<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>from midpoint common schema:</p>
<p> <xsd:element
name="explicitReferentialIntegrity" type="xsd:boolean"
minOccurs="0" default="true"><br>
<xsd:annotation><br>
<xsd:documentation><br>
Whether you require midPoint to
provide referential integrity for object-to-subject associations.<br>
<br>
Used for resources that do not
provide referential integrity by themselves, e.g. for OpenDJ with<br>
default settings (i.e. with
referential integrity plugin turned off).<br>
<br>
For resources having referential
integrity, e.g. for Active Directory, set this parameter to false.<br>
</xsd:documentation><br>
</xsd:annotation><br>
</xsd:element><br>
</p>
<p>As turning OFF (false) helped, your directory server must have
been configured to update group membership according to the DN
change. And that collided with midPoint behaviour.</p>
<p>Typically you have to turn this off (set to false) for Active
Directory.</p>
<p>FYI: our OpenLDAP installation and configuration wiki:
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/OpenLDAP+Installation+and+Configuration">https://wiki.evolveum.com/display/midPoint/OpenLDAP+Installation+and+Configuration</a>
mentions how to turn referential integrity for OpenLDAP...<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 28.09.2017 11:19, Oleksandr Nekriach
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANb693QyxC_zUHQZhK926Bic2gO=W86hb2rF1qFg5ZtRJ44Cvw@mail.gmail.com">
<div dir="ltr">
<div>
<div>
<div>Hello Ivan,<br>
<br>
</div>
Thank you for help!<br>
</div>
I turned off explicitReferentialIntegrity and this solved my
problem.<br>
</div>
What does this setting mean? <br>
<div><br>
</div>
<div>Best regards, Oleksandr<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-09-27 18:07 GMT+03:00 Ivan Noris <span
dir="ltr"><<a href="mailto:ivan.noris@evolveum.com"
target="_blank" moz-do-not-send="true">ivan.noris@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>AFAIK memberof overlay is to compute "memberof"
attribute of the LDAP account. But your exception comes
from group modification: Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=<wbr>InternalGroups,ou=Groups,ou=<wbr>MD,dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=<wbr>Agents,ou=Users,ou=MD,dc=<wbr>dyninno,dc=test,]:
noSuchAttribute: (16)</p>
<p>My first guess was that you have "refint" module and
corresponding overlay activated on OpenLDAP side. If you
are really not using OpenLDAP's referential integrity,
then it should work as it is configured. You have even
configured "usePermissiveModify"...</p>
<p>I remember when I was playing with referential
integrity, if I renamed account in LDAP (through mp) and
it failed with similar error, but the group membership
was still correct after this operation (showing renamed
account), the problem was that LDAP server was doing the
referential integrity automatically and I needed to turn
off explicitReferentialIntegrity in association
configuration.<br>
</p>
<p>No more ideas yet.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<div>
<div class="h5"> <br>
<div class="m_-5149397472462509650moz-cite-prefix">On
27.09.2017 16:16, Oleksandr Nekriach wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Ivan,<br>
</div>
We have added to OpenLdap memberOf overlay (see
config below). But I don't sure that is good idea
to remove it. Do you have some idea?<br>
<br>
dn: cn=module{2},cn=config<br>
cn: module{2}<br>
changetype: modify<br>
objectClass: olcModuleList<br>
olcModuleLoad: memberof<br>
olcModulePath: /usr/lib/ldap<br>
<br>
dn: olcOverlay={0}memberof,<wbr>olcDatabase={1}mdb,cn=config<br>
objectClass: olcConfig<br>
objectClass: olcMemberOf<br>
objectClass: olcOverlayConfig<br>
objectClass: top<br>
olcOverlay: memberof<br>
olcMemberOfDangling: ignore<br>
olcMemberOfRefInt: TRUE<br>
olcMemberOfGroupOC: groupOfNames<br>
olcMemberOfMemberAD: member<br>
olcMemberOfMemberOfAD: memberOf<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-09-27 15:49
GMT+03:00 Ivan Noris <span dir="ltr"><<a
href="mailto:ivan.noris@evolveum.com"
target="_blank" moz-do-not-send="true">ivan.noris@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>you have association set with
explicitReferentialIntegrity, that means
midpoint will update group membership if
user DN changes. Could this collide with
your OpenLDAP refint overlay (or whatever
is the name for automatic referential
integrity)?<br>
</p>
I
<div>
<div class="m_-5149397472462509650h5"><br>
<br>
<div
class="m_-5149397472462509650m_2017915729427977816moz-cite-prefix">On
27.09.2017 13:28, Oleksandr Nekriach
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="m_-5149397472462509650h5">
<div dir="ltr">
<div>Hello,<br>
</div>
<div>Please help me understand what
is wrong.<br>
</div>
<div>I have role which assign a
group to OpenLdap resource acount.
Also I have resource with
expresion which dynamical
calculates Distinguished Name and
has dependency on source
attribute "Locality". Also I
expand ldap resource schema with
memberOf attribute.<br>
</div>
<div>When I change Locality
attribute I get an error <br>
InvalidAttributeValueException<wbr>:
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16)<br>
</div>
<div><br>
</div>
I can't understand why I got this
error if resource account was
modified successfuly as I want.<br>
<div>
<div>
<div>
<div><br>
<displayName>TestRole_forMidpo<wbr>int</displayName><br>
<inducement id="5"><br>
<construction><br>
<resourceRef
oid="00000000-0004-0000-0000-0<wbr>0000000004"<br>
relation="org:default"<br>
type="c:ResourceType"><!--
myOpenLDAP4
--></resourceRef><br>
<association><br>
<c:ref>ri:Group</c:ref><br>
<outbound><br>
<expression><br>
<associationTargetSearch
xmlns:xsi="<a
href="http://www.w3.org/2001/XMLSchema-instance"
target="_blank"
moz-do-not-send="true">http://www.w3.org/2<wbr>001/XMLSchema-instance</a>"<br>
<wbr>
xsi:type="c:SearchObjectExpres<wbr>sionEvaluatorType"><br>
<filter><br>
<q:equal><br>
<q:path>declare
namespace icfs='<a
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum<wbr>.com/xml/ns/public/connector/<wbr>icf-1/resource-schema-3</a>';
declare namespace ri='<a
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum.c<wbr>om/xml/ns/public/resource/inst<wbr>ance-3</a>';
attributes/ri:cn</q:path><br>
<q:value>TestRole_forMidpoint_<wbr>2</q:value><br>
</q:equal><br>
</filter><br>
<searchOnResource>true</search<wbr>OnResource><br>
</associationTargetSearch><br>
</expression><br>
</outbound><br>
</association><br>
</construction><br>
</inducement><br>
<br>
<attribute><br>
<c:ref>ri:dn</c:ref><br>
<displayName>Distinguished
Name</displayName><br>
<matchingRule
xmlns:mr="<a
href="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
target="_blank"
moz-do-not-send="true">http://prism.evolveu<wbr>m.com/xml/ns/public/matching-<wbr>rule-3</a>">mr:distinguishedName</<wbr>matchingRule><br>
<outbound><br>
<strength>strong</strength><br>
<source><br>
<c:path>$user/name</c:path><br>
</source><br>
<source><br>
<c:path>$user/description</c:p<wbr>ath><br>
</source><br>
<source><br>
<c:path>$user/locality</c:path<wbr>><br>
</source><br>
<expression><br>
<script
xsi:type="c:ScriptExpressionEv<wbr>aluatorType"><br>
<code><br>
String
rightPartOfDN=",ou=InternalUse<wbr>rs,ou=Users,ou=LV";<br>
String
dc=",dc=dyninno,dc=test";<br>
if(name!=null
&&
description!=null
&&
locality!=null){<br>
if(locality.toString().equalsI<wbr>gnoreCase("RIX")
&&
description.toString().contain<wbr>s("Agent")){<br>
rightPartOfDN=",ou=Agents,ou=U<wbr>sers,ou=LV";<br>
}<br>
if(locality.toString().equalsI<wbr>gnoreCase("KIV")
&&
description.toString().contain<wbr>s("Agent")){<br>
rightPartOfDN=",ou=Agents,ou=U<wbr>sers,ou=MD";<br>
}<br>
}<br>
return "uid=" +
name.toString() +
iterationToken +
rightPartOfDN+dc;<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
</attribute><br>
<br>
<br>
<br>
2017-09-27 13:59:42,925 []
[Thread-24] WARN
(com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown
attribute
1.3.6.1.4.1.1466.115.121.1.15,
cannot determine if it is
binary<br>
2017-09-27 13:59:42,939 []
[Thread-23] WARN
(com.evolveum.midpoint.provisi<wbr>oning.impl.ResourceObjectConve<wbr>rter):
The resource: myOpenLDAP4
(OID:00000000-0004-0000-0000-0<wbr>0000000004)
does not provide definition
for null value of simulated
activation attribute<br>
2017-09-27 13:59:43,893 []
[Thread-23] WARN
(com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown
attribute
1.3.6.1.4.1.1466.115.121.1.15,
cannot determine if it is
binary<br>
2017-09-27 13:59:44,410 []
[Thread-23] WARN
(com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown
attribute
1.3.6.1.4.1.1466.115.121.1.15,
cannot determine if it is
binary<br>
2017-09-27 13:59:44,712 []
[Thread-23] WARN
(com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown
attribute
1.3.6.1.4.1.1466.115.121.1.12,
cannot determine if it is
binary<br>
2017-09-27 13:59:45,077 []
[Thread-23] WARN
(com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown
attribute
1.3.6.1.4.1.1466.115.121.1.12,
cannot determine if it is
binary<br>
2017-09-27 13:59:45,120 []
[Thread-23] ERROR
(com.evolveum.midpoint.provisi<wbr>oning.ucf.impl.connid.ConnIdUt<wbr>il):
ConnId Exception
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException
in
connector:cb288b2c-1e5f-4b78-9<wbr>24e-a215b723137d(ConnId
com.evolveum.polygon.connector<wbr>.ldap.LdapConnector v1.4.5):
ConnectorSpec(object:00000000-<wbr>0004-0000-0000-00000000004(myO<wbr>penLDAP4),
name=null,
oid=cb288b2c-1e5f-4b78-924e-a2<wbr>15b723137d)
while removing attribute
values from object
identified by ConnId UID
'57ef6422-32fa-1037-9380-3b12a<wbr>e02d26c':
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16)<br>
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException:
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16)<br>
at
com.evolveum.polygon.connector<wbr>.ldap.LdapUtil.processLdapResu<wbr>lt(LdapUtil.java:455)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.<a
href="http://ldap.AbstractLdapConnector.pr" moz-do-not-send="true">ldap.AbstractLdapConnector.pr</a><wbr>ocessModifyResult(AbstractLdap<wbr>Connector.java:1119)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.ldap.AbstractLdapConnector.<wbr>modify(AbstractLdapConnector.<wbr>java:1110)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.ldap.AbstractLdapConnector.ld<wbr>apUpdateAttempt(AbstractLdapCo<wbr>nnector.java:1060)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.ldap.AbstractLdapConnector.ld<wbr>apUpdate(AbstractLdapConnector<wbr>.java:1019)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.<a
href="http://ldap.AbstractLdapConnector.re" moz-do-not-send="true">ldap.AbstractLdapConnector.re</a><wbr>moveAttributeValues(AbstractLd<wbr>apConnector.java:990)
~[connector-ldap-1.4.5.jar:na]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.local.operations.<wbr>UpdateImpl.removeAttributeValu<wbr>es(UpdateImpl.java:171)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at
java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.local.operations.C<wbr>onnectorAPIOperationRunnerProx<wbr>y.invoke(ConnectorAPIOperation<wbr>RunnerProxy.java:98)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at
java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.local.operations.T<wbr>hreadClassLoaderManagerProxy.i<wbr>nvoke(ThreadClassLoaderManager<wbr>Proxy.java:96)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at
java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.DelegatingTimeoutP<wbr>roxy.invoke(DelegatingTimeoutP<wbr>roxy.java:99)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at
java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.LoggingProxy.<wbr>invoke(LoggingProxy.java:83)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.AbstractConnectorF<wbr>acade.removeAttributeValues(Ab<wbr>stractConnectorFacade.java:225<wbr>)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.Connector<wbr>InstanceConnIdImpl.modifyObjec<wbr>t(ConnectorInstanceConnIdImpl.<wbr>java:1843)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeModify(ResourceObje<wbr>ctConverter.java:765)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlements(Resour<wbr>ceObjectConverter.java:1165)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlementChangesM<wbr>odify(ResourceObjectConverter.<wbr>java:1112)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.modifyResourceObject(Resou<wbr>rceObjectConverter.java:612)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ShadowCache.modifySh<wbr>adow(ShadowCache.java:684)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ProvisioningServiceI<wbr>mpl.modifyObject(ProvisioningS<wbr>erviceImpl.java:679)
[provisioning-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.modifyP<wbr>rovisioningObject(ChangeExecut<wbr>or.java:1397)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Modification(ChangeExecutor.<wbr>java:1281)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Delta(ChangeExecutor.java:812)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Changes(ChangeExecutor.java:<wbr>308)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.lambda$proce<wbr>ssSecondary$0(Clockwork.java:<wbr>481)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1253)
~[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1240)
~[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.processSecon<wbr>dary(Clockwork.java:479)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.click(Clockw<wbr>ork.java:327)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.run(Clockwor<wbr>k.java:203)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.controller.ModelController.<wbr>executeChanges(ModelController<wbr>.java:569)
~[model-impl-3.6.jar:na]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at
java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.apache.wicket.proxy.LazyIn<wbr>itProxyFactory$JdkHandler.<wbr>invoke(LazyInitProxyFactory.<wbr>java:507)
~[wicket-ioc-7.6.0.jar:7.6.0]<br>
at
com.sun.proxy.$Proxy156.execut<wbr>eChanges(Unknown
Source) ~[na:na]<br>
at
com.evolveum.midpoint.web.comp<wbr>onent.progress.ProgressReporte<wbr>r.lambda$executeChangesAsync$<wbr>0(ProgressReporter.java:187)
~[classes/:na]<br>
at
java.lang.Thread.run(Thread.ja<wbr>va:748)
~[na:1.8.0_131]<br>
2017-09-27 13:59:45,129 []
[Thread-23] ERROR
(com.evolveum.midpoint.provisi<wbr>oning.impl.ResourceObjectConve<wbr>rter):
Error while modifying
entitlement
ProvisioningContext(for
RSD(entitlement (Group)
@00000000-0004-0000-0000-00000<wbr>000004)
in
object:00000000-0004-0000-0000<wbr>-00000000004(myOpenLDAP4))
of ProvisioningContext(for
shadow:9873b7ed-3679-4a66-9445<wbr>-344e9b52dd34(uid=Oleksandr.<wbr>Nekriach,ou=Agents,ou=Users,<wbr>ou=MD,dc=dyninno,dc=test)
in
object:00000000-0004-0000-0000<wbr>-00000000004(myOpenLDAP4)):
Schema violation: Invalid
attribute:
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16))<br>
com.evolveum.midpoint.util.exc<wbr>eption.SchemaException: Schema
violation: Invalid
attribute:
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16))<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeModify(ResourceObje<wbr>ctConverter.java:797)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlements(Resour<wbr>ceObjectConverter.java:1165)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlementChangesM<wbr>odify(ResourceObjectConverter.<wbr>java:1112)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.modifyResourceObject(Resou<wbr>rceObjectConverter.java:612)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ShadowCache.modifySh<wbr>adow(ShadowCache.java:684)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ProvisioningServiceI<wbr>mpl.modifyObject(ProvisioningS<wbr>erviceImpl.java:679)
[provisioning-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.modifyP<wbr>rovisioningObject(ChangeExecut<wbr>or.java:1397)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Modification(ChangeExecutor.<wbr>java:1281)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Delta(ChangeExecutor.java:812)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Changes(ChangeExecutor.java:<wbr>308)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.lambda$proce<wbr>ssSecondary$0(Clockwork.java:<wbr>481)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1253)
~[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1240)
~[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.processSecon<wbr>dary(Clockwork.java:479)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.click(Clockw<wbr>ork.java:327)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.run(Clockwor<wbr>k.java:203)
[model-impl-3.6.jar:na]<br>
at <a
href="http://com.evolveum.midpoint.model.im"
moz-do-not-send="true">com.evolveum.midpoint.model.im</a><wbr>pl.controller.ModelController.<wbr>executeChanges(ModelController<wbr>.java:569)
~[model-impl-3.6.jar:na]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at
java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.apache.wicket.proxy.LazyIn<wbr>itProxyFactory$JdkHandler.<wbr>invoke(LazyInitProxyFactory.<wbr>java:507)
~[wicket-ioc-7.6.0.jar:7.6.0]<br>
at
com.sun.proxy.$Proxy156.execut<wbr>eChanges(Unknown
Source) ~[na:na]<br>
at
com.evolveum.midpoint.web.comp<wbr>onent.progress.ProgressReporte<wbr>r.lambda$executeChangesAsync$<wbr>0(ProgressReporter.java:187)
~[classes/:na]<br>
at
java.lang.Thread.run(Thread.ja<wbr>va:748)
~[na:1.8.0_131]<br>
Caused by:
com.evolveum.midpoint.util.exc<wbr>eption.SchemaException:
Invalid attribute:
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16))<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.ConnIdUti<wbr>l.lookForKnownCause(ConnIdUtil<wbr>.java:352)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.ConnIdUti<wbr>l.processIcfException(ConnIdUt<wbr>il.java:215)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.Connector<wbr>InstanceConnIdImpl.modifyObjec<wbr>t(ConnectorInstanceConnIdImpl.<wbr>java:1850)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeModify(ResourceObje<wbr>ctConverter.java:765)
[provisioning-impl-3.6.jar:na]<br>
... 24 common frames
omitted<br>
<br>
<br>
-- <br>
<div
class="m_-5149397472462509650m_2017915729427977816gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><span
style="color:rgb(76,76,76)">Best
regards, <br>
<br>
Oleksandr Nekriach
| Identity and
access management
engineer <br>
<br>
Dynatech, Mednieku
str. 4a, Riga,
LV-1010, Latvia <br>
<br>
<div
style="display:inline-block"><a
href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank"
moz-do-not-send="true">+37125314685</a></div>
,
<div
style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv" target="_blank"
moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div
style="display:inline-block"><a
href="http://www.dynatech.lv" target="_blank" moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
<img
src="cid:part34.EC9D64EF.5C83F8F7@evolveum.com"
class=""> <br>
<br>
Stay connected: <br>
<div
style="display:inline-block;margin:5px
5px 0px 0px"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank"
moz-do-not-send="true"><img
src="cid:part35.1E50E184.104004B8@evolveum.com"
class=""></a></div>
<div
style="display:inline-block;margin:5px
0px 0px"><a
href="https://www.linkedin.com/company-beta/17893047/"
target="_blank" moz-do-not-send="true"><img
src="cid:part37.75FF8CF3.BCA38ADA@evolveum.com"
class=""></a></div>
<br>
<br>
<span
style="font-size:11px;color:rgb(161,161,161)">Confidentiality
Notice: This
message contains
confidential
information and
is intended only
for the named
recipient(s). If
you are not the
addressee you
may not copy,
distribute or
perform any
other activities
with this
information. If
you have
received this
transmission in
error, please
notify us by
e-mail
immediately.
E-mail
transmission
cannot be
guaranteed to be
secure or
error-free as
information
could be
intercepted,
corrupted, lost,
destroyed,
arrive late or
incomplete, or
contain viruses.</span></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_-5149397472462509650m_2017915729427977816mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-5149397472462509650m_2017915729427977816moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-5149397472462509650m_2017915729427977816moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><span class="m_-5149397472462509650HOEnZb"><font color="#888888">
</font></span></pre>
<span class="m_-5149397472462509650HOEnZb"><font
color="#888888"> </font></span></blockquote>
<span class="m_-5149397472462509650HOEnZb"><font
color="#888888"> <br>
<pre class="m_-5149397472462509650m_2017915729427977816moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
</font></span></div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="m_-5149397472462509650gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><span style="color:#4c4c4c">Best
regards, <br>
<br>
Oleksandr Nekriach | Identity and access
management engineer <br>
<br>
Dynatech, Mednieku str. 4a, Riga,
LV-1010, Latvia <br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685"
value="+37125314685" target="_blank"
moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv"
target="_blank"
moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv"
target="_blank"
moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
<img
src="cid:part34.EC9D64EF.5C83F8F7@evolveum.com"
class=""> <br>
<br>
Stay connected: <br>
<div
style="display:inline-block;margin:5px
5px 0 0"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank"
moz-do-not-send="true"><img
src="cid:part35.1E50E184.104004B8@evolveum.com"
class=""></a></div>
<div
style="display:inline-block;margin:5px
0 0 0"><a
href="https://www.linkedin.com/company-beta/17893047/"
target="_blank"
moz-do-not-send="true"><img
src="cid:part37.75FF8CF3.BCA38ADA@evolveum.com"
class=""></a></div>
<br>
<br>
<span
style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains
confidential information and is
intended only for the named
recipient(s). If you are not the
addressee you may not copy, distribute
or perform any other activities with
this information. If you have received
this transmission in error, please
notify us by e-mail immediately.
E-mail transmission cannot be
guaranteed to be secure or error-free
as information could be intercepted,
corrupted, lost, destroyed, arrive
late or incomplete, or contain
viruses.</span></span></div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_-5149397472462509650mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-5149397472462509650moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-5149397472462509650moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="m_-5149397472462509650moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><span style="color:#4c4c4c">Best regards, <br>
<br>
Oleksandr Nekriach | Identity and access management
engineer <br>
<br>
Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia <br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685"
value="+37125314685" target="_blank"
moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv"
target="_blank" moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv" target="_blank"
moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
<img src="cid:part34.EC9D64EF.5C83F8F7@evolveum.com"
class=""> <br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0 0"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank" moz-do-not-send="true"><img
src="cid:part35.1E50E184.104004B8@evolveum.com"
class=""></a></div>
<div style="display:inline-block;margin:5px 0 0 0"><a
href="https://www.linkedin.com/company-beta/17893047/" target="_blank"
moz-do-not-send="true"><img
src="cid:part37.75FF8CF3.BCA38ADA@evolveum.com"
class=""></a></div>
<br>
<br>
<span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential
information and is intended only for the named
recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities
with this information. If you have received this
transmission in error, please notify us by e-mail
immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information
could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.</span></span></div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>