[midPoint] Unexpected behaviour with group import from Active Directory in MidPoint 4.8.6 and 4.8.8
Dornieden, Sebastian
Sebastian.Dornieden at comramo.de
Wed May 14 15:46:49 CEST 2025
Hi,
I installed an AD connector that worked well for a few weeks. However, for the past few days, the groups from Active Directory are no longer being automatically imported into MidPoint. Since I can't find the problem, I'm hoping someone from the community might be able to give me a hint.
When I add an AD group to Active Directory, the object appears under Resource Objects in MidPoint. Normally, the situation would now be "Unmatched" and MidPoint would create a MidPoint object from it. But that just doesn't happen. The LiveSync job does not recognize the object. The Import job doesn't either. The object does not receive any situation.
However, if I click on the object once in the Resource Objects menu in the connector (without changing anything) and look at the projection, I see that the projection is correctly assigned to the corresponding kind and intent. After that, the object appears in the repository, but still without a situation.
But if I then change a field in AD (e.g., Description), the LiveSync job recognizes the object and imports it into MidPoint as intended. I don't understand this behavior. Maybe someone can help me.
Here's the objectType-Definition:
<objectType>
<kind>entitlement</kind>
<intent>dfs-group</intent>
<displayName>DFS-Share AD Group</displayName>
<default>false</default>
<delineation>
<objectClass>ri:group</objectClass>
<baseContext>
<objectClass>ri:organizationalUnit</objectClass>
<filter>
<q:equal>
<q:path>attributes/dn</q:path>
<q:value>specificOU</q:value>
</q:equal>
</filter>
</baseContext>
<searchHierarchyScope>one</searchHierarchyScope>
<baseContextClassificationUse>required</baseContextClassificationUse>
</delineation>
<focus>
<type>ServiceType</type>
</focus>
<attribute>
<ref>ri:cn</ref>
<correlator/>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>name</path>
</source>
</outbound>
<inbound>
<target>
<path>name</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:displayName</ref>
<outbound>
<source>
<path>displayName</path>
</source>
</outbound>
<inbound>
<target>
<path>displayName</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:description</ref>
<limitations>
<maxOccurs>1</maxOccurs>
</limitations>
<inbound>
<target>
<path>description</path>
</target>
</inbound>
<outbound>
<source>
<path>description</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:dn</ref>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>name</path>
</source>
<expression>
<script>
<code>
return 'CN=' + name + ', specificOU'
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute>
<ref>ri:sAMAccountName</ref>
<outbound>
<strength>strong</strength>
<source>
<path>name</path>
</source>
</outbound>
</attribute>
<synchronization>
<reaction>
<situation>linked</situation>
<actions>
<synchronize/>
</actions>
</reaction>
<reaction>
<situation>unlinked</situation>
<actions>
<link/>
</actions>
</reaction>
<reaction>
<situation>unmatched</situation>
<actions>
<addFocus>
<objectTemplateRef oid="3be1e9e0-78ad-4eaa-94e2-b33e79a08b97"/>
</addFocus>
</actions>
</reaction>
<reaction>
<situation>deleted</situation>
<actions>
<deleteFocus/>
</actions>
</reaction>
</synchronization>
Sebastian Dornieden
Application Service Providing
Informationstechnologie
COMRAMO AG
Bischofsholer Damm 89
30173 Hannover
Handelsregister: Hannover HRB 202670
Vorstand: Herr Peter Nohr
Aufsichtsratsvorsitzender: Herr Adalbert Schmidt
Mail: Sebastian.Dornieden at comramo.de
Web: www.comramo.de<https://www.comramo.de>
Hotline der Informationstechnologie: +49 511 12401-767
[cid:SocialLink_Xing_32x32_848acab4-3513-404f-a578-e50432709e36.png]<https://www.xing.com/pages/comramoag> [cid:SocialLink_Linkedin_32x32_7b54cdbf-158e-4dac-8294-603684fbd067.png] <https://de.linkedin.com/company/comramo-ag> <https://twitter.com/user_name_here>
[cid:KUNUNU_Banner2_b3ca3919-1929-4889-98dd-c9bfecf9dfd9.png]<https://www.kununu.com/de/comramo-ag>
Diese Information ist ausschlie?lich f?r den Adressaten bestimmt und kann vertraulich oder gesetzlich gesch?tzte Informationen enthalten. Wenn Sie nicht der bestimmungsgem??e Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgem??en Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden.
Diese E-Mail enth?lt kein Anerkenntnis, dass es sich beim Inhalt dieser E-Mail um eine rechtsverbindliche Erkl?rung der COMRAMO AG handelt. Erkl?rungen, welche die COMRAMO AG verpflichten, bed?rfen jeweils der Unterschrift der zeichnungsberechtigten Person der COMRAMO AG. Die Allgemeinen Gesch?ftsbedingungen der COMRAMO AG finden Sie auf www.comramo.de <https://www.comramo.de/> und k?nnen sie dort als PDF-Datei herunterladen. Bitte beachten Sie unsere Datenschutzhinweise<https://www.comramo.de/datenschutzerklaerung/>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250514/06b00f06/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SocialLink_Xing_32x32_848acab4-3513-404f-a578-e50432709e36.png
Type: image/png
Size: 725 bytes
Desc: SocialLink_Xing_32x32_848acab4-3513-404f-a578-e50432709e36.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250514/06b00f06/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SocialLink_Linkedin_32x32_7b54cdbf-158e-4dac-8294-603684fbd067.png
Type: image/png
Size: 468 bytes
Desc: SocialLink_Linkedin_32x32_7b54cdbf-158e-4dac-8294-603684fbd067.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250514/06b00f06/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: KUNUNU_Banner2_b3ca3919-1929-4889-98dd-c9bfecf9dfd9.png
Type: image/png
Size: 12993 bytes
Desc: KUNUNU_Banner2_b3ca3919-1929-4889-98dd-c9bfecf9dfd9.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250514/06b00f06/attachment-0005.png>
More information about the midPoint
mailing list