<div dir="ltr">So the role that gets assigned is nothing special, I just created a new role in the GUI and added the inducement for AD Resource. Eventually I will change the permissions on the roles to match what they need to be in production.<div><br></div><div>I attached the AD Resource and AD User Template,</div><div><br></div><div>JASON</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 5, 2014 at 3:17 AM, Ivan Noris <span dir="ltr"><<a href="mailto:Ivan.Noris@evolveum.com" target="_blank">Ivan.Noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>Hi Jason,<br></div><div><br></div><div>yes I think it's somehow depending on the fact that you are generating username.<br></div><div><br></div><div>Can you please share details how AD accounts are constructed from the midpoint's username? What attributes are depending on user/name? DN? sAMAccountName? ... ?<br></div><div>Also, could you send the role definition? I have some conditional roles that are assigned to user, but don't do anything if the condition is false. Which resembles your situation...<br></div><div><br></div><div>BTW it's really strange for me so far. I'd expect at least some exception...<br></div><div><br></div><div>Thanks,<br></div><div>regards,<br></div><div>Ivan<br></div><div><br></div><hr><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><span class=""><b>From: </b>"Jason Everling" <<a href="mailto:jeverling@bshp.edu">jeverling@bshp.edu</a>><br><b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br></span><b>Sent: </b>Tuesday, November 4, 2014 5:19:31 PM<br><b>Subject: </b>Re: [midPoint] Account Creation, Not Being created in AD<div><div class="h5"><br><div><br></div><div dir="ltr">So yes, those are from today but instead of digging through to yesterday I just added a new line to the CSV feed, so new firstname,lastname, employeeID so that it would create a new account.<div><br></div><div>I actually added 3 new lines to the CSV and all 3 get created in Midpoint, Role Assigned with AD inducement, and Org Assigned, the AD account never gets created though until I modify the account in Midpoint.</div><div><br></div><div>That is the only log entry I get when the CSV feed is updated and new account is created in Midpoint,</div><div><br></div><div>Using Midpoint 3.0</div><div><br></div><div><div><div><table><tbody><tr><td>Version</td>
<td>3.0</td>
</tr>
<tr>
<td>Git describe</td>
<td>git-v3.0</td>
</tr>
</tbody></table><br>
</div><div>If I remove the username generation and add a username attribute to the CSV feed it works as expected, this is just when generating the username, is it maybe because the role is getting assigned before Midpoint has time to generate the username and such?</div><div><br></div><div>Jason</div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 4, 2014 at 9:57 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
Hi Jason,<br>
<br>
just to be sure: these error messages have timestamp from today; but
you've reported your problem to the list yesterday.<br>
<br>
Could you please:<br>
<br>
1) double check that the log is the correct one / or find the
(supposed) error messages in previously rotated log (stored in the
same directory as idm.log, but the name derived from the date..)<br>
2) replicate the issue and send current idm.log fragment<br>
<br>
The messages referenced here are ok = we don't see anything yet.<br>
<br>
Also please, what version of midPoint are you using..?<br>
<br>
Thanks,<br>
regards,<br>
Ivan<div><div><br>
<br>
<div>On 11/04/2014 03:25 PM, Jason Everling
wrote:<br>
</div>
<blockquote>
<div dir="ltr">I added a new line to the CSV so it could create a
new user, it gets created in Midpoint and the role and org
assigned, the only item in the log that stands out is,
<div><br>
</div>
<div>2014-11-04 08:22:11,914 [PROVISIONING]
[midPointScheduler_Worker-2] WARN
(com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
The resource: SonisWeb-Generate
(OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa) does not provide
definition for null value of simulated activation attribute<br>
</div>
<div><br>
</div>
<div>There is no other errors besides that,</div>
<div><br>
</div>
<div>
<div>2014-11-04 08:09:00,859 [REPOSITORY]
[midPointScheduler_Worker-6] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:09:29,824 [REPOSITORY]
[midPointScheduler_Worker-3] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:12:20,134 [REPOSITORY]
[midPointScheduler_Worker-3] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:12:20,247 [REPOSITORY]
[midPointScheduler_Worker-9] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:14:00,397 [REPOSITORY]
[midPointScheduler_Worker-9] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:22:00,465 [REPOSITORY]
