<div dir="ltr">Spoke too soon, seems it errors when using sAMAccountName under the object type,<div><br></div><div><span style="color:rgb(185,74,72);font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.142858505249px;background-color:rgb(242,222,222)">Definition of attribute sAMAccountName not found in object class {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}CustomGroupObjectClass">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}CustomGroupObjectClass</a> </span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 27, 2014 at 4:40 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hah, nevermind, I just needed create a attribute for sAMAccountName under the objecttype using the +name+ outbound,<div><br></div><div>JASON</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 27, 2014 at 4:36 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Not sure why I didn't think about that after looking at it so many times, working now.<div><br></div><div>One more question, the roles get created in AD as groups now but it does not update the sAMAccountName, so it created the cn=tester,ou=groups,dc=test,dc=local and common name is testers but the sAMAccountName or the Group Name (Pre Windows 2000) is a random value like $K61000-DN631FIPKSLL</div><div><br></div><div>How can that be fixed?</div><div><br></div><div>Thanks Again!</div><span><font color="#888888"><div>JASON</div></font></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 27, 2014 at 4:18 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
as far as I know, in Active Directory CN is not updateable. It
suffices to create/update icfs:name attribute, and CN is updated
automatically.<br>
<br>
So, I would suggest to drop outbound mapping from CN attribute,
i.e. this one:<br>
<br>
<outbound><br>
<source><br>
<path>$focus/name</path><br>
</source><br>
</outbound><br>
<br>
Best regards,<br>
Pavol<div><div><br>
<br>
On 27. 11. 2014 19:23, Jason Everling wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div>
<div dir="ltr">I cannot figure this one out, I followed the groups
sync in the wiki and from the github samples along with the
metarole and role template.
<div><br>
</div>
<div>When creating a role in Midpoint it attempts to create the
group in AD but I get an error, look at the debug page it has
the correct DN and CN.</div>
<div><br>
</div>
<div><span><span>operation.com.evolveum.midpoint.model.impl.lens.ChangeExecutor.execute</span></span><span></span>
<div>
<ul style="margin:0px;list-style:none outside none;padding:0px">
<li style="padding:1px 0px;list-style:none outside none;margin:0px;text-overflow:ellipsis;overflow:auto"><span>Security violation during processing shadow
shadow: null (OID:null): Attempt to add shadow with
non-createable attribute {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Dcn" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}cn</a></span></li>
<li title="Fatal error" style="padding:2px 0px 1px 25px;list-style:none outside none;margin:5px 0px 0px;text-overflow:ellipsis;overflow:auto;background-image:url(http://10.200.0.155/midpoint/img/messages-error-icon.png);background-repeat:no-repeat"><span style="margin-top:0px">Security violation
during processing shadow shadow: null (OID:null):
Attempt to add shadow with non-createable attribute {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Dcn" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}cn</a></span></li>
</ul>
</div>
</div>
<div>
<div><br>
</div>
<div>
<table>
<tbody>
<tr>
<th style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)">Activity</th>
<th style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)">Status</th>
<th style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)">Resource
object (if applicable)</th>
</tr>
<tr>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221)"><span>Computing projections
of the focus object</span></td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221)"><span title="SUCCESS" style="color:rgb(70,136,71);display:inline-block;font-family:FontAwesome;line-height:0.75em;font-size:1.33333333333333em;vertical-align:-15%;width:1.28571428571429em;text-align:center"></span><br>
</td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221)"><span></span><br>
</td>
</tr>
<tr>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)"><span>Entitlement
(group) on Active Directory</span></td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)"><span title="FATAL_ERROR" style="color:rgb(185,74,72);display:inline-block;font-family:FontAwesome;line-height:0.75em;font-size:1.33333333333333em;vertical-align:-15%;width:1.28571428571429em;text-align:center"></span><br>
</td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)"><span>Add:Fatal
error -> cn=TESTER,ou=Groups,dc=test,dc=local</span></td>
</tr>
</tbody>
</table>
</div>
<div><br>
</div>
<div>I attached the AD Resource, Role Template, and MetaRole</div>
</div>
</div>
<br>
</div></div><font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>