<div dir="ltr">Hi Shawn,<div><br></div><div>before Christmas we upgraded <a href="http://demo.evolveum.com">demo.evolveum.com</a> to OpenLDAP with the latest LDAP Connector and fix some issues.</div><div>Can you download <a href="https://github.com/Evolveum/connector-ldap/">master LDAP connector</a>, build it and check with you configuration?<br></div><div><br></div><div>PF 2016<br></div><div><br></div><div>Gusto</div><div><br><div class="gmail_extra"><br><div class="gmail_quote">2015-12-21 15:52 GMT+01:00 Shawn McKinney <span dir="ltr"><<a href="mailto:smckinney@symas.com" target="_blank">smckinney@symas.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hello<br>
<br>
I am working on a sample deployment of Midpoint 3.3.  Here are some details:<br>
<br>
O/S : CentOS 7 64-bit<br>
JDK : java version “1.7.0_91”, OpenJDK Runtime Environment (rhel-2.6.2.1.el7_1-x86_64 u91-b00), OpenJDK 64-Bit Server VM (build 24.91-b01, mixed mode)<br>
Tomcat : 8.0.29<br>
PostgreSQL : PostgreSQL 9.2.14 on x86_64-redhat-linux-gnu<br>
OpenLDAP : slapd 2.4.43<br>
<br>
The current task, get openldap setup as a resource with Midpoint so it can start to manage accounts.<br>
<br>
Here are some specifics about the openldap deployment.<br>
<br>
1. in the slapd.conf I have added the following acls:<br>
# midpoint ACLs:<br>
<br>
access to attrs=userPassword,shadowLastChange by dn="cn=idm,ou=Administrators,dc=example,dc=com" write<br>
        by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write<br>
        by anonymous auth by self write<br>
        by * none<br>
<br>
access to dn.base=""<br>
        by * read<br>
<br>
access to dn.subtree="ou=people,dc=example,dc=com"<br>
        by dn="cn=idm,ou=Administrators,dc=example,dc=com" write<br>
<br>
access to dn.subtree="ou=groups,dc=example,dc=com"<br>
        by dn="cn=idm,ou=Administrators,dc=example,dc=com" write<br>
<br>
access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write<br>
        by dn="cn=idm,ou=Administrators,dc=example,dc=com" read by self read by * none<br>
<br>
2. I have added the following user to the directory to be used by midpoint connections:<br>
dn: cn=idm,ou=Administrators,dc=example,dc=com<br>
objectClass: inetOrgPerson<br>
cn: idm<br>
sn: IDM Administrator<br>
description: Special LDAP acccount used by the IDM to access the LDAP data.<br>
userPassword:: e1NTSEF9UjVLRjNLNFgyRlg1Z2tXS3VEeG00TTZnWnlPMFFnTkY=<br>
<br>
3. I have successfully tested creating connections with this user with another application (apache directory studio).<br>
<br>
<br>
Here are some details about my openldap setup.  It is failing when I try to list resources using the admin UI.  Can you help?<br>
<br>
1. I used this file as the base config: <a href="https://github.com/Evolveum/midpoint/blob/master/samples/resources/openldap/openldap-localhost-medium.xml" rel="noreferrer" target="_blank">https://github.com/Evolveum/midpoint/blob/master/samples/resources/openldap/openldap-localhost-medium.xml</a><br>
<br>
2. with some changes:<br>
                <icfc:configurationProperties><br>
                        <icfcldap:port>389</icfcldap:port><br>
                        <icfcldap:host>10.72.85.21</icfcldap:host><br>
                        <icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext><br>
                        <icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn><br>
                        <icfcldap:bindPassword><t:clearValue>secret</t:clearValue></icfcldap:bindPassword><br>
                        <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy><br>
                        <!--icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm--><br>
                        <icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute><br>
                        <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule><br>
                        <icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes><br>
                        <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes><br>
                </icfc:configurationProperties><br>
                <icfc:resultsHandlerConfiguration><br>
                        <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler><br>
                        <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler><br>
                        <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler><br>
                </icfc:resultsHandlerConfiguration><br>
        </connectorConfiguration><br>
<br>
3. Which can then be successfully imported to the admin UI.<br>
<br>
4. When I list the resources, I get an error:<br>
<br>
2015-12-21 14:49:00,921 [UCF] [http-nio-8080-exec-8] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception java.lang.NullPointerException in connector:bcf82b24-29fa-490a-8210-bc7ce827af3d(ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.2.0): resource:d0811790-1d80-11e4-86b2-3c970e467874(OpenLDAP): null<br>
java.lang.NullPointerException: null<br>
        at org.apache.directory.ldap.client.api.LdapNetworkConnection.<init>(LdapNetworkConnection.java:231) ~[api-all-1.0.0-M32-e1.jar:1.0.0-M32-e1]<br>
        at org.apache.directory.ldap.client.api.LdapNetworkConnection.<init>(LdapNetworkConnection.java:360) ~[api-all-1.0.0-M32-e1.jar:1.0.0-M32-e1]<br>
        at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.connect(AbstractLdapConnector.java:1115) ~[connector-ldap-1.4.2.0.jar:na]<br>
        at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.init(AbstractLdapConnector.java:165) ~[connector-ldap-1.4.2.0.jar:na]<br>
        at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.makeObject(ConnectorPoolManager.java:131) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.makeObject(ConnectorPoolManager.java:83) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at org.identityconnectors.framework.impl.api.local.ObjectPool.makeObject(ObjectPool.java:398) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObjectNoTest(ObjectPool.java:294) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:248) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:87) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