[midPointScheduler_Worker-3] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:22:06,150 [REPOSITORY]
[midPointScheduler_Worker-2] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:22:06,271 [REPOSITORY]
[midPointScheduler_Worker-2] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC
statements</div>
<div>2014-11-04 08:22:11,914 [PROVISIONING]
[midPointScheduler_Worker-2] WARN
(com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
The resource: SonisWeb-Generate
(OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa) does not provide
definition for null value of simulated activation attribute</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 4, 2014 at 1:17 AM, Ivan
Noris <span dir="ltr"><<a href="mailto:Ivan.Noris@evolveum.com" target="_blank">Ivan.Noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000">
<div>Jason,<br>
</div>
<div><br>
</div>
<div>could you please check error messages from idm.log
from the time of the supposed creation?<br>
</div>
<div><br>
</div>
<div>Thanks,<br>
</div>
<div>Ivan<br>
</div>
<div><br>
</div>
<hr>
<blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From:
</b>"Jason Everling" <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>><br>
<b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>
<b>Sent: </b>Monday, November 3, 2014 11:50:06 PM<br>
<b>Subject: </b>[midPoint] Account Creation, Not
Being created in AD
<div>
<div><br>
<div><br>
</div>
<div dir="ltr">So my director wanted to see it
fully automated so all I basically had to do was
modify the CSV resource to generate the
usernames and email addresses, done, this works.
<div><br>
</div>
<div>The account gets created in Midpoint from
the CSV, gets an Org assigned and gets a Role
assigned. The role has an inducement for
active directory but even though the account
gets the role assigned an account in AD does
not get created. Now if I modify the user in
midpoint, lets say just change a letter in the
personal email address field the AD account
creation kicks off.</div>
<div><br>
</div>
<div>I cannot seem to figure out why the AD
account does not get created even though it
gets the role assigned and before I changed it
to create the usernames it was creating those
accounts in AD.</div>
<div><br>
</div>
<div>I attached the CSV Resource and the CSV
Template that is being used,</div>
<div><br>
</div>
<div>Thanks,</div>
<div>JASON</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<span style="font-size:small"><span style="font-size:small"><br>
</span></span>
<div><br>
</div>
</div>
</div>
<span style="font-size:small">CONFIDENTIALITY
NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only the
recipient(s) named above and may contain information
that is privileged. You should not retain, copy or
use this e-mail or any attachments for any purpose,
or disclose all or any part of the contents to any
person. Any views or opinions expressed in this
e-mail are those of the author and do not represent
those of the Baptist School of Health Professions.
If you have received this e-mail in error, or are
not the named recipient(s), you are hereby notified
that any review, dissemination, distribution or
copying of this communication is prohibited by the
sender and to do so might constitute a violation of
the Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </span><br>
<div><br>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><span style="color:#888888" color="#888888"><br>
</span></span></blockquote>
<span><span style="color:#888888" color="#888888">
<div><br>
<br>
</div>
<div><br>
</div>
<div>-- <br>
</div>
<div><span></span> Ing. Ivan Noris<br>
Senior Identity Management Engineer<br>
<a href="http://evolveum.com" target="_blank">evolveum.com</a><br>
___________________________________________<br>
"Idem per idem - semper idem Vix."<span></span><br>
</div>
</span></span></div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<span><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </span><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre>--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
___________________________________________
"Idem per idem - semper idem Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<span style="font-size:small" size="2"><br><div><br></div>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </span><br><div><br></div>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div></blockquote><div><div class="h5"><div><br><br></div><div><br></div><div>-- <br></div><div><span name="x"></span> Ing. Ivan Noris<br> Senior Identity Management Engineer<br> <a href="http://evolveum.com">evolveum.com</a><br> ___________________________________________<br> "Idem per idem - semper idem Vix."<span name="x"></span><br></div></div></div></div></div><br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>