<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Shawn,</p>
<p>looked at your objects, but found no cycle there. There are some
other objects referenced from them (roles <i>4340faa4-c635-47ce-96a6-03eb25bb3edf</i>
and <i>9c6d1dbe-1a87-11e5-b107-001e8c717e5b</i>, org <i>d10c1e42-7cda-44e0-9df9-45210194647b</i>)
that might contain the cycle.</p>
<p>Nevertheless: easier than to hunt a cycle in your data is
probably including a diagnostic statement into midPoint. I did
that, in <a
href="https://github.com/Evolveum/midpoint/commit/dada8f0b0210cd77a2ccd6fc2fcf1050c99921f2">this
commit</a>. So, I suggest you the following:</p>
<ol>
<li>build midPoint 3.5 with that commit applied to it</li>
<li>set logging for <tt>com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator</tt>
to DEBUG</li>
<li>manually import your file (<tt>850-user-aM1Admin.xml</tt>)</li>
<li>have a look at your log file<br>
</li>
</ol>
<p>You should see something like</p>
<p><tt>2017-01-11 13:46:08,330 [MODEL] [Thread-22] DEBUG
(com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator):
Role cycle detected for target role: rc2
(OID:0d3cc94b-df06-42b3-80f1-ecf1f1d65e97) in
AssignmentPath([AssignmentPathSegment(EvaluationOrder(null:1=1)(match):
user:7f672f5f-6b62-4b6c-ae0b-4a019b6b080c(a2a) -[]->
role:d8d9d435-afd8-419c-8440-80b814136245(rc1)),
AssignmentPathSegment(EvaluationOrder(null:2=2):
role:d8d9d435-afd8-419c-8440-80b814136245(rc1) -[]->
role:0d3cc94b-df06-42b3-80f1-ecf1f1d65e97(rc2)),
AssignmentPathSegment(EvaluationOrder(null:3=3):
role:0d3cc94b-df06-42b3-80f1-ecf1f1d65e97(rc2) -[]->
role:a94239b9-7a96-4926-a481-c7f7105e5b29(rc3)),
AssignmentPathSegment(EvaluationOrder(null:4=4):
role:a94239b9-7a96-4926-a481-c7f7105e5b29(rc3) -[]->
role:e342f9ae-a300-4ca2-9fe8-5c2b6fbe6bbd(rc4))])<br>
</tt></p>
<p>in it. <br>
</p>
<p>Not much readable at first sight, but it should give you an
indication which roles cause the conflict. In this case, the cycle
is caused by rc2 -> rc3 -> rc4 -> rc2 cycle, while
assigning rc1 (to user a2a), because rc1 points to rc2.</p>
<p>BTW, while replicating your problem I found out that we have a
bug in cycle detection: some cycles are not detected, resulting in
StackOverflowException being thrown (<a
href="https://jira.evolveum.com/browse/MID-3652">MID-3652</a>).
But this does not affect your case; you are lucky and your cycle
is (presumably) correctly caught by the checking code. Or maybe
this bug does really cause your problem? We might know better
after obtaining the diagnostic message mentioned above.<br>
</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 10.01.2017 0:43, Shawn McKinney
wrote:<br>
</div>
<blockquote
cite="mid:86B0245E-AC51-4BF1-8BCE-28EFF4BF3C2F@symas.com"
type="cite">
<pre wrap="">Hey Pavol, thanks for responding.
Pasting first the service, m1001, next the org, m1set, finally the admin role.