        at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source) ~[na:na]<br>
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_91]<br>
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]<br>
        at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
        at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source) ~[na:na]<br>
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_91]<br>
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]<br>
        at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
        at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source) ~[na:na]<br>
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_91]<br>
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]<br>
        at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
        at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.schema(AbstractConnectorFacade.java:145) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
        at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:588) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:498) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1) [provisioning-impl-3.3.jar:na]<br>
        at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [aspectjtools-1.7.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:473) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:162) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:129) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:834) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:258) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:159) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:130) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.completeObject(ProvisioningServiceImpl.java:633) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchRepoObjects(ProvisioningServiceImpl.java:561) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjects_aroundBody6(ProvisioningServiceImpl.java:500) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure7.run(ProvisioningServiceImpl.java:1) [provisioning-impl-3.3.jar:na]<br>
        at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [aspectjtools-1.7.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjects(ProvisioningServiceImpl.java:486) [provisioning-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.model.impl.controller.ModelController.searchObjects_aroundBody8(ModelController.java:846) [model-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.model.impl.controller.ModelController$AjcClosure9.run(ModelController.java:1) [model-impl-3.3.jar:na]<br>
        at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [aspectjtools-1.7.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:63) [util-3.3.jar:na]<br>
        at com.evolveum.midpoint.model.impl.controller.ModelController.searchObjects(ModelController.java:799) [model-impl-3.3.jar:na]<br>
        at com.evolveum.midpoint.web.component.data.ObjectDataProvider.internalIterator(ObjectDataProvider.java:123) [classes/:na]<br>
        at com.evolveum.midpoint.web.component.data.BaseSortableDataProvider.iterator(BaseSortableDataProvider.java:190) [classes/:na]<br>
        at org.apache.wicket.markup.repeater.data.DataViewBase$ModelIterator.<init>(DataViewBase.java:107) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.markup.repeater.data.DataViewBase.getItemModels(DataViewBase.java:74) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.markup.repeater.AbstractPageableView.getItemModels(AbstractPageableView.java:101) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.markup.repeater.RefreshingView.onPopulate(RefreshingView.java:93) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:123) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.markup.repeater.AbstractPageableView.onBeforeRender(AbstractPageableView.java:115) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.markup.html.form.Form.onBeforeRender(Form.java:1803) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Page.onBeforeRender(Page.java:809) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.internalPrepareForRender(Component.java:2201) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Page.internalPrepareForRender(Page.java:240) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Component.render(Component.java:2290) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.Page.renderPage(Page.java:1024) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:139) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:284) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) [wicket-request-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) [wicket-core-6.20.0.jar:6.20.0]<br>
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.29]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]<br>
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]<br>
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.29]<br>
        at com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:78) [classes/:na]<br>
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.29]<br>
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) [catalina.jar:8.0.29]<br>
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096) [tomcat-coyote.jar:8.0.29]<br>
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674) [tomcat-coyote.jar:8.0.29]<br>
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-coyote.jar:8.0.29]<br>
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-coyote.jar:8.0.29]<br>
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_91]<br>
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_91]<br>
