<div dir="ltr">Hi Shawn,<div><br></div><div>before Christmas we upgraded <a href="http://demo.evolveum.com">demo.evolveum.com</a> to OpenLDAP with the latest LDAP Connector and fix some issues.</div><div>Can you download <a href="https://github.com/Evolveum/connector-ldap/">master LDAP connector</a>, build it and check with you configuration?<br></div><div><br></div><div>PF 2016<br></div><div><br></div><div>Gusto</div><div><br><div class="gmail_extra"><br><div class="gmail_quote">2015-12-21 15:52 GMT+01:00 Shawn McKinney <span dir="ltr"><<a href="mailto:smckinney@symas.com" target="_blank">smckinney@symas.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hello<br>
<br>
I am working on a sample deployment of Midpoint 3.3. Here are some details:<br>
<br>
O/S : CentOS 7 64-bit<br>
JDK : java version “1.7.0_91”, OpenJDK Runtime Environment (rhel-2.6.2.1.el7_1-x86_64 u91-b00), OpenJDK 64-Bit Server VM (build 24.91-b01, mixed mode)<br>
Tomcat : 8.0.29<br>
PostgreSQL : PostgreSQL 9.2.14 on x86_64-redhat-linux-gnu<br>
OpenLDAP : slapd 2.4.43<br>
<br>
The current task, get openldap setup as a resource with Midpoint so it can start to manage accounts.<br>
<br>
Here are some specifics about the openldap deployment.<br>
<br>
1. in the slapd.conf I have added the following acls:<br>
# midpoint ACLs:<br>
<br>
access to attrs=userPassword,shadowLastChange by dn="cn=idm,ou=Administrators,dc=example,dc=com" write<br>
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write<br>
by anonymous auth by self write<br>
by * none<br>
<br>
access to dn.base=""<br>
by * read<br>
<br>
access to dn.subtree="ou=people,dc=example,dc=com"<br>
by dn="cn=idm,ou=Administrators,dc=example,dc=com" write<br>
<br>
access to dn.subtree="ou=groups,dc=example,dc=com"<br>
by dn="cn=idm,ou=Administrators,dc=example,dc=com" write<br>
<br>
access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write<br>
by dn="cn=idm,ou=Administrators,dc=example,dc=com" read by self read by * none<br>
<br>
2. I have added the following user to the directory to be used by midpoint connections:<br>
dn: cn=idm,ou=Administrators,dc=example,dc=com<br>
objectClass: inetOrgPerson<br>
cn: idm<br>
sn: IDM Administrator<br>
description: Special LDAP acccount used by the IDM to access the LDAP data.<br>
userPassword:: e1NTSEF9UjVLRjNLNFgyRlg1Z2tXS3VEeG00TTZnWnlPMFFnTkY=<br>
<br>
3. I have successfully tested creating connections with this user with another application (apache directory studio).<br>
<br>
<br>
Here are some details about my openldap setup. It is failing when I try to list resources using the admin UI. Can you help?<br>
<br>
1. I used this file as the base config: <a href="https://github.com/Evolveum/midpoint/blob/master/samples/resources/openldap/openldap-localhost-medium.xml" rel="noreferrer" target="_blank">https://github.com/Evolveum/midpoint/blob/master/samples/resources/openldap/openldap-localhost-medium.xml</a><br>
<br>
2. with some changes:<br>
<icfc:configurationProperties><br>
<icfcldap:port>389</icfcldap:port><br>
<icfcldap:host>10.72.85.21</icfcldap:host><br>
<icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext><br>
<icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn><br>
<icfcldap:bindPassword><t:clearValue>secret</t:clearValue></icfcldap:bindPassword><br>
<icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy><br>
<!--icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm--><br>
<icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute><br>
<icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule><br>
<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes><br>
<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes><br>
</icfc:configurationProperties><br>
<icfc:resultsHandlerConfiguration><br>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler><br>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler><br>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler><br>
</icfc:resultsHandlerConfiguration><br>
</connectorConfiguration><br>
<br>
3. Which can then be successfully imported to the admin UI.<br>
<br>
4. When I list the resources, I get an error:<br>
<br>
2015-12-21 14:49:00,921 [UCF] [http-nio-8080-exec-8] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception java.lang.NullPointerException in connector:bcf82b24-29fa-490a-8210-bc7ce827af3d(ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.2.0): resource:d0811790-1d80-11e4-86b2-3c970e467874(OpenLDAP): null<br>
java.lang.NullPointerException: null<br>
at org.apache.directory.ldap.client.api.LdapNetworkConnection.<init>(LdapNetworkConnection.java:231) ~[api-all-1.0.0-M32-e1.jar:1.0.0-M32-e1]<br>