m1001:
<service xmlns:apti=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">"http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"</a> xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a> xmlns:gen780=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/debug">"http://prism.evolveum.com/xml/ns/public/debug"</a> xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a> xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a> xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a> xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a> oid="6aa02b86-6619-4be0-9268-1e875f9ef403" version="12" xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>
<name>m1001</name>
<description>Members will be user dn's who have access to this machine.</description>
<parentOrgRef oid="af5ea4a1-bd88-40de-978d-50a7c263d38e" type="c:OrgType"/>
<extension xmlns:gen885=<a class="moz-txt-link-rfc2396E" href="http://example.com/xml/ns/mySchema">"http://example.com/xml/ns/mySchema"</a>>
<gen885:gidNumber>5</gen885:gidNumber>
</extension>
<assignment id="2" xsi:type="c:AssignmentType">
<targetRef oid="af5ea4a1-bd88-40de-978d-50a7c263d38e" type="c:OrgType"/>
</assignment>
<assignment id="3" xsi:type="c:AssignmentType">
<targetRef oid="4340faa4-c635-47ce-96a6-03eb25bb3edf" type="c:RoleType"/>
</assignment>
<displayName>Set 1 Machine 001</displayName>
<identifier>m1</identifier>
</service>
m1set:
<org xmlns:apti=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">"http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"</a> xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a> xmlns:gen635=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/debug">"http://prism.evolveum.com/xml/ns/public/debug"</a> xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a> xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a> xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a> xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a> oid="af5ea4a1-bd88-40de-978d-50a7c263d38e" version="34" xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>
<name>m1set</name>
<description>Members are dn's of all ldap machine groups in set 1.</description>
<extension xmlns:gen897=<a class="moz-txt-link-rfc2396E" href="http://example.com/xml/ns/mySchema">"http://example.com/xml/ns/mySchema"</a>>
<gen897:gidNumber>13</gen897:gidNumber>
</extension>
<assignment id="1">
<targetRef oid="9c6d1dbe-1a87-11e5-b107-001e8c717e5b" type="c:RoleType"/>
</assignment>
<assignment id="2">
<targetRef oid="d10c1e42-7cda-44e0-9df9-45210194647b" type="c:OrgType"/>
</assignment>
<displayName>Machine Set 1</displayName>
<identifier>m1</identifier>
<orgType>machines</orgType>
</org>
role-admin:
<role xmlns:apti=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">"http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"</a> xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a> xmlns:gen635=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/debug">"http://prism.evolveum.com/xml/ns/public/debug"</a> xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a> xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a> xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a> xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a> oid="6aaaa771-3267-454f-b399-4a84ddfc78f8" version="44" xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>
<name>admin</name>
<description>Gives users root for all machines in selected set</description>
<assignment id="1">
<targetRef oid="15cdcbba-74ab-46d6-90e7-54e701a176be" type="c:RoleType"/>
</assignment>
<displayName>Machine Admin</displayName>
<authorization id="5">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#guiAll">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#guiAll</a></action>
</authorization>
<authorization id="4">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all</a></action>
<object>
<orgRelation>
<subjectRelation xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/org-3"</a>>org:manager</subjectRelation>
<includeReferenceOrg>true</includeReferenceOrg>
</orgRelation>
</object>
</authorization>
<authorization id="6">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action>
<object>
<type>OrgType</type>
<filter>
<q:or>
<q:equal>
<q:path>name</q:path>
<q:value>Machines-new</q:value>
</q:equal>
</q:or>
</filter>
</object>
</authorization>
<authorization id="7">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action>
<object>
<type>ShadowType</type>
</object>
<object>
<type>ResourceType</type>
</object>
<object>
<type>TaskType</type>
</object>
<object>
<type>RoleType</type>
</object>
<object>
<type>ServiceType</type>
</object>
</authorization>
<authorization id="8">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#add">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#add</a></action>
<object>
<type>UserType</type>
</object>
</authorization>
<approverExpression>
<description>Get user's managers (except the user itself)</description>
<script>
<code>
import com.evolveum.midpoint.prism.*
import com.evolveum.midpoint.prism.delta.*
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
ContainerDelta roleDelta = objectDelta.findContainerDelta(UserType.F_ASSIGNMENT);
Collection assignmnetsToModify = new ArrayList();
if (roleDelta != null){
if (roleDelta.getValuesToAdd() != null) {
assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
}
if (roleDelta.getValuesToReplace() != null) {
assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
}
if (roleDelta.getValuesToDelete() != null) {
assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
