<div dir="ltr">Just on a side note, the username from the db table source gets created correctly with the iteration token, it is just not applying the iteration token when building the DN for AD.<div><br></div><div>From Midpoint,</div><div><br></div><div><div><user xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div><div>      oid="e1d01bf9-4188-4ae2-9d7b-907b72649478"</div><div>      version="4"></div><div>   <name>tasmith2</name></div><div>   <extension></div><div>      <gen148:otherMailbox xmlns:gen148="<a href="http://whatever.com/my">http://whatever.com/my</a>"><a href="mailto:tammy@gaail.com">tammy@gaail.com</a></gen148:otherMailbox></div><div>      <gen148:eduPersonAffiliation xmlns:gen148="<a href="http://whatever.com/my">http://whatever.com/my</a>">student</gen148:eduPersonAffiliation></div><div>   </extension></div><div>   <metadata></div><div>      <createTimestamp>2014-11-18T14:55:42.735-06:00</createTimestamp></div><div>      <creatorRef oid="00000000-0000-0000-0000-000000000002" type="UserType"/></div><div>      <createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync">http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync</a></createChannel></div><div>      <modifyTimestamp>2014-11-19T09:10:14.545-06:00</modifyTimestamp></div><div>      <modifierRef xmlns:tns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div><div>                   oid="00000000-0000-0000-0000-000000000002"</div><div>                   type="tns:UserType"/></div><div>      <modifyChannel><a href="http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</a></modifyChannel></div><div>   </metadata></div><div>   <linkRef oid="559bb816-c6ae-409c-904c-7e963e74caa8" type="ShadowType"/></div><div>   <linkRef oid="56fda065-f55d-489a-95d0-1d664ccb9ab4" type="ShadowType"/></div><div>   <assignment id="1"></div><div>      <targetRef xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div><div>                 oid="f6f68a1d-313e-4fa4-af32-96219476d4ea"</div><div>                 type="c:OrgType"/></div><div>   </assignment></div><div>   <assignment id="2"></div><div>      <targetRef xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div><div>                 oid="ebdf7b91-79af-4a49-9255-f0baa51f9c2b"</div><div>                 type="c:RoleType"/></div><div>   </assignment></div><div>   <activation></div><div>      <administrativeStatus>enabled</administrativeStatus></div><div>      <effectiveStatus>enabled</effectiveStatus></div><div>      <disableTimestamp>2014-11-18T14:55:42.529-06:00</disableTimestamp></div><div>      <enableTimestamp>2014-11-18T14:55:42.529-06:00</enableTimestamp></div><div>   </activation></div><div>   <iteration>1</iteration></div><div>   <iterationToken>2</iterationToken></div><div>   <fullName>Tammy Smith</fullName></div><div>   <givenName>Tammy</givenName></div><div>   <familyName>Smith</familyName></div><div>   <locale>US</locale></div><div>   <emailAddress><a href="mailto:tasmith2@bshp.edu">tasmith2@bshp.edu</a></emailAddress></div><div>   <employeeNumber>TS1246814</employeeNumber></div><div>   <employeeType>A2S</employeeType></div><div>   <costCenter>ASGA</costCenter></div><div>   <organization>OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL</organization></div><div>   <locality>San Antonio</locality></div><div><br></div><div>JASON</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 19, 2014 at 8:42 AM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Going to try to get the information asked in here,<div><br></div><div>Midpoint 3.0</div><div>Connector 1.4.1.20257</div><div>ConnID Server 1.4.0.76</div><div><br></div><div>From resource:</div><div><br></div><div><span class=""><div>                <attribute></div><div>                    <ref>icfs:name</ref></div><div>                    <displayName>Distinguished Name</displayName></div><div>                    <limitations></div><div>                        <minOccurs>0</minOccurs></div><div>                        <access></div><div>                            <read>true</read></div><div>                            <add>true</add></div><div>                            <modify>true</modify></div><div>                        </access></div><div>                    </limitations></div></span><div>                    <matchingRule>mr:stringIgnoreCase</matchingRule><br></div><div>                    <outbound></div><div>                        <source></div><span class=""><div>                            <path>$user/givenName</path></div><div>                        </source></div><div>                        <source></div><div>                            <path>$user/familyName</path></div><div>                        </source></div><div>                        <source></div><div>                            <path>$user/organization</path></div><div>                        </source></div><div>                        <expression></div><div>                            <script></div><div>                                <code></div><div><span style="white-space:pre-wrap">                                          </span>'cn='+givenName+' '+familyName+iterationToken+','+organization+''</div><div>                                </code></div><div>                            </script></div><div>                        </expression></div><div>                    </outbound></div><div>                </attribute></div></span><div>                <iteration></div><div>                    <maxIterations>999</maxIterations></div><div>                </iteration></div></div><div><br></div><div>The logs are below</div><div><br></div><div>Logs from Conn Server:</div><div><div>ConnectorServer.exe Error: 0 : Exception :</div><div>Type: Org.IdentityConnectors.Framework.Common.Exceptions.AlreadyExistsException</div><div>Message: The object already exists.