<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
it seems you've hit a bug. I've replicated it on midPoint master.<br>
<br>
The issue is now being investigated by our developers in order to
fix it. I will drop a message to the list when it's resolved.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 11/05/2014 03:13 PM, Jason Everling
wrote:<br>
</div>
<blockquote
cite="mid:CAFkZXY41P8Soe4MLk2jEK_vvTUieJbcNYx8su8BsgyT-xW-AKQ@mail.gmail.com"
type="cite">
<div dir="ltr">So the role that gets assigned is nothing special,
I just created a new role in the GUI and added the inducement
for AD Resource. Eventually I will change the permissions on the
roles to match what they need to be in production.
<div><br>
</div>
<div>I attached the AD Resource and AD User Template,</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 5, 2014 at 3:17 AM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Ivan.Noris@evolveum.com" target="_blank">Ivan.Noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="font-family:times new roman,new
york,times,serif;font-size:12pt;color:#000000">
<div>Hi Jason,<br>
</div>
<div><br>
</div>
<div>yes I think it's somehow depending on the fact that
you are generating username.<br>
</div>
<div><br>
</div>
<div>Can you please share details how AD accounts are
constructed from the midpoint's username? What
attributes are depending on user/name? DN?
sAMAccountName? ... ?<br>
</div>
<div>Also, could you send the role definition? I have
some conditional roles that are assigned to user, but
don't do anything if the condition is false. Which
resembles your situation...<br>
</div>
<div><br>
</div>
<div>BTW it's really strange for me so far. I'd expect
at least some exception...<br>
</div>
<div><br>
</div>
<div>Thanks,<br>
</div>
<div>regards,<br>
</div>
<div>Ivan<br>
</div>
<div><br>
</div>
<hr>
<blockquote style="border-left:2px solid
#1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><span
class=""><b>From: </b>"Jason Everling" <<a
moz-do-not-send="true"
href="mailto:jeverling@bshp.edu">jeverling@bshp.edu</a>><br>
<b>To: </b>"midPoint General Discussion" <<a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
</span><b>Sent: </b>Tuesday, November 4, 2014 5:19:31
PM<br>
<b>Subject: </b>Re: [midPoint] Account Creation, Not
Being created in AD
<div>
<div class="h5"><br>
<div><br>
</div>
<div dir="ltr">So yes, those are from today but
instead of digging through to yesterday I just
added a new line to the CSV feed, so new
firstname,lastname, employeeID so that it would
create a new account.
<div><br>
</div>
<div>I actually added 3 new lines to the CSV and
all 3 get created in Midpoint, Role Assigned
with AD inducement, and Org Assigned, the AD
account never gets created though until I
modify the account in Midpoint.</div>
<div><br>
</div>
<div>That is the only log entry I get when the
CSV feed is updated and new account is created
in Midpoint,</div>
<div><br>
</div>
<div>Using Midpoint 3.0</div>
<div><br>
</div>
<div>
<div>
<div>
<table>
<tbody>
<tr>
<td>Version</td>
<td>3.0</td>
</tr>
<tr>
<td>Git describe</td>
<td>git-v3.0</td>
</tr>
</tbody>
</table>
<br>
</div>
<div>If I remove the username generation and
add a username attribute to the CSV feed
it works as expected, this is just when
generating the username, is it maybe
because the role is getting assigned
before Midpoint has time to generate the
username and such?</div>
<div><br>
</div>
<div>Jason</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 4, 2014 at
9:57 AM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div> Hi Jason,<br>
<br>
just to be sure: these error messages have
timestamp from today; but you've reported
your problem to the list yesterday.<br>
<br>
Could you please:<br>
<br>
1) double check that the log is the
correct one / or find the (supposed) error
messages in previously rotated log (stored
in the same directory as idm.log, but the
name derived from the date..)<br>
2) replicate the issue and send current
idm.log fragment<br>
<br>
The messages referenced here are ok = we
don't see anything yet.<br>
<br>
Also please, what version of midPoint are
you using..?<br>
<br>
Thanks,<br>
regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 11/04/2014 03:25 PM, Jason
Everling wrote:<br>
</div>
<blockquote>
<div dir="ltr">I added a new line to
the CSV so it could create a new
user, it gets created in Midpoint
and the role and org assigned, the
only item in the log that stands
out is,
<div><br>
</div>
<div>2014-11-04 08:22:11,914
[PROVISIONING]
[midPointScheduler_Worker-2]
WARN
(com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
The resource: SonisWeb-Generate
(OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa)
does not provide definition for
null value of simulated
activation attribute<br>
</div>
<div><br>
</div>
<div>There is no other errors
besides that,</div>
<div><br>
</div>
<div>
<div>2014-11-04 08:09:00,859
[REPOSITORY]
[midPointScheduler_Worker-6]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:09:29,824
[REPOSITORY]
[midPointScheduler_Worker-3]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:12:20,134
[REPOSITORY]
[midPointScheduler_Worker-3]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:12:20,247
[REPOSITORY]
[midPointScheduler_Worker-9]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:14:00,397
[REPOSITORY]
[midPointScheduler_Worker-9]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:22:00,465
[REPOSITORY]
[midPointScheduler_Worker-3]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:22:06,150
[REPOSITORY]
[midPointScheduler_Worker-2]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:22:06,271
[REPOSITORY]
[midPointScheduler_Worker-2]
INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch
it still contained JDBC
statements</div>
<div>2014-11-04 08:22:11,914
[PROVISIONING]
[midPointScheduler_Worker-2]
WARN
(com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
The resource:
SonisWeb-Generate
(OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa)
does not provide definition
for null value of simulated
activation attribute</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue,
Nov 4, 2014 at 1:17 AM, Ivan
Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:Ivan.Noris@evolveum.com"
target="_blank">Ivan.Noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<div
style="font-family:times
new roman,new
york,times,serif;font-size:12pt;color:#000000">
<div>Jason,<br>
</div>
<div><br>
</div>
<div>could you please
check error messages
from idm.log from the
time of the supposed
creation?<br>
</div>
<div><br>
</div>
<div>Thanks,<br>
</div>
<div>Ivan<br>
</div>
<div><br>
</div>
<hr>
<blockquote
style="border-left:2px
solid
#1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From:
</b>"Jason Everling"
<<a
moz-do-not-send="true"
href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>><br>
<b>To: </b>"midPoint
General Discussion" <<a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>
<b>Sent: </b>Monday,
November 3, 2014
11:50:06 PM<br>
<b>Subject: </b>[midPoint]
Account Creation, Not
Being created in AD
<div>
<div><br>
<div><br>
</div>
<div dir="ltr">So my
director wanted to
see it fully
automated so all I
basically had to
do was modify the
CSV resource to
generate the
usernames and
email addresses,
done, this works.