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.29]<br>
        at java.lang.Thread.run(Thread.java:745) [na:1.7.0_91]<br>
[midpoint@localhost fortress]$<br>
<br>
<br>
5. Here is the connector that's active:<br>
 <icfc:configurationProperties xmlns:gen189="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector</a>"><br>
<br>
6. Here is the resource as currently configured in my env:<br>
<resource xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>" xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>" xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>" xmlns:t="<a href="http://prism.evolveum.com/xml/ns/public/types-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/types-3</a>" oid="d0811790-1d80-11e4-86b2-3c970e467874" version="0"><br>
    <name>OpenLDAP</name><br>
    <description><br>
            LDAP resource using a ConnId LDAP connector. It contains configuration<br>
            for use with OpenLDAP servers.<br>
        </description><br>
    <metadata><br>
        <createTimestamp>2015-12-19T01:12:45.236Z</createTimestamp><br>
        <creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"/><br>
        <createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel><br>
    </metadata><br>
    <connectorRef oid="bcf82b24-29fa-490a-8210-bc7ce827af3d" type="c:ConnectorType"><br>
        <!-- ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.2.0 --><br>
        <description><br>
                Reference to the OpenICF LDAP connector. This is dynamic reference, it will be translated to<br>
                OID during import.<br>
            </description><br>
        <filter><br>
            <q:equal><br>
                <q:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">c:connectorType</q:path><br>
                <q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value><br>
            </q:equal><br>
        </filter><br>
    </connectorRef><br>
    <connectorConfiguration xmlns:icfc="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3</a>"><br>
        <icfc:resultsHandlerConfiguration><br>
            <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler><br>
            <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler><br>
            <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler><br>
        </icfc:resultsHandlerConfiguration><br>
        <icfc:configurationProperties xmlns:gen189="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector</a>"><br>
            <gen189:port>389</gen189:port><br>
            <gen189:vlvSortAttribute>uid</gen189:vlvSortAttribute><br>
            <gen189:baseContext>dc=example,dc=com</gen189:baseContext><br>
            <gen189:vlvSortOrderingRule>2.5.13.3</gen189:vlvSortOrderingRule><br>
            <gen189:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</gen189:bindDn><br>
            <gen189:pagingStrategy>auto</gen189:pagingStrategy><br>
            <gen189:operationalAttributes>memberOf</gen189:operationalAttributes><br>
            <gen189:operationalAttributes>createTimestamp</gen189:operationalAttributes><br>
            <gen189:host>10.72.85.21</gen189:host><br>
            <gen189:bindPassword><br>
                <t:encryptedData><br>
                    <t:encryptionMethod><br>
                        <t:algorithm><a href="http://www.w3.org/2001/04/xmlenc#aes128-cbc" rel="noreferrer" target="_blank">http://www.w3.org/2001/04/xmlenc#aes128-cbc</a></t:algorithm><br>
                    </t:encryptionMethod><br>
                    <t:keyInfo><br>
                        <t:keyName>R7wh8+ARxcNGTzk5EsXG79KJvgA=</t:keyName><br>
                    </t:keyInfo><br>
                    <t:cipherData><br>
                        <t:cipherValue>Sim3cp2FMxa4XXlPiO4QgpDS8BNhMN6v57HBtQ7WbX0=</t:cipherValue><br>
                    </t:cipherData><br>
                </t:encryptedData><br>
            </gen189:bindPassword><br>
        </icfc:configurationProperties><br>
    </connectorConfiguration><br>
    <schema><br>
        <generationConstraints><br>
            <generateObjectClass>ri:inetOrgPerson</generateObjectClass><br>
            <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass><br>
            <generateObjectClass>ri:groupOfNames</generateObjectClass><br>
            <generateObjectClass>ri:organizationalUnit</generateObjectClass><br>
        </generationConstraints><br>
    </schema><br>
    <schemaHandling><br>
        <objectType><br>
            <kind>account</kind><br>
            <displayName>Normal Account</displayName><br>
            <default>true</default><br>
            <objectClass>ri:inetOrgPerson</objectClass><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:dn</c:ref><br>
                <displayName>Distinguished Name</displayName><br>
                <limitations><br>
                    <minOccurs>0</minOccurs><br>
                    <access><br>
                        <read>true</read><br>
                        <add>true</add><br>
                        <modify>true</modify><br>
                    </access><br>
                </limitations><br>
                <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
                <outbound><br>
                    <source><br>
                        <c:path>$user/name</c:path><br>
                    </source><br>
                    <expression><br>
                        <script><br>
                            <code><br>
                                                                'uid=' + name + iterationToken + ',ou=people,dc=example,dc=com'<br>
                                                        </code><br>
                        </script><br>
                    </expression><br>
                </outbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:entryUUID</c:ref><br>
                <displayName>Entry UUID</displayName><br>
                <limitations><br>