}
}
managers = []
for (PrismContainerValue assignment in assignmnetsToModify) {
AssignmentType ass = assignment.asContainerable();
if (ass.getTargetRef() != null && ass.getTargetRef().getOid().equals("6aaaa771-3267-454f-b399-4a84ddfc78f8")) {
if (ass.getOrgRef() != null) {
users = midpoint.getManagersOfOrg(ass.getOrgRef().getOid());
for (user in users){
managers.add(user.getOid())
}
}
}
}
return managers
</code>
</script>
</approverExpression>
<automaticallyApproved>
<description>If the user works in F0006 (Scumm Bar), the assignment of this role is automatically approved for him.</description>
<script>
<code>
import com.evolveum.midpoint.prism.*
import com.evolveum.midpoint.prism.delta.*
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
if (requester.getName().getOrig().equals("administrator")) {
return true
}
ContainerDelta roleDelta = objectDelta.findContainerDelta(UserType.F_ASSIGNMENT);
Collection assignmnetsToModify = new ArrayList();
if (roleDelta != null){
if (roleDelta.getValuesToAdd() != null) {
assignmnetsToModify.addAll(roleDelta.getValuesToAdd());
}
if (roleDelta.getValuesToReplace() != null) {
assignmnetsToModify.addAll(roleDelta.getValuesToReplace());
}
if (roleDelta.getValuesToDelete() != null) {
assignmnetsToModify.addAll(roleDelta.getValuesToDelete());
}
}
isManager = false
for (PrismContainerValue assignment in assignmnetsToModify) {
AssignmentType ass = assignment.asContainerable();
if (ass.getTargetRef() != null && ass.getTargetRef().getOid() != null) {
role = midpoint.getObject(RoleType.class, ass.getTargetRef().getOid())
if (role?.getName()?.getOrig()?.equals("admin")) {
if (ass.getOrgRef() != null) {
isManager = midpoint.isManagerOf(requester, midpoint.getOrgByOid(ass.getOrgRef().getOid()).getOid())
log.info('######is Manager : ' + isManager)
}
}
}
}
return isManager
</code>
</script>
</automaticallyApproved>
<roleType>access</roleType>
</role>
</pre>
<blockquote type="cite">
<pre wrap="">On Jan 9, 2017, at 8:01 AM, Pavol Mederly <a class="moz-txt-link-rfc2396E" href="mailto:mederly@evolveum.com"><mederly@evolveum.com></a> wrote:
Hello Shawn,
I would recommend looking at the possible role cycle that midPoint is complaining about.
Could you, please, paste here the definition of your "admin" role, including any roles/orgs/services it refers to (probably including m1001)?
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 02.01.2017 21:45, Shawn McKinney wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
we are attempting to upgrade our MP (test) instance from 3.4-SNAPSHOT to 3.5. Here is what I have done:
1. pulled (&built) midpoint.war using latest midpoint overlay, set its pom.xml dependencies as follows:
<dependencies>
<dependency>
<groupId>com.evolveum.midpoint.gui</groupId>
<artifactId>admin-gui</artifactId>
<version>3.5</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.evolveum.midpoint.gui</groupId>
<artifactId>admin-gui</artifactId>
<version>3.5</version>
<type>jar</type>
<classifier>classes</classifier>
<scope>compile</scope>
</dependency>
2. change env to use java 8
3. run the postgresql-upgrade-3.4-3.5.sql
4. change ldapconnector resource import to 1.4.3
<name>ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3</name>
<framework><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1</a></framework>
<connectorType>com.evolveum.polygon.connector.ldap.LdapConnector</connectorType>
<connectorVersion>1.4.3</connectorVersion>
5. clear out old identities, objects, connectors, resources, etc.
6. redeploy using latest midpoint generated on step #1
7. restart tomcat
8. everything seems fine until it processes resource file: 850-user-aM1Admin.xml where we get the following error in logs. Resource file contents follow stck trace.
Any ideas what is going wrong here?
Begin log trace:
2017-01-02 19:29:38,544 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport): Starting initial object import (if necessary).
2017-01-02 19:29:40,737 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport): Starting initial import of file 850-user-aM1Admin.xml.
2017-01-02 19:29:40,849 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.audit.log): 2017-01-02T19:29:40.841+0000 eid=1483385380841-0-1, et=ADD_OBJECT, es=REQUEST, sid=null, tid=1483385378544-0-1, toid=null, hid=null, I=null, T=FocusType:d4839bfa-6078-43c9-a5a8-61fe2a157faa({<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>}user), TO=null, D=[d4839bfa-6078-43c9-a5a8-61fe2a157faa:ADD], ch=<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init">http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</a>, o=null, p=null, m=
2017-01-02 19:29:41,686 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.audit.log): 2017-01-02T19:29:41.686+0000 eid=1483385381686-0-1, et=ADD_OBJECT, es=EXECUTION, sid=null, tid=1483385378544-0-1, toid=null, hid=null, I=null, T=FocusType:d4839bfa-6078-43c9-a5a8-61fe2a157faa({<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>}user), TO=null, D=[], ch=<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init">http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</a>, o=FATAL_ERROR, p=null, m=Attempt to assign <a class="moz-txt-link-freetext" href="service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)">service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)</a> creates a role cycle
2017-01-02 19:29:41,712 [] [localhost-startStop-1] ERROR (com.evolveum.midpoint.init.InitialDataImport): Couldn't import user:d4839bfa-6078-43c9-a5a8-61fe2a157faa(aM1Admin) from file 850-user-aM1Admin.xml: .