at org.apache.directory.ldap.client.api.LdapNetworkConnection.<init>(LdapNetworkConnection.java:360) ~[api-all-1.0.0-M32-e1.jar:1.0.0-M32-e1]<br>
at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.connect(AbstractLdapConnector.java:1115) ~[connector-ldap-1.4.2.0.jar:na]<br>
at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.init(AbstractLdapConnector.java:165) ~[connector-ldap-1.4.2.0.jar:na]<br>
at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.makeObject(ConnectorPoolManager.java:131) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.makeObject(ConnectorPoolManager.java:83) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at org.identityconnectors.framework.impl.api.local.ObjectPool.makeObject(ObjectPool.java:398) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObjectNoTest(ObjectPool.java:294) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:248) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:87) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source) ~[na:na]<br>
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_91]<br>
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]<br>
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source) ~[na:na]<br>
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_91]<br>
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]<br>
at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source) ~[na:na]<br>
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_91]<br>
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_91]<br>
at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at com.sun.proxy.$Proxy163.schema(Unknown Source) ~[na:na]<br>
at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.schema(AbstractConnectorFacade.java:145) ~[connector-framework-internal-1.4.2.0.jar:na]<br>
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:588) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:498) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1) [provisioning-impl-3.3.jar:na]<br>
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [aspectjtools-1.7.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:78) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:473) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:162) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:129) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:834) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:258) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:159) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:130) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.completeObject(ProvisioningServiceImpl.java:633) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchRepoObjects(ProvisioningServiceImpl.java:561) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjects_aroundBody6(ProvisioningServiceImpl.java:500) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure7.run(ProvisioningServiceImpl.java:1) [provisioning-impl-3.3.jar:na]<br>
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [aspectjtools-1.7.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:68) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjects(ProvisioningServiceImpl.java:486) [provisioning-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.model.impl.controller.ModelController.searchObjects_aroundBody8(ModelController.java:846) [model-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.model.impl.controller.ModelController$AjcClosure9.run(ModelController.java:1) [model-impl-3.3.jar:na]<br>
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) [aspectjtools-1.7.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:178) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:63) [util-3.3.jar:na]<br>
at com.evolveum.midpoint.model.impl.controller.ModelController.searchObjects(ModelController.java:799) [model-impl-3.3.jar:na]<br>
at com.evolveum.midpoint.web.component.data.ObjectDataProvider.internalIterator(ObjectDataProvider.java:123) [classes/:na]<br>
at com.evolveum.midpoint.web.component.data.BaseSortableDataProvider.iterator(BaseSortableDataProvider.java:190) [classes/:na]<br>