</div><span class=""><div>: when creating LDAP://dc1.test.local/cn=Tammy Smith ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL</div></span><div>Source: FrameworkInternal</div><div>Stacktrace:    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 280</div><div>   at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass objectClass, ICollection`1 createAttributes, OperationOptions options) in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 442</div><div>   at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 247</div><div>   at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )</div><div>   at Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line 1344</div><div>   at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )</div><div>   at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line 626</div><div>  Inner Exception :</div><div>  Type: System.DirectoryServices.DirectoryServicesCOMException</div><div>  Message: The object already exists.</div><div><br></div><div>  Source: System.DirectoryServices</div><div>  Stacktrace:    at System.DirectoryServices.DirectoryEntry.CommitChanges()</div><div>   at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 200</div><div>    DateTime=2014-11-18T21:08:43.4291442Z</div><div>ConnectorServer.exe Information: 0 : Creating case insensitive filter</div><div>    DateTime=2014-11-18T21:13:30.7504489Z</div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 19, 2014 at 3:47 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    For the record, this was my OpenDJ mapping (sorry for the
    namespaces, this is from debug pages):<br>
    <br>
             <attribute><br>
                <ref
xmlns:icfs=<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a>>icfs:name</ref><span><br>
                <displayName>Distinguished
    Name</displayName><br>
                <limitations><br>
                   <minOccurs>0</minOccurs><br>
                   <access><br>
                      <read>true</read><br>
                      <add>true</add><br>
                      <modify>true</modify><br>
                   </access><br>
                </limitations><br></span>
                <matchingRule
xmlns:mr=<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/matching-rule-3"</a>>mr:stringIgnoreCase</matchingRule><br>
                <outbound><br>
                   <source><br>
                      <c:path
xmlns:c=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>$user/givenName</c:path><br>
                   </source><br>
                   <source><br>
                      <c:path
xmlns:c=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>$user/familyName</c:path><br>
                   </source><br>
                   <expression><br>
                      <script><br>
                         <code><br>
                                    'uid=' + givenName + ' ' +
    familyName + iterationToken + ',ou=people,dc=example,dc=com'<span><br>
                                    </code><br>
                      </script><br>
                   </expression><br>
                </outbound><br>
             </attribute><br></span>
    . . .<br>
             <iteration><br>
                <maxIterations>5</maxIterations><br>
             </iteration><br>
    . . .<br>
    <br>
    The users in midPoint are named johnsmith, johnsmith2, johnsmith3
    and their account in OpenDJ were:<br>
    <br>
    uid=John Smith,ou=people,dc=example,dc=com<br>
    uid=John Smith1,ou=people,dc=example,dc=com<br>
    uid=John Smith2,ou=people,dc=example,dc=com<br>
    <br>
    (the iterator counts from nothing, then 1, 2 etc.)<span><font color="#888888"><br>
    <br>
    Ivan</font></span><div><div><br>
    <br>
    <br>
    <br>
    <div>On 11/19/2014 10:35 AM, Pavol Mederly
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div>Hello Jason,<br>
        <br>
        one possible cause could be if AD connector (in your case) would
        not correctly determine "AlreadyExists" situation. The connector
        is able to do that (it is implemented in it and we've tested it
        many times) but one never knows...<br>
        <br>
        What version of AD connector do you use?<br>
        Could you share all parts of logs of the Connector Server
        related to creation of <a>"LDAP://dc1.test.local/cn=Tammy
          Smith ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL"</a> ?<br>
        <br>
        Thank you,<br>
        Pavol<br>
        <br>
        On 18. 11. 2014 22:21, Jason Everling wrote:<br>
      </div>
      <blockquote type="cite">
        <div dir="ltr">I have been doing some other testing and it seems
          when the user has the same firstname lastname the account will
          fail to create on active directory. I double-checked the code
          throughout github and it seems correct but I get the error
          which even shows that it is not adding the iterationToken to
          the end of the lastname like it should from the code,
          <div><br>
          </div>
          <div>
            <div>                <attribute></div>
            <div>                    <ref>icfs:name</ref></div>
            <div>                    <displayName>Distinguished
              Name</displayName></div>
            <div>                    <limitations></div>
            <div>                       
              <minOccurs>0</minOccurs></div>
            <div>                        <access></div>
            <div>                           
              <read>true</read></div>
            <div>                            <add>true</add></div>
            <div>                           
              <modify>true</modify></div>
            <div>                        </access></div>
            <div>                    </limitations></div>
            <div>                    <outbound></div>
            <div>                        <source></div>
            <div>                           
              <path>$user/givenName</path></div>
            <div>                        </source></div>
            <div>                        <source></div>
            <div>                           
              <path>$user/familyName</path></div>
            <div>                        </source></div>
            <div>                        <source></div>
            <div>                           
              <path>$user/organization</path></div>
            <div>                        </source></div>
            <div>                        <expression></div>
            <div>                            <script></div>
            <div>                                <code></div>
            <div><span style="white-space:pre-wrap"> </span>'cn='+givenName+'

