[midPoint] midPoint creating duplicate AD account instead of linking
João Paulo Ribeiro
joparibeiro at gmail.com
Thu Sep 25 17:53:19 CEST 2025
Hello!
I have a midPoint deployment with an authoritative (inbound) resource and
an outbound Active Directory resource. There's a specific situation where a
user that I haven't imported into midPoint yet already has an account in
Active Directory (outbound). In this scenario, when I import the user from
the authoritative resource, I would expect midPoint to link the existing
Active Directory account (UNLINKED -> LINKED). However, it's trying to
create another account in AD, and because of that, the following error is
being thrown:
ObjectAlreadyExistsException:
org.identityconnectors.framework.common.exceptions.AlreadyExistsException(Error
adding LDAP entry CN=username,OU=users,DC=example,DC=com:
constraintViolation: 000021C8: AtrErr: DSID-03200BD1, #1:??0: 000021C8:
DSID-03200BD1, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90290 (
*userPrincipalName*)?? (19))
I have already checked the correlation and synchronization rules on both
the inbound (authoritative) and outbound (AD) resources, and they seem
correct. In fact, if I try to run the "import" for the existing AD account
while it's in the UNLINKED state, it performs the expected operation: it
LINKS the account with its respective focus and applies the necessary
updates. The problem really happens when I try to run the "import" from the
authoritative resource, in which case midPoint doesn't detect the
pre-existing AD account for the user.
Has anyone else experienced this?
Versions:
midPoint 4.8.7
AdLdapConnector 3.7.4
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250925/e5ffa648/attachment.htm>
More information about the midPoint
mailing list