at org.apache.wicket.markup.repeater.data.DataViewBase$ModelIterator.<init>(DataViewBase.java:107) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.markup.repeater.data.DataViewBase.getItemModels(DataViewBase.java:74) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.markup.repeater.AbstractPageableView.getItemModels(AbstractPageableView.java:101) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.markup.repeater.RefreshingView.onPopulate(RefreshingView.java:93) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:123) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.markup.repeater.AbstractPageableView.onBeforeRender(AbstractPageableView.java:115) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.markup.html.form.Form.onBeforeRender(Form.java:1803) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.onBeforeRender(Component.java:3833) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Page.onBeforeRender(Page.java:809) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalBeforeRender(Component.java:949) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.beforeRender(Component.java:1017) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.internalPrepareForRender(Component.java:2201) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Page.internalPrepareForRender(Page.java:240) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Component.render(Component.java:2290) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.Page.renderPage(Page.java:1024) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:139) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:284) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) [wicket-request-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) [wicket-core-6.20.0.jar:6.20.0]<br>
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.29]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]<br>
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]<br>
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]<br>
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.29]<br>
at com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:78) [classes/:na]<br>
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.29]<br>
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [catalina.jar:8.0.29]<br>
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.29]<br>
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.29]<br>
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.29]<br>
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) [catalina.jar:8.0.29]<br>
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096) [tomcat-coyote.jar:8.0.29]<br>
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674) [tomcat-coyote.jar:8.0.29]<br>
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-coyote.jar:8.0.29]<br>
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-coyote.jar:8.0.29]<br>
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_91]<br>
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_91]<br>
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.29]<br>
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_91]<br>
[midpoint@localhost fortress]$<br>
<br>
<br>
5. Here is the connector that's active:<br>
<icfc:configurationProperties xmlns:gen189="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector</a>"><br>
<br>
6. Here is the resource as currently configured in my env:<br>
<resource xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>" xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>" xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>" xmlns:t="<a href="http://prism.evolveum.com/xml/ns/public/types-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/types-3</a>" oid="d0811790-1d80-11e4-86b2-3c970e467874" version="0"><br>
<name>OpenLDAP</name><br>
<description><br>
LDAP resource using a ConnId LDAP connector. It contains configuration<br>
for use with OpenLDAP servers.<br>
</description><br>
<metadata><br>
<createTimestamp>2015-12-19T01:12:45.236Z</createTimestamp><br>
<creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"/><br>
<createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel><br>
</metadata><br>
<connectorRef oid="bcf82b24-29fa-490a-8210-bc7ce827af3d" type="c:ConnectorType"><br>
<!-- ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.2.0 --><br>
<description><br>
Reference to the OpenICF LDAP connector. This is dynamic reference, it will be translated to<br>
OID during import.<br>
</description><br>
<filter><br>
<q:equal><br>
<q:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">c:connectorType</q:path><br>
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value><br>
</q:equal><br>
</filter><br>
</connectorRef><br>
<connectorConfiguration xmlns:icfc="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3</a>"><br>
<icfc:resultsHandlerConfiguration><br>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler><br>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler><br>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler><br>
</icfc:resultsHandlerConfiguration><br>
<icfc:configurationProperties xmlns:gen189="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector</a>"><br>
<gen189:port>389</gen189:port><br>
<gen189:vlvSortAttribute>uid</gen189:vlvSortAttribute><br>
<gen189:baseContext>dc=example,dc=com</gen189:baseContext><br>
