<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>Hi Ivan,</div>
<div><br>
</div>
<div>Thanks for some of the hints on this one ;) Got it all resolved now realised the Live Sync job for the User accounts was not running.</div>
<div><br>
</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE">
<div>
<div>
<div>Thanks</div>
<div>Martin</div>
<hr align="left" noshade="noshade" size="1" width="250px">
<b style="font-family: Helvetica, helvetica, San-Serif; font-size: 12px; color: rgb(29, 96, 132); text-transform: uppercase; line-height: 28px;"></b>
<div><font color="#1d6084" face="Helvetica,helvetica,San-Serif"><span style="font-size: 12px; line-height: 28px; text-transform: uppercase;"><b>MARTIN HERBERT</b></span></font><br>
<span style="color: rgb(100, 100, 100); font-family: Helvetica, helvetica, San-Serif; font-size: 11px; line-height: 18px;">Hosting Support Manager </span></div>
<div><span style="font-family: Helvetica, helvetica, San-Serif; font-size: 11px; color: rgb(100, 100, 100); line-height: 18px;"><b>m</b>: +44 (0)7862 993003<br>
<b>skype:</b> live:mherbert84</span></div>
<div><font color="#646464" face="Helvetica,helvetica,San-Serif" size="2"><span style="line-height: 18px;"><br>
</span></font><a href="http://www.tahzoo.com/" style="color: rgb(0, 0, 0);"><img src="http://client.tahzoo.com/tahzoo/logo_blue_100w.png" height="30px"></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>midPoint <<a href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>> on behalf of Martin Herbert <<a href="mailto:martinh@tahzoo.com">martinh@tahzoo.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday, 20 April 2016 at 13:27<br>
<span style="font-weight:bold">To: </span>midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [midPoint] Group Synchronisation - Active Directory<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>Hi Ivan,</div>
<div><br>
</div>
<div>OK so the association on the Group object type isn’t in the samples so not sure how that ended up in there, but yes we have been using the wizard. I now have the got past the first error however still not able to update the group by adding new users.
The user association shows in the GUI, but as not present in AD and there is no errors.</div>
<div><br>
</div>
<div>Association now shows as below for the User object type under schema handling.</div>
<div><br>
</div>
<div>
<div><association></div>
<div> <c:ref>ri:group</c:ref></div>
<div> <displayName>AD Group Membership</displayName></div>
<div> <kind>entitlement</kind></div>
<div> <intent>group</intent></div>
<div> <direction>objectToSubject</direction></div>
<div> <associationAttribute>ri:member</associationAttribute></div>
<div> <valueAttribute>icfs:name</valueAttribute></div>
<div> <explicitReferentialIntegrity>false</explicitReferentialIntegrity></div>
<div> </association></div>
</div>
<div><br>
</div>
<div>With the group object type of below</div>
<div><br>
</div>
<div>
<div> <objectType></div>
<div> <kind>entitlement</kind></div>
<div> <intent>group</intent></div>
<div> <displayName>Default Group</displayName></div>
<div> <default>true</default></div>
<div> <objectClass>ri:CustomGroupObjectClass</objectClass></div>
<div> <attribute></div>
<div> <c:ref>ri:samAccountName</c:ref></div>
<div> <tolerant>true</tolerant></div>
<div> <exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <source></div>
<div> <c:path>$focus/name</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <target></div>
<div> <c:path>$focus/name</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
<div> <attribute></div>
<div> <c:ref>icfs:description</c:ref></div>
<div> <tolerant>true</tolerant></div>
<div> <exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <source></div>
<div> <c:path>$focus/description</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <target></div>
<div> <c:path>$focus/description</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
<div> <attribute></div>
<div> <c:ref>icfs:name</c:ref></div>
<div> <displayName>Distinguished Name</displayName></div>
<div> <tolerant>true</tolerant></div>
<div> <exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <source></div>
<div> <c:path>$focus/name</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script></div>
<div> <code></div>
<div> 'cn='+name+',ou=Groups,ou=REDACTED'</div>
<div> </code></div>
<div> </script></div>
<div> </expression></div>
<div> </outbound></div>
<div> </attribute></div>
<div> <attribute></div>
<div> <c:ref>ri:cn</c:ref></div>
<div> <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule">http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule</a>></div>
<div> <tolerant>true</tolerant></div>
<div> <exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <source></div>
<div> <c:path>$focus/name</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <authoritative>true</authoritative></div>
<div> <exclusive>false</exclusive></div>
<div> <strength>normal</strength></div>
<div> <target></div>
<div> <c:path>$focus/name</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div id="">
<div>Thanks</div>
<div>Martin</div>
<div></div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>midPoint <<a href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>> on behalf of Ivan Noris <<a href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
<span style="font-weight:bold">Organization: </span>Evolveum, s.r.o.<br>
