<div dir="ltr"><div>Hello,<br></div><div>Please help me understand what is wrong.<br></div><div>I have role which assign a group to OpenLdap resource acount. Also I have resource with expresion which dynamical calculates Distinguished Name and has dependency on source attribute "Locality". Also I expand ldap resource schema with memberOf attribute.<br></div><div>When I change Locality attribute I get an error <br>InvalidAttributeValueException: Error modifying LDAP entry cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test: [remove:member: uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]: noSuchAttribute: (16)<br></div><div><br></div>I can't understand why I got this error if resource account was modified successfuly as I want.<br><div><div><div><div><br> <displayName>TestRole_forMidpoint</displayName><br> <inducement id="5"><br> <construction><br> <resourceRef oid="00000000-0004-0000-0000-00000000004"<br> relation="org:default"<br> type="c:ResourceType"><!-- myOpenLDAP4 --></resourceRef><br> <association><br> <c:ref>ri:Group</c:ref><br> <outbound><br> <expression><br> <associationTargetSearch xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"<br> xsi:type="c:SearchObjectExpressionEvaluatorType"><br> <filter><br> <q:equal><br> <q:path>declare namespace icfs='<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>'; declare namespace ri='<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>'; attributes/ri:cn</q:path><br> <q:value>TestRole_forMidpoint_2</q:value><br> </q:equal><br> </filter><br> <searchOnResource>true</searchOnResource><br> </associationTargetSearch><br> </expression><br> </outbound><br> </association><br> </construction><br> </inducement><br><br> <attribute><br> <c:ref>ri:dn</c:ref><br> <displayName>Distinguished Name</displayName><br> <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:distinguishedName</matchingRule><br> <outbound><br> <strength>strong</strength><br> <source><br> <c:path>$user/name</c:path><br> </source><br> <source><br> <c:path>$user/description</c:path><br> </source><br> <source><br> <c:path>$user/locality</c:path><br> </source><br> <expression><br> <script xsi:type="c:ScriptExpressionEvaluatorType"><br> <code><br> String rightPartOfDN=",ou=InternalUsers,ou=Users,ou=LV";<br> String dc=",dc=dyninno,dc=test";<br> if(name!=null && description!=null && locality!=null){<br> if(locality.toString().equalsIgnoreCase("RIX") && description.toString().contains("Agent")){<br> rightPartOfDN=",ou=Agents,ou=Users,ou=LV";<br> }<br> if(locality.toString().equalsIgnoreCase("KIV") && description.toString().contains("Agent")){<br> rightPartOfDN=",ou=Agents,ou=Users,ou=MD";<br> }<br> }<br> return "uid=" + name.toString() + iterationToken + rightPartOfDN+dc;<br> </code><br> </script><br> </expression><br> </outbound><br> </attribute><br><br><br><br>2017-09-27 13:59:42,925 [] [Thread-24] WARN (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15, cannot determine if it is binary<br>2017-09-27 13:59:42,939 [] [Thread-23] WARN (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): The resource: myOpenLDAP4 (OID:00000000-0004-0000-0000-00000000004) does not provide definition for null value of simulated activation attribute<br>2017-09-27 13:59:43,893 [] [Thread-23] WARN (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15, cannot determine if it is binary<br>2017-09-27 13:59:44,410 [] [Thread-23] WARN (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.15, cannot determine if it is binary<br>2017-09-27 13:59:44,712 [] [Thread-23] WARN (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.12, cannot determine if it is binary<br>2017-09-27 13:59:45,077 [] [Thread-23] WARN (com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator): method: null msg:Uknown attribute 1.3.6.1.4.1.1466.115.121.1.12, cannot determine if it is binary<br>2017-09-27 13:59:45,120 [] [Thread-23] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId Exception org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException in connector:cb288b2c-1e5f-4b78-924e-a215b723137d(ConnId com.evolveum.polygon.connector.ldap.LdapConnector v1.4.5): ConnectorSpec(object:00000000-0004-0000-0000-00000000004(myOpenLDAP4), name=null, oid=cb288b2c-1e5f-4b78-924e-a215b723137d) while removing attribute values from object identified by ConnId UID '57ef6422-32fa-1037-9380-3b12ae02d26c': Error modifying LDAP entry cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test: [remove:member: uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]: noSuchAttribute: (16)<br>org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException: Error modifying LDAP entry cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test: [remove:member: uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]: noSuchAttribute: (16)<br> at com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:455) ~[connector-ldap-1.4.5.jar:na]<br> at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:1119) ~[connector-ldap-1.4.5.jar:na]<br> at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:1110) ~[connector-ldap-1.4.5.jar:na]<br> at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdateAttempt(AbstractLdapConnector.java:1060) ~[connector-ldap-1.4.5.jar:na]<br> at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:1019) ~[connector-ldap-1.4.5.jar:na]<br> at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.removeAttributeValues(AbstractLdapConnector.java:990) ~[connector-ldap-1.4.5.jar:na]<br> at org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.removeAttributeValues(UpdateImpl.java:171) ~[connector-framework-internal-1.4.2.35.jar:na]<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]<br> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]<br> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]<br> at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98) ~[connector-framework-internal-1.4.2.35.jar:na]<br> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source) ~[na:na]<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]<br> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]<br> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]<br> at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) ~[connector-framework-internal-1.4.2.35.jar:na]<br> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source) ~[na:na]<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]<br> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]<br> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]<br> at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) ~[connector-framework-internal-1.4.2.35.jar:na]<br> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source) ~[na:na]<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]<br> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]<br> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]<br> at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) ~[connector-framework-internal-1.4.2.35.jar:na]<br> at com.sun.proxy.