<gen189:vlvSortOrderingRule>2.5.13.3</gen189:vlvSortOrderingRule><br>
<gen189:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</gen189:bindDn><br>
<gen189:pagingStrategy>auto</gen189:pagingStrategy><br>
<gen189:operationalAttributes>memberOf</gen189:operationalAttributes><br>
<gen189:operationalAttributes>createTimestamp</gen189:operationalAttributes><br>
<gen189:host>10.72.85.21</gen189:host><br>
<gen189:bindPassword><br>
<t:encryptedData><br>
<t:encryptionMethod><br>
<t:algorithm><a href="http://www.w3.org/2001/04/xmlenc#aes128-cbc" rel="noreferrer" target="_blank">http://www.w3.org/2001/04/xmlenc#aes128-cbc</a></t:algorithm><br>
</t:encryptionMethod><br>
<t:keyInfo><br>
<t:keyName>R7wh8+ARxcNGTzk5EsXG79KJvgA=</t:keyName><br>
</t:keyInfo><br>
<t:cipherData><br>
<t:cipherValue>Sim3cp2FMxa4XXlPiO4QgpDS8BNhMN6v57HBtQ7WbX0=</t:cipherValue><br>
</t:cipherData><br>
</t:encryptedData><br>
</gen189:bindPassword><br>
</icfc:configurationProperties><br>
</connectorConfiguration><br>
<schema><br>
<generationConstraints><br>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass><br>
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass><br>
<generateObjectClass>ri:groupOfNames</generateObjectClass><br>
<generateObjectClass>ri:organizationalUnit</generateObjectClass><br>
</generationConstraints><br>
</schema><br>
<schemaHandling><br>
<objectType><br>
<kind>account</kind><br>
<displayName>Normal Account</displayName><br>
<default>true</default><br>
<objectClass>ri:inetOrgPerson</objectClass><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:dn</c:ref><br>
<displayName>Distinguished Name</displayName><br>
<limitations><br>
<minOccurs>0</minOccurs><br>
<access><br>
<read>true</read><br>
<add>true</add><br>
<modify>true</modify><br>
</access><br>
</limitations><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
<outbound><br>
<source><br>
<c:path>$user/name</c:path><br>
</source><br>
<expression><br>
<script><br>
<code><br>
'uid=' + name + iterationToken + ',ou=people,dc=example,dc=com'<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:entryUUID</c:ref><br>
<displayName>Entry UUID</displayName><br>
<limitations><br>
<access><br>
<read>true</read><br>
<add>false</add><br>
<modify>true</modify><br>
</access><br>
</limitations><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:cn</c:ref><br>
<displayName>Common Name</displayName><br>
<limitations><br>
<minOccurs>0</minOccurs><br>
<access><br>
<read>true</read><br>
<add>true</add><br>
<modify>true</modify><br>
</access><br>
</limitations><br>
<outbound><br>
<source><br>
<c:path>$user/fullName</c:path><br>
</source><br>
</outbound><br>
<inbound><br>
<target><br>
<c:path>$user/fullName</c:path><br>
</target><br>
</inbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:sn</c:ref><br>
<displayName>Surname</displayName><br>
<limitations><br>
<minOccurs>0</minOccurs><br>
</limitations><br>
<outbound><br>
<source><br>
<c:path>familyName</c:path><br>
</source><br>
</outbound><br>
<inbound><br>
<target><br>
<c:path>familyName</c:path><br>
</target><br>
</inbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:givenName</c:ref><br>
<displayName>Given Name</displayName><br>
<outbound><br>
<source><br>
<c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">$c:user/c:givenName</c:path><br>
</source><br>
</outbound><br>
<inbound><br>
<target><br>
<c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">$c:user/c:givenName</c:path><br>
</target><br>
</inbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:uid</c:ref><br>
<displayName>Login Name</displayName><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
<outbound><br>
<strength>weak</strength><br>
<source><br>
<description>Source may have description</description><br>
<c:path>$user/name</c:path><br>
</source><br>
<expression><br>
<script><br>
<code>name + iterationToken</code><br>
</script><br>
</expression><br>
</outbound><br>
<inbound><br>
<target><br>
<description>Targets may have description</description><br>
<c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">$c:user/c:name</c:path><br>
</target><br>
</inbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:description</c:ref><br>
<outbound><br>
<strength>weak</strength><br>
<expression><br>
<description>Expression that assigns a fixed value</description><br>
<value>Created by midPoint</value><br>
</expression><br>
</outbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:l</c:ref><br>
<displayName>Location</displayName><br>
<outbound><br>
<source><br>
<c:path>$user/locality</c:path><br>
</source><br>
</outbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:employeeType</c:ref><br>
<displayName>Employee Type</displayName><br>
