<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Martin,<br>
<br>
ok, glad to hear that!<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 04/20/2016 02:38 PM, Martin Herbert
wrote:<br>
</div>
<blockquote
cite="mid:6374AAB4-F595-429F-BB98-A7B484E916CA@tahzoo.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>
<div>
<div>Hi Ivan,</div>
<div><br>
</div>
<div>Thanks for some of the hints on this one ;) Got it all
resolved now realised the Live Sync job for the User
accounts was not running.</div>
<div><br>
</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE">
<div>
<div>
<div>Thanks</div>
<div>Martin</div>
<hr size="1" noshade="noshade" width="250px"
align="left">
<div><font face="Helvetica,helvetica,San-Serif"
color="#1d6084"><span style="font-size: 12px;
line-height: 28px; text-transform: uppercase;"><b>MARTIN
HERBERT</b></span></font><br>
<span style="color: rgb(100, 100, 100); font-family:
Helvetica, helvetica, San-Serif; font-size: 11px;
line-height: 18px;">Hosting Support Manager </span></div>
<div><span style="font-family: Helvetica, helvetica,
San-Serif; font-size: 11px; color: rgb(100, 100,
100); line-height: 18px;"><b>m</b>: +44 (0)7862
993003<br>
<b>skype:</b> live:mherbert84</span></div>
<div><font face="Helvetica,helvetica,San-Serif"
color="#646464" size="2"><span style="line-height:
18px;"><br>
</span></font><a moz-do-not-send="true"
href="http://www.tahzoo.com/" style="color: rgb(0,
0, 0);"><img moz-do-not-send="true"
src="http://client.tahzoo.com/tahzoo/logo_blue_100w.png"
height="30px"></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt;
text-align:left; color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT:
0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>midPoint <<a
moz-do-not-send="true"
href="mailto:midpoint-bounces@lists.evolveum.com"><a class="moz-txt-link-abbreviated" href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a></a>>
on behalf of Martin Herbert <<a moz-do-not-send="true"
href="mailto:martinh@tahzoo.com">martinh@tahzoo.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>midPoint
General Discussion <<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday, 20
April 2016 at 13:27<br>
<span style="font-weight:bold">To: </span>midPoint General
Discussion <<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [midPoint]
Group Synchronisation - Active Directory<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; color: rgb(0, 0,
0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>Hi Ivan,</div>
<div><br>
</div>
<div>OK so the association on the Group object type
isn’t in the samples so not sure how that ended up in
there, but yes we have been using the wizard. I now
have the got past the first error however still not
able to update the group by adding new users. The
user association shows in the GUI, but as not present
in AD and there is no errors.</div>
<div><br>
</div>
<div>Association now shows as below for the User object
type under schema handling.</div>
<div><br>
</div>
<div>
<div><association></div>
<div> <c:ref>ri:group</c:ref></div>
<div> <displayName>AD Group
Membership</displayName></div>
<div> <kind>entitlement</kind></div>
<div> <intent>group</intent></div>
<div>
<direction>objectToSubject</direction></div>
<div>
<associationAttribute>ri:member</associationAttribute></div>
<div>
<valueAttribute>icfs:name</valueAttribute></div>
<div>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity></div>
<div> </association></div>
</div>
<div><br>
</div>
<div>With the group object type of below</div>
<div><br>
</div>
<div>
<div> <objectType></div>
<div> <kind>entitlement</kind></div>
<div> <intent>group</intent></div>
<div> <displayName>Default
Group</displayName></div>
<div> <default>true</default></div>
<div>
<objectClass>ri:CustomGroupObjectClass</objectClass></div>
<div> <attribute></div>
<div>
<c:ref>ri:samAccountName</c:ref></div>
<div> <tolerant>true</tolerant></div>
<div>
<exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/name</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <target></div>
<div>
<c:path>$focus/name</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
<div> <attribute></div>
<div>
<c:ref>icfs:description</c:ref></div>
<div> <tolerant>true</tolerant></div>
<div>
<exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/description</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <target></div>
<div>
<c:path>$focus/description</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
<div> <attribute></div>
<div> <c:ref>icfs:name</c:ref></div>
<div> <displayName>Distinguished
Name</displayName></div>
<div> <tolerant>true</tolerant></div>
<div>
<exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/name</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script></div>
<div> <code></div>
<div> 'cn='+name+',ou=Groups,ou=REDACTED'</div>
<div> </code></div>
<div> </script></div>
<div> </expression></div>
<div> </outbound></div>
<div> </attribute></div>
<div> <attribute></div>
<div> <c:ref>ri:cn</c:ref></div>
<div> <matchingRule xmlns:mr="<a
moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/matching-rule-3%22%3Emr:stringIgnoreCase%3C/matchingRule"><a class="moz-txt-link-freetext" href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule</a>></div>
<div> <tolerant>true</tolerant></div>
<div>
<exclusiveStrong>false</exclusiveStrong></div>
<div> <outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/name</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <target></div>
<div>
<c:path>$focus/name</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div id="">
<div>Thanks</div>
<div>Martin</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt;
text-align:left; color:black; BORDER-BOTTOM: medium
none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in;
PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP:
#b5c4df 1pt solid; BORDER-RIGHT: medium none;
PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>midPoint
<<a moz-do-not-send="true"
href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>>