<div><br>
</div>
<div>The account
gets created in
Midpoint from
the CSV, gets an
Org assigned and
gets a Role
assigned. The
role has an
inducement for
active directory
but even though
the account gets
the role
assigned an
account in AD
does not get
created. Now if
I modify the
user in
midpoint, lets
say just change
a letter in the
personal email
address field
the AD account
creation kicks
off.</div>
<div><br>
</div>
<div>I cannot seem
to figure out
why the AD
account does not
get created even
though it gets
the role
assigned and
before I changed
it to create the
usernames it was
creating those
accounts in AD.</div>
<div><br>
</div>
<div>I attached
the CSV Resource
and the CSV
Template that is
being used,</div>
<div><br>
</div>
<div>Thanks,</div>
<div>JASON</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<span
style="font-size:small"><span
style="font-size:small"><br>
</span></span>
<div><br>
</div>
</div>
</div>
<span
style="font-size:small">CONFIDENTIALITY
NOTICE:<br>
This e-mail together
with any attachments
is proprietary and
confidential; intended
for only the
recipient(s) named
above and may contain
information that is
privileged. You should
not retain, copy or
use this e-mail or any
attachments for any
purpose, or disclose
all or any part of the
contents to any
person. Any views or
opinions expressed in
this e-mail are those
of the author and do
not represent those of
the Baptist School of
Health Professions. If
you have received this
e-mail in error, or
are not the named
recipient(s), you are
hereby notified that
any review,
dissemination,
distribution or
copying of this
communication is
prohibited by the
sender and to do so
might constitute a
violation of the
Electronic
Communications Privacy
Act, 18 U.S.C. section
2510-2521. Please
immediately notify the
sender and delete this
e-mail and any
attachments from your
computer. </span><br>
<div><br>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a
moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a
moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><span
style="color:#888888" color="#888888"><br>
</span></span></blockquote>
<span><span
style="color:#888888"
color="#888888">
<div><br>
<br>
</div>
<div><br>
</div>
<div>-- <br>
</div>
<div><span></span> Ing.
Ivan Noris<br>
Senior Identity
Management Engineer<br>
<a
moz-do-not-send="true"
href="http://evolveum.com" target="_blank">evolveum.com</a><br>
___________________________________________<br>
"Idem per
idem - semper idem
Vix."<span></span><br>
</div>
</span></span></div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<span><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only
the recipient(s) named above and
may contain information that is
privileged. You should not retain,
copy or use this e-mail or any
attachments for any purpose, or
disclose all or any part of the
contents to any person. Any views
or opinions expressed in this
e-mail are those of the author and
do not represent those of the
Baptist School of Health
Professions. If you have received
this e-mail in error, or are not
the named recipient(s), you are
hereby notified that any review,
dissemination, distribution or
copying of this communication is
prohibited by the sender and to do
so might constitute a violation of
the Electronic Communications
Privacy Act, 18 U.S.C. section
2510-2521. Please immediately
notify the sender and delete this
e-mail and any attachments from
your computer. </span><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre>--
Ing. Ivan Noris
Senior Identity Management Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
___________________________________________
"Idem per idem - semper idem Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<span style="font-size:small" size="2"><br>
<div><br>
</div>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or
any part of the contents to any person. Any
views or opinions expressed in this e-mail are
those of the author and do not represent those
of the Baptist School of Health Professions. If
you have received this e-mail in error, or are
not the named recipient(s), you are hereby
notified that any review, dissemination,
distribution or copying of this communication is
prohibited by the sender and to do so might
constitute a violation of the Electronic
Communications Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify the sender
and delete this e-mail and any attachments from
your computer. </span><br>
<div><br>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
</div>
</blockquote>
<div>
<div class="h5">
<div><br>
<br>
</div>
<div><br>
</div>
<div>-- <br>
</div>
<div><span name="x"></span> Ing. Ivan Noris<br>
Senior Identity Management Engineer<br>
<a moz-do-not-send="true"
href="http://evolveum.com">evolveum.com</a><br>
___________________________________________<br>
"Idem per idem - semper idem Vix."<span
name="x"></span><br>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________
"Idem per idem - semper idem Vix."
</pre>
</body>
</html>