn't count objects. com.evolveum.midpoint.util.exception.SystemException: Caught PSQLException for select count(*) from ma_audit_event aer left join m_object o on aer.targetOid = o.oid where o.nameNorm like ? and o.nameOrig like ? at com.evolveum.midpoint.repo.sqale.SqaleServiceBase.handledGeneralException(SqaleServiceBase.java:110) at com.evolveum.midpoint.repo.sqale.audit.SqaleAuditService.countObjects(SqaleAuditService.java:524) at com.evolveum.midpoint.init.AuditServiceProxy.countObjects(AuditServiceProxy.java:260) at com.evolveum.midpoint.model.impl.controller.AuditController.countObjects(AuditController.java:102) [...] Caused by: com.querydsl.core.QueryException: Caught PSQLException for select count(*) from ma_audit_event aer left join m_object o on aer.targetOid = o.oid where o.nameNorm like ? and o.nameOrig like ? at com.querydsl.sql.DefaultSQLExceptionTranslator.translate(DefaultSQLExceptionTranslator.java:50) at com.querydsl.sql.Configuration.translate(Configuration.java:507) at com.querydsl.sql.AbstractSQLQuery.unsafeCount(AbstractSQLQuery.java:614) at com.querydsl.sql.AbstractSQLQuery.fetchCount(AbstractSQLQuery.java:130) at com.evolveum.midpoint.repo.sqlbase.SqlQueryContext.executeCount(SqlQueryContext.java:411) at com.evolveum.midpoint.repo.sqlbase.SqlQueryExecutor.count(SqlQueryExecutor.java:49) at com.evolveum.midpoint.repo.sqale.audit.SqaleAuditService.executeCountObjects(SqaleAuditService.java:539) at com.evolveum.midpoint.repo.sqale.audit.SqaleAuditService.countObjects(SqaleAuditService.java:522) ... 167 common frames omitted Caused by: org.postgresql.util.PSQLException: ERROR: relation "m_object" does not exist Position: 51 at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2733) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2420) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:372) at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:517) at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:434) at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194) at org.postgresql.jdbc.PgPreparedStatement.executeQuery(PgPreparedStatement.java:137) at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeQuery(ProxyPreparedStatement.java:52) at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeQuery(HikariProxyPreparedStatement.java) at com.querydsl.sql.AbstractSQLQuery.unsafeCount(AbstractSQLQuery.java:603) ... 172 common frames omitted This apparently seems to be a lack of permissions for cross-reference queries. I could simply include the necessary permissions in my PostgreSQL, but before doing so, I'd like to know if there's a standard script for this. I haven't found any script among the SQL scripts available in the midpoint/doc/config/sql/native directory that grants these permissions. Thanks in advance, Jo?o Paulo Ribeiro. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pxcamus at pm.me Wed May 28 13:50:53 2025 From: pxcamus at pm.me (pxcamus at pm.me) Date: Wed, 28 May 2025 11:50:53 +0000 Subject: [midPoint] [ERROR] Audit configuration not found in /opt/midpoint/var//config.xml Message-ID: Hello, I am encountering a weird error on a Debian VM with K3S, trying to deploy MidPoint 4.8.8. 4.8.8-alpine For some reason, the second ninja command does not succeed: midpoint-midpoint-0:/opt/midpoint# bin/ninja.sh -B run-sql --create --mode REPOSITORY Applying setenv.sh from /opt/midpoint/bin directory. Processing variable (MAP) ... midpoint.repository.jdbcUrl .:. jdbc:postgresql://xxxxxxxxx.database.svc.cluster.local:5432/midpoint Processing variable (MAP) ... midpoint.repository.upgradeableSchemaAction .:. stop Processing variable (MAP) ... midpoint.repository.hibernateHbm2ddl .:. none Processing variable (MAP) ... file.encoding .:. UTF8 Processing variable (MAP) ... midpoint.repository.initializationFailTimeout .:. 