on behalf of Ivan Noris <<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
<span style="font-weight:bold">Organization: </span>Evolveum,
s.r.o.<br>
<span style="font-weight:bold">Reply-To: </span>midPoint
General Discussion <<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Date: </span>Wednesday,
20 April 2016 at 13:02<br>
<span style="font-weight:bold">To: </span>"<a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com"><a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></a>"
<<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re:
[midPoint] Group Synchronisation - Active Directory<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div text="#000000" bgcolor="#FFFFFF">Martin,<br>
<br>
according to this and the previous error, I'd say
you are missing <direction> element.<br>
Also <c:ref>.</c:ref> looks very
strange. Was the resource created using resource
wizard?<br>
<br>
Please see sample in
samples/resources/ad/ad-resource-groups-medusa-advanced.xml:<br>
<br>
<!-- This defines an association
between user and groups he is a member of --><br>
<association><br>
<ref>ri:group</ref><br>
<displayName>AD Group
Membership</displayName><br>
<kind>entitlement</kind><br>
<intent>group</intent><br>
<b>
<direction>objectToSubject</direction></b><br>
<associationAttribute>ri:member</associationAttribute><br>
<valueAttribute>icfs:name</valueAttribute><br>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity><br>
</association><br>
<br>
I'm usually not using wizard, but importing
samples, so it might be you've hit bug in
wizard...<br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 04/20/2016 01:33
PM, Martin Herbert wrote:<br>
</div>
<blockquote
cite="mid:0962C3D1-30EB-4DB9-8B93-D61317C88AA2@tahzoo.com"
type="cite">
<div>
<div>Hi Ivan,</div>
<div><br>
</div>
<div>Association element definition is below.</div>
<div><br>
</div>
<div>
<div><association></div>
<div>
<c:ref>.</c:ref></div>
<div>
<tolerant>true</tolerant></div>
<div>
<exclusiveStrong>false</exclusiveStrong></div>
<div>
<kind>entitlement</kind></div>
<div>
<intent>group</intent></div>
<div>
<associationAttribute>ri:member</associationAttribute></div>
<div>
<valueAttribute>icfs:name</valueAttribute></div>
<div>
<explicitReferentialIntegrity>false</explicitReferentialIntegrity></div>
<div> </association></div>
</div>
<div><br>
</div>
<div>MidPoint version is 3.3 with AD 2012 R2</div>
<div><br>
</div>
<div>
<div id="">
<div>Thanks</div>
<div>Martin</div>
<div><br>
</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri;
font-size:12pt; text-align:left;
color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM:
0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in;
BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT:
medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>midPoint
<<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>>
on behalf of Ivan Noris <<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"><a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a></a>><br>
<span style="font-weight:bold">Organization:
</span>Evolveum, s.r.o.<br>
<span style="font-weight:bold">Reply-To: </span>midPoint
General Discussion <<a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com"><a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></a>><br>
<span style="font-weight:bold">Date: </span>Wednesday,
20 April 2016 at 12:30<br>
<span style="font-weight:bold">To: </span>"<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:midpoint@lists.evolveum.com"><a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></a>"
<<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<span style="font-weight:bold">Subject: </span>Re:
[midPoint] Group Synchronisation - Active
Directory<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div text="#000000" bgcolor="#FFFFFF">Hi,<br>
<br>
what is the association definition in
the resource? (The <association>
container in schema handling).<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On
04/20/2016 12:17 PM, Martin Herbert
wrote:<br>
</div>
<blockquote
cite="mid:DACF7977-1574-4111-A772-04F66D78E471@tahzoo.com"
type="cite">
<div>Hi Guys,</div>
<div><br>
</div>
<div>Trying to get Group
synchronisation working with Active
Directory. So far have the group
being created without issue, but
modifying the group suspends the
Live Sync task with the following
error.</div>
<div><br>
</div>
<div>
<table class="table table-striped
table-condensed" about="table"
id="id51f" style="box-sizing:
border-box; border-spacing: 0px;
border-collapse: collapse; width:
1043px; max-width: 100%;
margin-bottom: 20px; color:
rgb(51, 51, 51); font-family:
'Source Sans Pro', 'Helvetica
Neue', Helvetica, Arial,
sans-serif; font-size: 14px;
padding-top: 0px;">
<tbody style="box-sizing:
border-box;">
<tr id="id529"
style="box-sizing: border-box;
background-color: rgb(249,
249, 249);">
<td style="box-sizing:
border-box; padding: 5px;
line-height: 1.42857143;
vertical-align: top;
border-top-width: 1px;
border-top-style: solid;
border-top-color: rgb(244,
244, 244);">
<div style="box-sizing:
border-box;">Internal
Error: Unknown entitlement
direction null in
association
com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition@33244c2b
in
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="resource:bca287ee-054c-4cd4-b7e5-a1c5db470cea">
resource:bca287ee-054c-4cd4-b7e5-a1c5db470cea</a></div>
</td>
</tr>
<tr id="id52a"
style="box-sizing:
border-box;">
<td style="box-sizing:
border-box; padding: 5px;
line-height: 1.42857143;
vertical-align: top;
border-top-width: 1px;
border-top-style: solid;
border-top-color: rgb(244,
244, 244);">
<br>
Any ideas what I’m doing
wrong?</td>
</tr>
</tbody>
</table>
</div>
<div>
<div id="">
<div>Thanks</div>
<div>Martin</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</span></span><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</span></span></div>
</div>
</span></span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</body>
</html>