                    <access><br>
                        <read>true</read><br>
                        <add>false</add><br>
                        <modify>true</modify><br>
                    </access><br>
                </limitations><br>
                <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:cn</c:ref><br>
                <displayName>Common Name</displayName><br>
                <limitations><br>
                    <minOccurs>0</minOccurs><br>
                    <access><br>
                        <read>true</read><br>
                        <add>true</add><br>
                        <modify>true</modify><br>
                    </access><br>
                </limitations><br>
                <outbound><br>
                    <source><br>
                        <c:path>$user/fullName</c:path><br>
                    </source><br>
                </outbound><br>
                <inbound><br>
                    <target><br>
                        <c:path>$user/fullName</c:path><br>
                    </target><br>
                </inbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:sn</c:ref><br>
                <displayName>Surname</displayName><br>
                <limitations><br>
                    <minOccurs>0</minOccurs><br>
                </limitations><br>
                <outbound><br>
                    <source><br>
                        <c:path>familyName</c:path><br>
                    </source><br>
                </outbound><br>
                <inbound><br>
                    <target><br>
                        <c:path>familyName</c:path><br>
                    </target><br>
                </inbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:givenName</c:ref><br>
                <displayName>Given Name</displayName><br>
                <outbound><br>
                    <source><br>
                        <c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">$c:user/c:givenName</c:path><br>
                    </source><br>
                </outbound><br>
                <inbound><br>
                    <target><br>
                        <c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">$c:user/c:givenName</c:path><br>
                    </target><br>
                </inbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:uid</c:ref><br>
                <displayName>Login Name</displayName><br>
                <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
                <outbound><br>
                    <strength>weak</strength><br>
                    <source><br>
                        <description>Source may have description</description><br>
                        <c:path>$user/name</c:path><br>
                    </source><br>
                    <expression><br>
                        <script><br>
                            <code>name + iterationToken</code><br>
                        </script><br>
                    </expression><br>
                </outbound><br>
                <inbound><br>
                    <target><br>
                        <description>Targets may have description</description><br>
                        <c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">$c:user/c:name</c:path><br>
                    </target><br>
                </inbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:description</c:ref><br>
                <outbound><br>
                    <strength>weak</strength><br>
                    <expression><br>
                        <description>Expression that assigns a fixed value</description><br>
                        <value>Created by midPoint</value><br>
                    </expression><br>
                </outbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:l</c:ref><br>
                <displayName>Location</displayName><br>
                <outbound><br>
                    <source><br>
                        <c:path>$user/locality</c:path><br>
                    </source><br>
                </outbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:employeeType</c:ref><br>
                <displayName>Employee Type</displayName><br>
                <tolerant>false</tolerant><br>
                <outbound><br>
                    <source><br>
                        <c:path>$user/employeeType</c:path><br>
                    </source><br>
                </outbound><br>
            </attribute><br>
            <association><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:group</c:ref><br>
                <displayName>LDAP Group Membership</displayName><br>
                <kind>entitlement</kind><br>
                <intent>ldapGroup</intent><br>
                <direction>objectToSubject</direction><br>
                <associationAttribute>ri:member</associationAttribute><br>
                <valueAttribute>ri:dn</valueAttribute><br>
            </association><br>
            <iteration><br>
                <maxIterations>5</maxIterations><br>
            </iteration><br>
            <protected><br>
                <filter><br>
                    <q:equal><br>
                        <q:matching><a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</a></q:matching><br>
                        <q:path xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">attributes/ri:dn</q:path><br>
                        <q:value>cn=idm,ou=Administrators,dc=example,dc=com</q:value><br>
                    </q:equal><br>
                </filter><br>
            </protected><br>
            <activation><br>
                <administrativeStatus><br>
                    <outbound/><br>
                    <inbound><br>
                        <strength>weak</strength><br>
                        <expression><br>
                            <asIs/><br>
                        </expression><br>
                    </inbound><br>