60000 Processing variable (MAP) ... midpoint.logging.alt.enabled .:. true Processing variable (MAP) ... midpoint.repository.missingSchemaAction .:. create Processing variable (MAP) ... midpoint.repository.database .:. postgresql Processing variable (MAP) ... midpoint.repository.jdbcUsername .:. midpoint Processing variable (MAP) ... midpoint.repository.jdbcPassword .:. ***** [INFO] [INFO] Starting run sql scripts [INFO] [INFO] Running scripts against midpoint repository. [INFO] Initializing using midpoint home (STARTUP_CONFIGURATION) [INFO] Creating connection for ninja-repository [INFO] Executing script ./doc/config/sql/native/postgres.sql [INFO] Executing script ./doc/config/sql/native/postgres-quartz.sql [INFO] Scripts executed successfully. midpoint-midpoint-0:/opt/midpoint# bin/ninja.sh -B run-sql --create --mode AUDIT Applying setenv.sh from /opt/midpoint/bin directory. Processing variable (MAP) ... midpoint.repository.jdbcUrl .:. jdbc:postgresql://xxxxxxxxx.database.svc.cluster.local:5432/midpoint Processing variable (MAP) ... midpoint.repository.upgradeableSchemaAction .:. stop Processing variable (MAP) ... midpoint.repository.hibernateHbm2ddl .:. none Processing variable (MAP) ... file.encoding .:. UTF8 Processing variable (MAP) ... midpoint.repository.initializationFailTimeout .:. 60000 Processing variable (MAP) ... midpoint.logging.alt.enabled .:. true Processing variable (MAP) ... midpoint.repository.missingSchemaAction .:. create Processing variable (MAP) ... midpoint.repository.database .:. postgresql Processing variable (MAP) ... midpoint.repository.jdbcUsername .:. midpoint Processing variable (MAP) ... midpoint.repository.jdbcPassword .:. ***** [INFO] [INFO] Starting run sql scripts [INFO] [INFO] Running scripts against midpoint audit. [INFO] Initializing using midpoint home (STARTUP_CONFIGURATION) [INFO] Creating connection for ninja-repository[ERROR] Audit configuration not found in /opt/midpoint/var//config.xml I can see all the environment variables correctly set (which is why the first command succeeds). Any idea would be appreciated, thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From vera at evolveum.com Wed May 28 17:37:19 2025 From: vera at evolveum.com (Evolveum Marketing) Date: Wed, 28 May 2025 17:37:19 +0200 Subject: [midPoint] Regulatory Compliance with MidPoint Webinar Message-ID: <787e82d2-e3c2-4e58-a63d-432786645a38@evolveum.com> Dear midPoint community, We invite you to a webinar led by our Co-Founder and Software Architect, Radovan Seman??k, where you?ll learn how midPoint plays an essential role in meeting regulatory requirements and enhancing overall compliance. *Please reserve the date: *June 12th (Thursday), 2PM CEST (8AM EDT / 9PM JST) *Zoom link:* https://us02web.zoom.us/j/87867225216?pwd=vipjtTlwPkdB8VVCg3O4fSReMExEym.1 *Meeting ID:* 878 6722 5216 *Passcode:* 332898 Do you have a question you would like to ask? Use *Slido * to pose and upvote questions now. If you want to make sure you don?t miss the webinar, you can *add it to your calendar*. Download the calendar ICS file , or use following links to add the event to your Google calendar , Outlook , or Office 365 . In case you cannot attend or would like to revisit the topic later, subscribe to our YouTube channel where we will publish the video recording or check our blog in the following days after the webinar. For more information, please visit Evolveum's website . See you there! -- Veronika Kolpascikova Marketing Specialist evolveum.