<div dir="ltr">Ah so I was on the right track, it works now, I had seen that (samAccountName) in the group schema but thought maybe it was a typo so I had changed it to sAMAccountName.<div><br></div><div>Changed the name for a role and the attribute updated correctly now!</div><div><br></div><div>JASON</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 27, 2014 at 4:50 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Ah, this is a stupidity in original AD
connector that I've inherited.<br>
(And didn't have the courage to fix up to now.)<br>
Sorry for that.<br>
<br>
For groups, please use <b>samAccountName</b> (not sAMAccountName)
as for users.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Spoke too soon, seems it errors when using
sAMAccountName under the object type,
<div><br>
</div>
<div><span>Definition
of attribute sAMAccountName not found in object class {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7DCustomGroupObjectClass" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}CustomGroupObjectClass</a> </span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 27, 2014 at 4:40 PM, Jason
Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hah, nevermind, I just needed create a
attribute for sAMAccountName under the objecttype using
the +name+ outbound,
<div><br>
</div>
<div>JASON</div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 27, 2014 at 4:36
PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Not sure why I didn't think about
that after looking at it so many times, working
now.
<div><br>
</div>
<div>One more question, the roles get created in
AD as groups now but it does not update the
sAMAccountName, so it created the
cn=tester,ou=groups,dc=test,dc=local and
common name is testers but the sAMAccountName
or the Group Name (Pre Windows 2000) is a
random value like $K61000-DN631FIPKSLL</div>
<div><br>
</div>
<div>How can that be fixed?</div>
<div><br>
</div>
<div>Thanks Again!</div>
<span><font color="#888888">
<div>JASON</div>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 27,
2014 at 4:18 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
as far as I know, in Active
Directory CN is not updateable. It
suffices to create/update icfs:name
attribute, and CN is updated
automatically.<br>
<br>
So, I would suggest to drop outbound
mapping from CN attribute, i.e. this
one:<br>
<br>
<outbound><br>
<source><br>
<path>$focus/name</path><br>
</source><br>
</outbound><br>
<br>
Best regards,<br>
Pavol
<div>
<div><br>
<br>
On 27. 11. 2014 19:23, Jason
Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">I cannot figure
this one out, I followed the
groups sync in the wiki and
from the github samples along
with the metarole and role
template.
<div><br>
</div>
<div>When creating a role in
Midpoint it attempts to
create the group in AD but I
get an error, look at the
debug page it has the
correct DN and CN.</div>
<div><br>
</div>
<div><span><span>operation.com.evolveum.midpoint.model.impl.lens.ChangeExecutor.execute</span></span><span></span>
<div>
<ul style="margin:0px;list-style:none outside none;padding:0px">
<li style="padding:1px 0px;list-style:none outside none;margin:0px;text-overflow:ellipsis;overflow:auto"><span>Security
violation during
processing shadow
shadow: null
(OID:null): Attempt
to add shadow with
non-createable
attribute {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Dcn" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}cn</a></span></li>
<li title="Fatal error" style="padding:2px 0px 1px 25px;list-style:none outside none;margin:5px 0px 0px;text-overflow:ellipsis;overflow:auto;background-image:url(http://10.200.0.155/midpoint/img/messages-error-icon.png);background-repeat:no-repeat"><span style="margin-top:0px">Security violation during processing shadow
shadow: null
(OID:null): Attempt
to add shadow with
non-createable
attribute {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Dcn" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}cn</a></span></li>
</ul>
</div>
</div>
<div>
<div><br>
</div>
<div>
<table>
<tbody>
<tr>
<th style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)">Activity</th>
<th style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)">Status</th>
<th style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)">Resource
object (if
applicable)</th>
</tr>
<tr>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221)"><span>Computing
projections of
the focus object</span></td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221)"><span title="SUCCESS" style="color:rgb(70,136,71);display:inline-block;font-family:FontAwesome;line-height:0.75em;font-size:1.33333333333333em;vertical-align:-15%;width:1.28571428571429em;text-align:center"></span><br>
</td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221)"><span></span><br>
</td>
</tr>
<tr>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)"><span>Entitlement
(group) on
Active Directory</span></td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)"><span title="FATAL_ERROR" style="color:rgb(185,74,72);display:inline-block;font-family:FontAwesome;line-height:0.75em;font-size:1.33333333333333em;vertical-align:-15%;width:1.28571428571429em;text-align:center"></span><br>
</td>
<td style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px solid rgb(221,221,221);background-color:rgb(249,249,249)"><span>Add:Fatal
error ->
cn=TESTER,ou=Groups,dc=test,dc=local</span></td>
</tr>
</tbody>
</table>
</div>
<div><br>
</div>
<div>I attached the AD
Resource, Role Template,
and MetaRole</div>
</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only
the recipient(s) named above and
may contain information that is
privileged. You should not retain,
copy or use this e-mail or any
attachments for any purpose, or
disclose all or any part of the
contents to any person. Any views
or opinions expressed in this
e-mail are those of the author and
do not represent those of the
Baptist School of Health
Professions. If you have received
this e-mail in error, or are not
the named recipient(s), you are
hereby notified that any review,
dissemination, distribution or
copying of this communication is
prohibited by the sender and to do
so might constitute a violation of
the Electronic Communications
Privacy Act, 18 U.S.C. section
2510-2521. Please immediately
notify the sender and delete this
e-mail and any attachments from
your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>