<span style="font-weight:bold">Reply-To: </span>midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday, 20 April 2016 at 13:02<br>
<span style="font-weight:bold">To: </span>"<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>" <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [midPoint] Group Synchronisation - Active Directory<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div text="#000000" bgcolor="#FFFFFF">Martin,<br>
<br>
according to this and the previous error, I'd say you are missing <direction> element.<br>
Also <c:ref>.</c:ref> looks very strange. Was the resource created using resource wizard?<br>
<br>
Please see sample in samples/resources/ad/ad-resource-groups-medusa-advanced.xml:<br>
<br>
<!-- This defines an association between user and groups he is a member of --><br>
<association><br>
<ref>ri:group</ref><br>
<displayName>AD Group Membership</displayName><br>
<kind>entitlement</kind><br>
<intent>group</intent><br>
<b> <direction>objectToSubject</direction></b><br>
<associationAttribute>ri:member</associationAttribute><br>
<valueAttribute>icfs:name</valueAttribute><br>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity><br>
</association><br>
<br>
I'm usually not using wizard, but importing samples, so it might be you've hit bug in wizard...<br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 04/20/2016 01:33 PM, Martin Herbert wrote:<br>
</div>
<blockquote cite="mid:0962C3D1-30EB-4DB9-8B93-D61317C88AA2@tahzoo.com" type="cite">
<div>
<div>Hi Ivan,</div>
<div><br>
</div>
<div>Association element definition is below.</div>
<div><br>
</div>
<div>
<div><association></div>
<div> <c:ref>.</c:ref></div>
<div> <tolerant>true</tolerant></div>
<div> <exclusiveStrong>false</exclusiveStrong></div>
<div> <kind>entitlement</kind></div>
<div> <intent>group</intent></div>
<div> <associationAttribute>ri:member</associationAttribute></div>
<div> <valueAttribute>icfs:name</valueAttribute></div>
<div> <explicitReferentialIntegrity>false</explicitReferentialIntegrity></div>
<div> </association></div>
</div>
<div><br>
</div>
<div>MidPoint version is 3.3 with AD 2012 R2</div>
<div><br>
</div>
<div>
<div id="">
<div>Thanks</div>
<div>Martin</div>
<div><br>
</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt;
text-align:left; color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT:
0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>midPoint <<a moz-do-not-send="true" href="mailto:midpoint-bounces@lists.evolveum.com"></a><a class="moz-txt-link-abbreviated" href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>>
on behalf of Ivan Noris <<a moz-do-not-send="true" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
<span style="font-weight:bold">Organization: </span>Evolveum, s.r.o.<br>
<span style="font-weight:bold">Reply-To: </span>midPoint General Discussion <<a moz-do-not-send="true" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday, 20 April 2016 at 12:30<br>
<span style="font-weight:bold">To: </span>"<a moz-do-not-send="true" href="mailto:midpoint@lists.evolveum.com"></a><a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>" <<a moz-do-not-send="true" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [midPoint] Group Synchronisation - Active Directory<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div text="#000000" bgcolor="#FFFFFF">Hi,<br>
<br>
what is the association definition in the resource? (The <association> container in schema handling).<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 04/20/2016 12:17 PM, Martin Herbert wrote:<br>
</div>
<blockquote cite="mid:DACF7977-1574-4111-A772-04F66D78E471@tahzoo.com" type="cite">
<div>Hi Guys,</div>
<div><br>
</div>
<div>Trying to get Group synchronisation working with Active Directory. So far have the group being created without issue, but modifying the group suspends the Live Sync task with the following error.</div>
<div><br>
</div>
<div>
<table class="table table-striped table-condensed" about="table" id="id51f" style="box-sizing:
border-box; border-spacing: 0px; border-collapse:
collapse; width: 1043px; max-width: 100%;
margin-bottom: 20px; color: rgb(51, 51, 51);
font-family: 'Source Sans Pro', 'Helvetica Neue',
Helvetica, Arial, sans-serif; font-size: 14px;
padding-top: 0px;">
<tbody style="box-sizing: border-box;">
<tr id="id529" style="box-sizing: border-box;
background-color: rgb(249, 249, 249);">
<td style="box-sizing: border-box; padding: 5px;
line-height: 1.42857143; vertical-align: top;
border-top-width: 1px; border-top-style:
solid; border-top-color: rgb(244, 244, 244);">
<div style="box-sizing: border-box;">Internal Error: Unknown entitlement direction null in association com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition@33244c2b in
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="resource:bca287ee-054c-4cd4-b7e5-a1c5db470cea">
resource:bca287ee-054c-4cd4-b7e5-a1c5db470cea</a></div>
</td>
</tr>
<tr id="id52a" style="box-sizing: border-box;">
<td style="box-sizing: border-box; padding: 5px;
line-height: 1.42857143; vertical-align: top;
border-top-width: 1px; border-top-style:
solid; border-top-color: rgb(244, 244, 244);">
<br>
Any ideas what I’m doing wrong?</td>
</tr>
</tbody>
</table>
</div>
<div>
<div id="">
<div>Thanks</div>
<div>Martin</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</span></span><br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</span></span></div>
</div>
</span></span>
</body>
</html>