                </administrativeStatus><br>
            </activation><br>
            <credentials><br>
                <password><br>
                    <outbound><br>
                        <expression><br>
                            <asIs/><br>
                        </expression><br>
                    </outbound><br>
                    <inbound><br>
                        <strength>weak</strength><br>
                        <expression><br>
                            <generate/><br>
                        </expression><br>
                    </inbound><br>
                </password><br>
            </credentials><br>
        </objectType><br>
        <objectType><br>
            <kind>entitlement</kind><br>
            <intent>ldapGroup</intent><br>
            <displayName>LDAP Group</displayName><br>
            <objectClass>ri:groupOfNames</objectClass><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:dn</c:ref><br>
                <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
                <outbound><br>
                    <source><br>
                        <c:path>$focus/name</c:path><br>
                    </source><br>
                    <expression><br>
                        <script><br>
                            <code><br>
                                                                import javax.naming.ldap.Rdn<br>
                                                                import javax.naming.ldap.LdapName<br>
<br>
                                                                dn = new LdapName('ou=groups,dc=example,dc=com')<br>
                                                                dn.add(new Rdn('cn', name.toString()))<br>
                                                                return dn.toString()<br>
                                                        </code><br>
                        </script><br>
                    </expression><br>
                </outbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:member</c:ref><br>
                <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:distinguishedName</matchingRule><br>
                <fetchStrategy>minimal</fetchStrategy><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:cn</c:ref><br>
                <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
                <outbound><br>
                    <strength>weak</strength><br>
                    <source><br>
                        <c:path>$focus/name</c:path><br>
                    </source><br>
                </outbound><br>
            </attribute><br>
            <attribute><br>
                <c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:description</c:ref><br>
                <outbound><br>
                    <source><br>
                        <c:path>description</c:path><br>
                    </source><br>
                </outbound><br>
            </attribute><br>
            <configuredCapabilities xmlns:cap="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3</a>"><br>
                <cap:pagedSearch><br>
                    <cap:defaultSortField>ri:uid</cap:defaultSortField><br>
                </cap:pagedSearch><br>
            </configuredCapabilities><br>
        </objectType><br>
    </schemaHandling><br>
    <consistency><br>
        <avoidDuplicateValues>true</avoidDuplicateValues><br>
    </consistency><br>
    <synchronization><br>
        <objectSynchronization><br>
            <enabled>true</enabled><br>
            <correlation><br>
                <q:description><br>
                            Correlation expression is a search query.<br>
                            Following search queury will look for users that have "name"<br>
                            equal to the "uid" attribute of the account. Simply speaking,<br>
                            it will look for match in usernames in the IDM and the resource.<br>
                            The correlation rule always looks for users, so it will not match<br>
                            any other object type.<br>
                        </q:description><br>
                <q:equal><br>
                    <q:path>name</q:path><br>
                    <expression><br>
                        <c:path xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">declare namespace ri='<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>'; $account/attributes/ri:uid</c:path><br>
                    </expression><br>
                </q:equal><br>
            </correlation><br>
            <reaction><br>
                <situation>linked</situation><br>
                <synchronize>true</synchronize><br>
            </reaction><br>
            <reaction><br>
                <situation>deleted</situation><br>
                <synchronize>true</synchronize><br>
                <action><br>
                    <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</a></handlerUri><br>
                </action><br>
            </reaction><br>
            <reaction><br>
                <situation>unlinked</situation><br>
                <synchronize>true</synchronize><br>
                <action><br>
                    <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri><br>
                </action><br>
            </reaction><br>
            <reaction><br>
                <situation>unmatched</situation><br>
                <synchronize>true</synchronize><br>
                <action><br>
                    <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</a></handlerUri><br>
                </action><br>
            </reaction><br>
        </objectSynchronization><br>
    </synchronization><br>
</resource><br>
<br>
<br>
Shawn<br>
<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">s pozdravom<div><br></div><div>Gustáv Pálos</div></div>
</div></div></div>