com.evolveum.midpoint.util.exception.PolicyViolationException: Attempt to assign <a class="moz-txt-link-freetext" href="service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)">service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)</a> creates a role cycle
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:306) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluate(AssignmentEvaluator.java:222) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.evaluateAssignment(AssignmentProcessor.java:1057) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjectionsWithFocus(AssignmentProcessor.java:443) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjections(AssignmentProcessor.java:191) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocusFocus(FocusProcessor.java:249) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocus(FocusProcessor.java:163) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.Projector.projectInternal(Projector.java:214) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.projector.Projector.project(Projector.java:112) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:311) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:221) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:575) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:371) ~[model-impl-3.5.jar:na]
at com.evolveum.midpoint.init.InitialDataImport.importObject(InitialDataImport.java:189) [classes/:na]
at com.evolveum.midpoint.init.InitialDataImport.init(InitialDataImport.java:132) [classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1706) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1645) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) [spring-beans-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) [spring-context-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) [spring-context-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4793) [catalina.jar:8.0.29]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5236) [catalina.jar:8.0.29]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:8.0.29]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) [catalina.jar:8.0.29]
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) [catalina.jar:8.0.29]
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) [catalina.jar:8.0.29]
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945) [catalina.jar:8.0.29]
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1795) [catalina.jar:8.0.29]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_111]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
2017-01-02 19:29:41,716 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport):
*op* com.evolveum.midpoint.init.InitialDataImport.importObject, st: FATAL_ERROR, msg: Attempt to assign <a class="moz-txt-link-freetext" href="service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)">service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)</a> creates a role cycle
[cause]PolicyViolationException:Attempt to assign <a class="moz-txt-link-freetext" href="service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)">service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001)</a> creates a role cycle
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:306)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:717)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentTarget(AssignmentEvaluator.java:754)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:367)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignment(AssignmentEvaluator.java:279)
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluate(AssignmentEvaluator.java:222)
com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.evaluateAssignment(AssignmentProcessor.java:1057)
com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjectionsWithFocus(AssignmentProcessor.java:443)
com.evolveum.midpoint.model.impl.lens.projector.AssignmentProcessor.processAssignmentsProjections(AssignmentProcessor.java:191)
com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocusFocus(FocusProcessor.java:249)
com.evolveum.midpoint.model.impl.lens.projector.FocusProcessor.processFocus(FocusProcessor.java:163)
com.evolveum.midpoint.model.impl.lens.projector.Projector.projectInternal(Projector.java:214)
com.evolveum.midpoint.model.impl.lens.projector.Projector.project(Projector.java:112)
com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:311)
com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:221)
com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:575)
com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:371)
com.evolveum.midpoint.init.InitialDataImport.importObject(InitialDataImport.java:189)
com.evolveum.midpoint.init.InitialDataImport.init(InitialDataImport.java:132)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1706)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1645)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4793)
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5236)
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945)
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1795)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
*op* com.evolveum.midpoint.model.api.ModelService.getObject, st: FATAL_ERROR, MINOR, msg: Object of type 'UserType' with oid 'd4839bfa-6078-43c9-a5a8-61fe2a157faa' was not found.
[p]options=[ObjectOperationOptions(null: GetOperationOptions(allowNotFound))]
[p]oid=d4839bfa-6078-43c9-a5a8-61fe2a157faa
[p]class=com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
[cause]ObjectNotFoundException:Object of type 'UserType' with oid 'd4839bfa-6078-43c9-a5a8-61fe2a157faa' was not found.
The entire resource file is as follows:
850-user-aM1Admin.xml
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a>
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a>
oid="d4839bfa-6078-43c9-a5a8-61fe2a157faa"
version="1">
<name>aM1Admin</name>
<description>Admin access to machines in set 1</description>
<fullName>M1 Admin</fullName>
<givenName>M1</givenName>
<familyName>Admin</familyName>
<assignment>
<targetRef type="RoleType" >
<filter>
<q:equal>
<q:path>name</q:path>
<q:value>admin</q:value>
</q:equal>
</filter>
</targetRef>
<orgRef type="OrgType">
<filter>
<q:equal>
<q:path>name</q:path>
<q:value>m1set</q:value>
</q:equal>
</filter>
</orgRef>
</assignment>
<credentials>
<password>
<value>
<t:clearValue>secret</t:clearValue>
</value>
</password>
</credentials>
</user>
Thanks,
Shawn
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>