$Proxy184.removeAttributeValues(Unknown Source) ~[na:na]<br> at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.removeAttributeValues(AbstractConnectorFacade.java:225) ~[connector-framework-internal-1.4.2.35.jar:na]<br> at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1843) ~[ucf-impl-connid-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1253) ~[model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1240) ~[model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:479) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:327) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:203) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:569) ~[model-impl-3.6.jar:na]<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]<br> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]<br> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]<br> at org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507) ~[wicket-ioc-7.6.0.jar:7.6.0]<br> at com.sun.proxy.$Proxy156.executeChanges(Unknown Source) ~[na:na]<br> at com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187) ~[classes/:na]<br> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]<br>2017-09-27 13:59:45,129 [] [Thread-23] ERROR (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter): Error while modifying entitlement ProvisioningContext(for RSD(entitlement (Group) @00000000-0004-0000-0000-00000000004) in object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)) of ProvisioningContext(for shadow:9873b7ed-3679-4a66-9445-344e9b52dd34(uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test) in object:00000000-0004-0000-0000-00000000004(myOpenLDAP4)): Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test: [remove:member: uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]: noSuchAttribute: (16))<br>com.evolveum.midpoint.util.exception.SchemaException: Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test: [remove:member: uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]: noSuchAttribute: (16))<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:797) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlements(ResourceObjectConverter.java:1165) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeEntitlementChangesModify(ResourceObjectConverter.java:1112) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:612) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:684) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:679) [provisioning-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1397) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1281) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:812) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:308) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:481) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1253) ~[model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.LensUtil.partialExecute(LensUtil.java:1240) ~[model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:479) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:327) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:203) [model-impl-3.6.jar:na]<br> at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:569) ~[model-impl-3.6.jar:na]<br> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131]<br> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131]<br> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131]<br> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131]<br> at org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507) ~[wicket-ioc-7.6.0.jar:7.6.0]<br> at com.sun.proxy.$Proxy156.executeChanges(Unknown Source) ~[na:na]<br> at com.evolveum.midpoint.web.component.progress.ProgressReporter.lambda$executeChangesAsync$0(ProgressReporter.java:187) ~[classes/:na]<br> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_131]<br>Caused by: com.evolveum.midpoint.util.exception.SchemaException: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry cn=TestRole_forMidpoint_2,ou=InternalGroups,ou=Groups,ou=MD,dc=dyninno,dc=test: [remove:member: uid=Oleksandr.Nekriach,ou=Agents,ou=Users,ou=MD,dc=dyninno,dc=test,]: noSuchAttribute: (16))<br> at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.lookForKnownCause(ConnIdUtil.java:352) ~[ucf-impl-connid-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processIcfException(ConnIdUtil.java:215) ~[ucf-impl-connid-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1850) ~[ucf-impl-connid-3.6.jar:na]<br> at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:765) [provisioning-impl-3.6.jar:na]<br> ... 24 common frames omitted<br><br><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(76,76,76)">Best regards, <br><br>Oleksandr Nekriach | Identity and access management engineer <br><br>Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia <br><br><div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>, <div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div> | <div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div> <br><br><img src="cid:o.nekriach@dynatech.lv1502777022855-7770"> <br><br>Stay connected: <br><div style="display:inline-block;margin:5px 5px 0px 0px"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:o.nekriach@dynatech.lv1502777022855-7771"></a></div><div style="display:inline-block;margin:5px 0px 0px"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:o.nekriach@dynatech.lv1502777022855-7772"></a></div><br><br><span style="font-size:11px;color:rgb(161,161,161)">Confidentiality
Notice: This message contains confidential information and is intended
only for the named recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses.</span></span></div></div></div></div>
</div></div></div></div></div>