              '+familyName+iterationToken+' ,'+organization+''</div>
            <div>                                </code></div>
            <div>                            </script></div>
            <div>                        </expression></div>
            <div>                    </outbound></div>
            <div>                </attribute></div>
          </div>
          <div><br>
          </div>
          <div>In there error blow it should be using the persons
            iterator which is 2 so it should be trying to create it as <a>LDAP://dc1.test.local/cn=Tammy</a>
            Smith2 ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL but it is
            not.</div>
          <div><br>
          </div>
          <div>
            <div>2014-11-18 15:08:45,314 [MODEL] [http-bio-8080-exec-68]
              ERROR
              (com.evolveum.midpoint.model.impl.lens.ChangeExecutor):
              Error executing changes for (account (default) on <a>resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active</a>
              Directory: Office 365, Google Apps, Moodle)): Can't
              process shadow: null (OID:null): Generic error in
              connector:
              org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The

              object already exists.</div>
            <div>: when creating <a>LDAP://dc1.test.local/cn=Tammy</a>
              Smith ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL)</div>
            <div>com.evolveum.midpoint.util.exception.CommunicationException:

              Can't process shadow: null (OID:null): Generic error in
              connector:
              org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The

              object already exists.</div>
            <div>: when creating <a>LDAP://dc1.test.local/cn=Tammy</a>
              Smith ,OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL)</div>
            <div><br>
            </div>
            <div>Thanks,</div>
          </div>
          <div>JASON</div>
        </div>
        <br>
        <font><br>
          <br>
          CONFIDENTIALITY NOTICE:<br>
          This e-mail together with any attachments is proprietary and
          confidential; intended for only the recipient(s) named above
          and may contain information that is privileged. You should not
          retain, copy or use this e-mail or any attachments for any
          purpose, or disclose all or any part of the contents to any
          person. Any views or opinions expressed in this e-mail are
          those of the author and do not represent those of the Baptist
          School of Health Professions. If you have received this e-mail
          in error, or are not the named recipient(s), you are hereby
          notified that any review, dissemination, distribution or
          copying of this communication is prohibited by the sender and
          to do so might constitute a violation of the Electronic
          Communications Privacy Act, 18 U.S.C. section 2510-2521.
          Please immediately notify the sender and delete this e-mail
          and any attachments from your computer. </font><br>
        <br>
        <fieldset></fieldset>
        <br>
        <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    </div></div><span><pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>
  ___________________________________________
           "Idem per idem - semper idem Vix."
</pre>
  </span></div>

<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>

<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>