<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Hello Dilek,<br></div><div>please see my answers in the text below:<br></div><div><br></div><hr id="zwchr"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Dilek Gider" <dilek.gider@basistek.com><br><b>To: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>Sent: </b>Wednesday, March 15, 2017 9:01:49 AM<br><b>Subject: </b>Re: [midPoint] Create Users from Midpoint to AD<br><div><br></div><div dir="ltr">Hi Ivan, <div><br></div><div>I will reply all of your questions, but it is clear that I want to create users from midpoint to AD.</div><div>I don't know how to do this, I only created users from HR db to midpoint successfully, and then try to add new resource for AD.</div><div><br></div><div>1. I supposed that this reaction goes to AD and it will create user on AD with #addUser</div></div></blockquote><div>Quite the opposite. The reactions in the synchronization part are reactions what midPoint should do if there are new accounts created in the AD. To detect locally created accounts for example.<br></div><div>AddUser action means, midPoint should take the AD account and create new USER in midPoint.<br></div><div>This is completely opposite way of what you want. You want to create AD account from midPoint user. For that you don't need the inbounds and you don't need the addUser reaction.<br></div><div><br></div><div>The quick fix would be to comment out the #addUser reaction.<br></div><div>But I believe your problem lies in the correlation rule. It is completely incorrect. MidPoint creates a new account and tries to lookup the user in midPoint by searching by name which is equal to icfs:uid. AD LDAP connector does not even have such attribute. Your correlation rule should be based on $account/attributes/ri:sAMAccountName vs. c:name, because that's exactly how you create the account.<br></div><div><br></div><div>So, you need to fix the correlation rule, because now it's incorrect. And remove the #adduser reaction for unmatched.<br></div><div><br></div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div dir="ltr"><div><br></div><div>2. I didn't add inbounds becaus I don't want to create users in midpoint with this connector. I have another connector scripttedsql and I'm creating users with it.</div><div><br></div><div>3. Which object template? </div></div></blockquote><div><br></div><div>I don't know your setup, but according to the error message I assumed there was some default object template. But the problem (as far as I can see) is in the synchronization part.<br></div><div><br></div><div>Ivan<br></div><div><br></div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div dir="ltr"><div><br></div><div>I am running task to create users from midpoint to AD by setting schema handling outbounds. </div><div><br></div><div>Thank you for your reply, I think I am confused too, and I don't know how to do this sync.<br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 14, 2017 at 9:10 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank" data-mce-href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex" data-mce-style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;"><div><p>Hi,</p>I'm confused.<br> You say you create users in AD from midpoint. For that you only need outbound mappings, which you seem to have.<br> But the screenshot is from "ADSynchronization" task, which is clearly synchronization task. And the task is complaining, because:<br><br> 1. you have this in the synchronization for accounts:<br> <reaction><br> <situation>unmatched</situation><br> <synchronize>true</synchronize><br> <action><br> <handlerUri><a class="m_641292739869619595moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser" target="_blank" data-mce-href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser">http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser</a></handlerUri><br> </action><br> </reaction><br><br> So midpoint tries to create new USER from account.<br><br> 2. there are no inbounds<br> So midpoint cannot create user.<br><br> 3. object template does not have any rule how to generate user/name attribute.<br> Poor midpoint does not have anything to do.<br><br> The question is, why are you running the task with no inbounds but #addUser reaction for unmatched...?<br><br> Regards,<br> Ivan<br><br><div class="m_641292739869619595moz-cite-prefix">On 03/14/2017 04:27 PM, Dilek Gider wrote:<br></div><blockquote><div dir="ltr">Hi All,<div><br></div><div>I want to create users in AD from Midpoint. I have trusted resource in HR DB, I can take users to Midpoint. I want to send these users to AD. So, I have created new Resource, attached as attachment. I am working on it for two weeks, and couldn't succeded.</div><div><br></div><div>Now, I can take all AD users to midpoint with correlation, but it gives error like below and no users created on AD. I only set outbound attributes in SchemaHandling.</div><div><br></div><div><img src="cid:part1.C19758C8.C7A71998@evolveum.com" alt="Inline image 1" style="margin-right:0px" data-mce-src="cid:part1.C19758C8.C7A71998@evolveum.com" data-mce-style="margin-right: 0px;" height="242" width="414"><br></div><div><i><span data-mce-style="font-size: xx-small;" style="font-size: xx-small;"><br> </span></i></div><div><div id="m_641292739869619595gmail_kxlmdy4ni0iz" style="display:inline-block" data-mce-style="display: inline-block;"><div><i><span data-mce-style="font-size: xx-small;" style="font-size: xx-small;">SystemException: No name in new object null as produced by template null in iteration 0, we cannot process an object without a name</span></i></div><div><br></div></div></div><div><br></div><div>I'm afraid of if there is no syncronization from midpoint to AD?</div><div><br></div><div>Thank you...</div><div><br></div><div>Dilek.</div></div><br><br><pre>_______________________________________________
midPoint mailing list
<a class="m_641292739869619595moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" data-mce-href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><a class="m_641292739869619595moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" data-mce-href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span class="HOEnZb"><span data-mce-style="color: #888888;" style="color: #888888;">
</span></span></pre><span class="HOEnZb"><span data-mce-style="color: #888888;" style="color: #888888;"> </span></span></blockquote><span class="HOEnZb"><span class="HOEnZb"><span data-mce-style="color: #888888;" style="color: #888888;"> <br></span></span></span><pre class="m_641292739869619595moz-signature">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank" data-mce-href="http://evolveum.com">evolveum.com</a><br data-mce-bogus="1"></pre></div><br>_______________________________________________<br> midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank" data-mce-href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank" data-mce-href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br><br></blockquote></div><br></div></div></div><br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>http://lists.evolveum.com/mailman/listinfo/midpoint<br></blockquote><div><br><br></div><div><br></div><div>-- <br></div><div><span name="x"></span>Ivan Noris<br>Senior Identity Engineer<br>evolveum.com<span name="x"></span><br></div></div></body></html>