<tolerant>false</tolerant><br>
<outbound><br>
<source><br>
<c:path>$user/employeeType</c:path><br>
</source><br>
</outbound><br>
</attribute><br>
<association><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:group</c:ref><br>
<displayName>LDAP Group Membership</displayName><br>
<kind>entitlement</kind><br>
<intent>ldapGroup</intent><br>
<direction>objectToSubject</direction><br>
<associationAttribute>ri:member</associationAttribute><br>
<valueAttribute>ri:dn</valueAttribute><br>
</association><br>
<iteration><br>
<maxIterations>5</maxIterations><br>
</iteration><br>
<protected><br>
<filter><br>
<q:equal><br>
<q:matching><a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</a></q:matching><br>
<q:path xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">attributes/ri:dn</q:path><br>
<q:value>cn=idm,ou=Administrators,dc=example,dc=com</q:value><br>
</q:equal><br>
</filter><br>
</protected><br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
<inbound><br>
<strength>weak</strength><br>
<expression><br>
<asIs/><br>
</expression><br>
</inbound><br>
</administrativeStatus><br>
</activation><br>
<credentials><br>
<password><br>
<outbound><br>
<expression><br>
<asIs/><br>
</expression><br>
</outbound><br>
<inbound><br>
<strength>weak</strength><br>
<expression><br>
<generate/><br>
</expression><br>
</inbound><br>
</password><br>
</credentials><br>
</objectType><br>
<objectType><br>
<kind>entitlement</kind><br>
<intent>ldapGroup</intent><br>
<displayName>LDAP Group</displayName><br>
<objectClass>ri:groupOfNames</objectClass><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:dn</c:ref><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
<outbound><br>
<source><br>
<c:path>$focus/name</c:path><br>
</source><br>
<expression><br>
<script><br>
<code><br>
import javax.naming.ldap.Rdn<br>
import javax.naming.ldap.LdapName<br>
<br>
dn = new LdapName('ou=groups,dc=example,dc=com')<br>
dn.add(new Rdn('cn', name.toString()))<br>
return dn.toString()<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:member</c:ref><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:distinguishedName</matchingRule><br>
<fetchStrategy>minimal</fetchStrategy><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:cn</c:ref><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br>
<outbound><br>
<strength>weak</strength><br>
<source><br>
<c:path>$focus/name</c:path><br>
</source><br>
</outbound><br>
</attribute><br>
<attribute><br>
<c:ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:description</c:ref><br>
<outbound><br>
<source><br>
<c:path>description</c:path><br>
</source><br>
</outbound><br>
</attribute><br>
<configuredCapabilities xmlns:cap="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3</a>"><br>
<cap:pagedSearch><br>
<cap:defaultSortField>ri:uid</cap:defaultSortField><br>
</cap:pagedSearch><br>
</configuredCapabilities><br>
</objectType><br>
</schemaHandling><br>
<consistency><br>
<avoidDuplicateValues>true</avoidDuplicateValues><br>
</consistency><br>
<synchronization><br>
<objectSynchronization><br>
<enabled>true</enabled><br>
<correlation><br>
<q:description><br>
Correlation expression is a search query.<br>
Following search queury will look for users that have "name"<br>
equal to the "uid" attribute of the account. Simply speaking,<br>
it will look for match in usernames in the IDM and the resource.<br>
The correlation rule always looks for users, so it will not match<br>
any other object type.<br>
</q:description><br>
<q:equal><br>
<q:path>name</q:path><br>
<expression><br>
<c:path xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">declare namespace ri='<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>'; $account/attributes/ri:uid</c:path><br>
</expression><br>
</q:equal><br>
</correlation><br>
<reaction><br>
<situation>linked</situation><br>
<synchronize>true</synchronize><br>
</reaction><br>
<reaction><br>
<situation>deleted</situation><br>
<synchronize>true</synchronize><br>
<action><br>
<handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</a></handlerUri><br>
</action><br>
</reaction><br>
<reaction><br>
<situation>unlinked</situation><br>
<synchronize>true</synchronize><br>
<action><br>
<handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri><br>
</action><br>
</reaction><br>
<reaction><br>
<situation>unmatched</situation><br>
<synchronize>true</synchronize><br>
<action><br>
<handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</a></handlerUri><br>
</action><br>
</reaction><br>
</objectSynchronization><br>
</synchronization><br>
</resource><br>
<br>
<br>
Shawn<br>
<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">s pozdravom<div><br></div><div>Gustáv Pálos</div></div>
</div></div></div>