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dakle at evolveum.com Fri May 30 17:36:48 2025 From: dakle at evolveum.com (David Klement) Date: Fri, 30 May 2025 17:36:48 +0200 (CEST) Subject: [midPoint] [ERROR] Audit configuration not found in /opt/midpoint/var//config.xml In-Reply-To: References: Message-ID: <1028063873.315191.1748619408411.JavaMail.zimbra@evolveum.com> Hi, can't say I know the cause for the issue, but the first debugging step that comes to mind, although I'm sure you checked this profoundly already, is to ask whether the config in `/opt/midpoint/var/config.xml` really exists and whether it actually contains the section `...` section with valid content. Secondly, double slash in path (`/opt/midpoint/var//config.xml`) is normally not an issue at all, but could it maybe point to some deeper issue? Just trying to help... David Klement | Technical Writer Evolveum, s. r. o. dakle at evolveum.com | www.evolveum.com ----- Original Message ----- From: "midPoint General Discussion" To: "midPoint General Discussion" Cc: pxcamus at pm.me Sent: Wednesday, May 28, 2025 1:50:53 PM Subject: [midPoint] [ERROR] Audit configuration not found in /opt/midpoint/var//config.xml Hello, I am encountering a weird error on a Debian VM with K3S, trying to deploy MidPoint 4.8.8. 4.8.8-alpine For some reason, the second ninja command does not succeed: midpoint-midpoint-0:/opt/midpoint# bin/ninja.sh -B run-sql --create --mode REPOSITORY Applying [ http://setenv.sh/ | setenv.sh ] from /opt/midpoint/bin directory. Processing variable (MAP) ... midpoint.repository.jdbcUrl .:. jdbc:postgresql://xxxxxxxxx.database.svc.cluster.local:5432/midpoint Processing variable (MAP) ... midpoint.repository.upgradeableSchemaAction .:. stop Processing variable (MAP) ... midpoint.repository.hibernateHbm2ddl .:. none Processing variable (MAP) ... file.encoding .:. UTF8 Processing variable (MAP) ... midpoint.repository.initializationFailTimeout .:. 60000 Processing variable (MAP) ... midpoint.logging.alt.enabled .:. true Processing variable (MAP) ... midpoint.repository.missingSchemaAction .:. create Processing variable (MAP) ... midpoint.repository.database .:. postgresql Processing variable (MAP) ... midpoint.repository.jdbcUsername .:. midpoint Processing variable (MAP) ... midpoint.repository.jdbcPassword .:. ***** [INFO] [INFO] Starting run sql scripts [INFO] [INFO] Running scripts against midpoint repository. [INFO] Initializing using midpoint home (STARTUP_CONFIGURATION) [INFO] Creating connection for ninja-repository [INFO] Executing script ./doc/config/sql/native/postgres.sql [INFO] Executing script ./doc/config/sql/native/postgres-quartz.sql [INFO] Scripts executed successfully. midpoint-midpoint-0:/opt/midpoint# bin/ninja.sh -B run-sql --create --mode AUDIT Applying [ http://setenv.sh/ | setenv.sh ] from /opt/midpoint/bin directory. Processing variable (MAP) ... midpoint.repository.jdbcUrl .:. jdbc:postgresql://xxxxxxxxx.database.svc.cluster.local:5432/midpoint Processing variable (MAP) ... midpoint.repository.upgradeableSchemaAction .:. stop Processing variable (MAP) ... midpoint.repository.hibernateHbm2ddl .:. none Processing variable (MAP) ... file.encoding .:. UTF8 Processing variable (MAP) ... midpoint.repository.initializationFailTimeout .:. 60000 Processing variable (MAP) ... midpoint.logging.alt.enabled .:. true Processing variable (MAP) ... midpoint.repository.missingSchemaAction .:. create Processing variable (MAP) ... midpoint.repository.database .:. postgresql Processing variable (MAP) ... midpoint.repository.jdbcUsername .:. midpoint Processing variable (MAP) ... midpoint.repository.jdbcPassword .:. ***** [INFO] [INFO] Starting run sql scripts [INFO] [INFO] Running scripts against midpoint audit. [INFO] Initializing using midpoint home (STARTUP_CONFIGURATION) [INFO] Creating connection for ninja-repository [ERROR] Audit configuration not found in /opt/midpoint/var//config.xml I can see all the environment variables correctly set (which is why the first command succeeds). Any idea would be appreciated, thanks! _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint