<div dir="ltr"><div><div><div>Hello Ivan,<br><br></div>Thank you for help!<br></div>I turned off explicitReferentialIntegrity and this solved my problem.<br></div>What does this setting mean? <br><div><br></div><div>Best regards, Oleksandr<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-09-27 18:07 GMT+03:00 Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>AFAIK memberof overlay is to compute "memberof" attribute of the
LDAP account. But your exception comes from group modification:
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=<wbr>InternalGroups,ou=Groups,ou=<wbr>MD,dc=dyninno,dc=test:
[remove:member:
uid=Oleksandr.Nekriach,ou=<wbr>Agents,ou=Users,ou=MD,dc=<wbr>dyninno,dc=test,]:
noSuchAttribute: (16)</p>
<p>My first guess was that you have "refint" module and
corresponding overlay activated on OpenLDAP side. If you are
really not using OpenLDAP's referential integrity, then it should
work as it is configured. You have even configured
"usePermissiveModify"...</p>
<p>I remember when I was playing with referential integrity, if I
renamed account in LDAP (through mp) and it failed with similar
error, but the group membership was still correct after this
operation (showing renamed account), the problem was that LDAP
server was doing the referential integrity automatically and I
needed to turn off explicitReferentialIntegrity in association
configuration.<br>
</p>
<p>No more ideas yet.</p>
<p>Regards,</p>
<p>Ivan<br>
</p><div><div class="h5">
<br>
<div class="m_-5149397472462509650moz-cite-prefix">On 27.09.2017 16:16, Oleksandr Nekriach
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Ivan,<br>
</div>
We have added to OpenLdap memberOf overlay (see config below).
But I don't sure that is good idea to remove it. Do you have
some idea?<br>
<br>
dn: cn=module{2},cn=config<br>
cn: module{2}<br>
changetype: modify<br>
objectClass: olcModuleList<br>
olcModuleLoad: memberof<br>
olcModulePath: /usr/lib/ldap<br>
<br>
dn: olcOverlay={0}memberof,<wbr>olcDatabase={1}mdb,cn=config<br>
objectClass: olcConfig<br>
objectClass: olcMemberOf<br>
objectClass: olcOverlayConfig<br>
objectClass: top<br>
olcOverlay: memberof<br>
olcMemberOfDangling: ignore<br>
olcMemberOfRefInt: TRUE<br>
olcMemberOfGroupOC: groupOfNames<br>
olcMemberOfMemberAD: member<br>
olcMemberOfMemberOfAD: memberOf<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-09-27 15:49 GMT+03:00 Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>you have association set with
explicitReferentialIntegrity, that means midpoint will
update group membership if user DN changes. Could this
collide with your OpenLDAP refint overlay (or whatever
is the name for automatic referential integrity)?<br>
</p>
I
<div>
<div class="m_-5149397472462509650h5"><br>
<br>
<div class="m_-5149397472462509650m_2017915729427977816moz-cite-prefix">On
27.09.2017 13:28, Oleksandr Nekriach wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="m_-5149397472462509650h5">
<div dir="ltr">
<div>Hello,<br>
</div>
<div>Please help me understand what is wrong.<br>
</div>
<div>I have role which assign a group to OpenLdap
resource acount. Also I have resource with
expresion which dynamical calculates
Distinguished Name and has dependency on source
attribute "Locality". Also I expand ldap
resource schema with memberOf attribute.<br>
</div>
<div>When I change Locality attribute I get an
error <br>
InvalidAttributeValueException<wbr>: Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16)<br>
</div>
<div><br>
</div>
I can't understand why I got this error if
resource account was modified successfuly as I
want.<br>
<div>
<div>
<div>
<div><br>
<displayName>TestRole_forMidpo<wbr>int</displayName><br>
<inducement id="5"><br>
<construction><br>
<resourceRef
oid="00000000-0004-0000-0000-0<wbr>0000000004"<br>
relation="org:default"<br>
type="c:ResourceType"><!--
myOpenLDAP4 --></resourceRef><br>
<association><br>
<c:ref>ri:Group</c:ref><br>
<outbound><br>
<expression><br>
<associationTargetSearch xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2<wbr>001/XMLSchema-instance</a>"<br>
<wbr>
xsi:type="c:SearchObjectExpres<wbr>sionEvaluatorType"><br>
<filter><br>
<q:equal><br>
<q:path>declare namespace icfs='<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">http://midpoint.evolveum<wbr>.com/xml/ns/public/connector/<wbr>icf-1/resource-schema-3</a>';
declare namespace ri='<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.c<wbr>om/xml/ns/public/resource/inst<wbr>ance-3</a>';
attributes/ri:cn</q:path><br>
<q:value>TestRole_forMidpoint_<wbr>2</q:value><br>
</q:equal><br>
</filter><br>
<searchOnResource>true</search<wbr>OnResource><br>
</associationTargetSearch><br>
</expression><br>
</outbound><br>
</association><br>
</construction><br>
</inducement><br>
<br>
<attribute><br>
<c:ref>ri:dn</c:ref><br>
<displayName>Distinguished
Name</displayName><br>
<matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" target="_blank">http://prism.evolveu<wbr>m.com/xml/ns/public/matching-<wbr>rule-3</a>">mr:distinguishedName</<wbr>matchingRule><br>
<outbound><br>
<strength>strong</strength><br>
<source><br>
<c:path>$user/name</c:path><br>
</source><br>
<source><br>
<c:path>$user/description</c:p<wbr>ath><br>
</source><br>
<source><br>
<c:path>$user/locality</c:path<wbr>><br>
</source><br>
<expression><br>
<script xsi:type="c:ScriptExpressionEv<wbr>aluatorType"><br>
<code><br>
String
rightPartOfDN=",ou=InternalUse<wbr>rs,ou=Users,ou=LV";<br>
String
dc=",dc=dyninno,dc=test";<br>
if(name!=null
&& description!=null
&& locality!=null){<br>
if(locality.toString().equalsI<wbr>gnoreCase("RIX")
&& description.toString().contain<wbr>s("Agent")){<br>
rightPartOfDN=",ou=Agents,ou=U<wbr>sers,ou=LV";<br>
}<br>
if(locality.toString().equalsI<wbr>gnoreCase("KIV")
&& description.toString().contain<wbr>s("Agent")){<br>
rightPartOfDN=",ou=Agents,ou=U<wbr>sers,ou=MD";<br>
}<br>
}<br>
return "uid=" +
name.toString() + iterationToken +
rightPartOfDN+dc;<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
</attribute><br>
<br>
<br>
<br>
2017-09-27 13:59:42,925 [] [Thread-24]
WARN (com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown attribute
1.3.6.1.4.1.1466.115.121.1.15, cannot
determine if it is binary<br>
2017-09-27 13:59:42,939 [] [Thread-23]
WARN (com.evolveum.midpoint.provisi<wbr>oning.impl.ResourceObjectConve<wbr>rter):
The resource: myOpenLDAP4
(OID:00000000-0004-0000-0000-0<wbr>0000000004)
does not provide definition for null value
of simulated activation attribute<br>
2017-09-27 13:59:43,893 [] [Thread-23]
WARN (com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown attribute
1.3.6.1.4.1.1466.115.121.1.15, cannot
determine if it is binary<br>
2017-09-27 13:59:44,410 [] [Thread-23]
WARN (com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown attribute
1.3.6.1.4.1.1466.115.121.1.15, cannot
determine if it is binary<br>
2017-09-27 13:59:44,712 [] [Thread-23]
WARN (com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown attribute
1.3.6.1.4.1.1466.115.121.1.12, cannot
determine if it is binary<br>
2017-09-27 13:59:45,077 [] [Thread-23]
WARN (com.evolveum.polygon.connecto<wbr>r.ldap.schema.AbstractSchemaTr<wbr>anslator):
method: null msg:Uknown attribute
1.3.6.1.4.1.1466.115.121.1.12, cannot
determine if it is binary<br>
2017-09-27 13:59:45,120 [] [Thread-23]
ERROR (com.evolveum.midpoint.provisi<wbr>oning.ucf.impl.connid.ConnIdUt<wbr>il):
ConnId Exception
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException
in connector:cb288b2c-1e5f-4b78-9<wbr>24e-a215b723137d(ConnId
com.evolveum.polygon.connector<wbr>.ldap.LdapConnector
v1.4.5): ConnectorSpec(object:00000000-<wbr>0004-0000-0000-00000000004(myO<wbr>penLDAP4),
name=null, oid=cb288b2c-1e5f-4b78-924e-a2<wbr>15b723137d)
while removing attribute values from
object identified by ConnId UID
'57ef6422-32fa-1037-9380-3b12a<wbr>e02d26c':
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16)<br>
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException:
Error modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16)<br>
at
com.evolveum.polygon.connector<wbr>.ldap.LdapUtil.processLdapResu<wbr>lt(LdapUtil.java:455)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.<a href="http://ldap.AbstractLdapConnector.pr">ldap.AbstractLdapConnector.pr</a><wbr>ocessModifyResult(AbstractLdap<wbr>Connector.java:1119)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.ldap.AbstractLdapConnector.<wbr>modify(AbstractLdapConnector.<wbr>java:1110)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.ldap.AbstractLdapConnector.ld<wbr>apUpdateAttempt(AbstractLdapCo<wbr>nnector.java:1060)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.ldap.AbstractLdapConnector.ld<wbr>apUpdate(AbstractLdapConnector<wbr>.java:1019)
~[connector-ldap-1.4.5.jar:na]<br>
at
com.evolveum.polygon.connector<wbr>.<a href="http://ldap.AbstractLdapConnector.re">ldap.AbstractLdapConnector.re</a><wbr>moveAttributeValues(AbstractLd<wbr>apConnector.java:990)
~[connector-ldap-1.4.5.jar:na]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.local.operations.<wbr>UpdateImpl.removeAttributeValu<wbr>es(UpdateImpl.java:171)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.local.operations.C<wbr>onnectorAPIOperationRunnerProx<wbr>y.invoke(ConnectorAPIOperation<wbr>RunnerProxy.java:98)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.local.operations.T<wbr>hreadClassLoaderManagerProxy.i<wbr>nvoke(ThreadClassLoaderManager<wbr>Proxy.java:96)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.DelegatingTimeoutP<wbr>roxy.invoke(DelegatingTimeoutP<wbr>roxy.java:99)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.LoggingProxy.<wbr>invoke(LoggingProxy.java:83)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at com.sun.proxy.$Proxy184.remove<wbr>AttributeValues(Unknown
Source) ~[na:na]<br>
at
org.identityconnectors.framewo<wbr>rk.impl.api.AbstractConnectorF<wbr>acade.removeAttributeValues(Ab<wbr>stractConnectorFacade.java:225<wbr>)
~[connector-framework-internal<wbr>-1.4.2.35.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.Connector<wbr>InstanceConnIdImpl.modifyObjec<wbr>t(ConnectorInstanceConnIdImpl.<wbr>java:1843)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeModify(ResourceObje<wbr>ctConverter.java:765)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlements(Resour<wbr>ceObjectConverter.java:1165)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlementChangesM<wbr>odify(ResourceObjectConverter.<wbr>java:1112)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.modifyResourceObject(Resou<wbr>rceObjectConverter.java:612)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ShadowCache.modifySh<wbr>adow(ShadowCache.java:684)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ProvisioningServiceI<wbr>mpl.modifyObject(ProvisioningS<wbr>erviceImpl.java:679)
[provisioning-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.modifyP<wbr>rovisioningObject(ChangeExecut<wbr>or.java:1397)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Modification(ChangeExecutor.<wbr>java:1281)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Delta(ChangeExecutor.java:812)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Changes(ChangeExecutor.java:<wbr>308)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.lambda$proce<wbr>ssSecondary$0(Clockwork.java:<wbr>481)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1253)
~[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1240)
~[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.processSecon<wbr>dary(Clockwork.java:479)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.click(Clockw<wbr>ork.java:327)
[model-impl-3.6.jar:na]<br>
at <a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.run(Clockwor<wbr>k.java:203)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.controller.ModelController.<wbr>executeChanges(ModelController<wbr>.java:569)
~[model-impl-3.6.jar:na]<br>
at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.apache.wicket.proxy.LazyIn<wbr>itProxyFactory$JdkHandler.<wbr>invoke(LazyInitProxyFactory.<wbr>java:507)
~[wicket-ioc-7.6.0.jar:7.6.0]<br>
at com.sun.proxy.$Proxy156.execut<wbr>eChanges(Unknown
Source) ~[na:na]<br>
at
com.evolveum.midpoint.web.comp<wbr>onent.progress.ProgressReporte<wbr>r.lambda$executeChangesAsync$<wbr>0(ProgressReporter.java:187)
~[classes/:na]<br>
at java.lang.Thread.run(Thread.ja<wbr>va:748)
~[na:1.8.0_131]<br>
2017-09-27 13:59:45,129 [] [Thread-23]
ERROR (com.evolveum.midpoint.provisi<wbr>oning.impl.ResourceObjectConve<wbr>rter):
Error while modifying entitlement
ProvisioningContext(for RSD(entitlement
(Group) @00000000-0004-0000-0000-00000<wbr>000004)
in object:00000000-0004-0000-0000<wbr>-00000000004(myOpenLDAP4))
of ProvisioningContext(for
shadow:9873b7ed-3679-4a66-9445<wbr>-344e9b52dd34(uid=Oleksandr.<wbr>Nekriach,ou=Agents,ou=Users,<wbr>ou=MD,dc=dyninno,dc=test)
in object:00000000-0004-0000-0000<wbr>-00000000004(myOpenLDAP4)):
Schema violation: Invalid attribute:
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16))<br>
com.evolveum.midpoint.util.exc<wbr>eption.SchemaException:
Schema violation: Invalid attribute:
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16))<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeModify(ResourceObje<wbr>ctConverter.java:797)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlements(Resour<wbr>ceObjectConverter.java:1165)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeEntitlementChangesM<wbr>odify(ResourceObjectConverter.<wbr>java:1112)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.modifyResourceObject(Resou<wbr>rceObjectConverter.java:612)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ShadowCache.modifySh<wbr>adow(ShadowCache.java:684)
[provisioning-impl-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ProvisioningServiceI<wbr>mpl.modifyObject(ProvisioningS<wbr>erviceImpl.java:679)
[provisioning-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.modifyP<wbr>rovisioningObject(ChangeExecut<wbr>or.java:1397)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Modification(ChangeExecutor.<wbr>java:1281)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Delta(ChangeExecutor.java:812)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.ChangeExecutor.execute<wbr>Changes(ChangeExecutor.java:<wbr>308)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.lambda$proce<wbr>ssSecondary$0(Clockwork.java:<wbr>481)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1253)
~[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.LensUtil.partialExecut<wbr>e(LensUtil.java:1240)
~[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.processSecon<wbr>dary(Clockwork.java:479)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.click(Clockw<wbr>ork.java:327)
[model-impl-3.6.jar:na]<br>
at <a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.lens.Clockwork.run(Clockwor<wbr>k.java:203)
[model-impl-3.6.jar:na]<br>
at
<a href="http://com.evolveum.midpoint.model.im">com.evolveum.midpoint.model.im</a><wbr>pl.controller.ModelController.<wbr>executeChanges(ModelController<wbr>.java:569)
~[model-impl-3.6.jar:na]<br>
at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
Method) ~[na:1.8.0_131]<br>
at
sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)
~[na:1.8.0_131]<br>
at
sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)
~[na:1.8.0_131]<br>
at java.lang.reflect.Method.invok<wbr>e(Method.java:498)
~[na:1.8.0_131]<br>
at
org.apache.wicket.proxy.LazyIn<wbr>itProxyFactory$JdkHandler.<wbr>invoke(LazyInitProxyFactory.<wbr>java:507)
~[wicket-ioc-7.6.0.jar:7.6.0]<br>
at com.sun.proxy.$Proxy156.execut<wbr>eChanges(Unknown
Source) ~[na:na]<br>
at
com.evolveum.midpoint.web.comp<wbr>onent.progress.ProgressReporte<wbr>r.lambda$executeChangesAsync$<wbr>0(ProgressReporter.java:187)
~[classes/:na]<br>
at java.lang.Thread.run(Thread.ja<wbr>va:748)
~[na:1.8.0_131]<br>
Caused by: com.evolveum.midpoint.util.exc<wbr>eption.SchemaException:
Invalid attribute:
org.identityconnectors.framewo<wbr>rk.common.exceptions.InvalidAt<wbr>tributeValueException(Error
modifying LDAP entry
cn=TestRole_forMidpoint_2,ou=I<wbr>nternalGroups,ou=Groups,ou=MD,<wbr>dc=dyninno,dc=test:
[remove:member: uid=Oleksandr.Nekriach,ou=Agen<wbr>ts,ou=Users,ou=MD,dc=dyninno,<wbr>dc=test,]:
noSuchAttribute: (16))<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.ConnIdUti<wbr>l.lookForKnownCause(ConnIdUtil<wbr>.java:352)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.ConnIdUti<wbr>l.processIcfException(ConnIdUt<wbr>il.java:215)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.ucf.impl.connid.Connector<wbr>InstanceConnIdImpl.modifyObjec<wbr>t(ConnectorInstanceConnIdImpl.<wbr>java:1850)
~[ucf-impl-connid-3.6.jar:na]<br>
at
com.evolveum.midpoint.provisio<wbr>ning.impl.ResourceObjectConver<wbr>ter.executeModify(ResourceObje<wbr>ctConverter.java:765)
[provisioning-impl-3.6.jar:na]<br>
... 24 common frames omitted<br>
<br>
<br>
-- <br>
<div class="m_-5149397472462509650m_2017915729427977816gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><span style="color:rgb(76,76,76)">Best
regards, <br>
<br>
Oleksandr Nekriach | Identity
and access management engineer <br>
<br>
Dynatech, Mednieku str. 4a,
Riga, LV-1010, Latvia <br>
<br>
<div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>
,
<div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div>
<br>
<br>
<img src="cid:part9.C3B3F473.D2CCD01F@evolveum.com"> <br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0px 0px"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:part10.10191E61.965F6530@evolveum.com"></a></div>
<div style="display:inline-block;margin:5px 0px 0px"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:part12.CA0E8B1A.04516373@evolveum.com"></a></div>
<br>
<br>
<span style="font-size:11px;color:rgb(161,161,161)">Confidentiality
Notice: This message contains
confidential information and
is intended only for the named
recipient(s). If you are not
the addressee you may not
copy, distribute or perform
any other activities with this
information. If you have
received this transmission in
error, please notify us by
e-mail immediately. E-mail
transmission cannot be
guaranteed to be secure or
error-free as information
could be intercepted,
corrupted, lost, destroyed,
arrive late or incomplete, or
contain viruses.</span></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-5149397472462509650m_2017915729427977816mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-5149397472462509650m_2017915729427977816moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-5149397472462509650m_2017915729427977816moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><span class="m_-5149397472462509650HOEnZb"><font color="#888888">
</font></span></pre>
<span class="m_-5149397472462509650HOEnZb"><font color="#888888"> </font></span></blockquote>
<span class="m_-5149397472462509650HOEnZb"><font color="#888888"> <br>
<pre class="m_-5149397472462509650m_2017915729427977816moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span></div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="m_-5149397472462509650gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><span style="color:#4c4c4c">Best regards, <br>
<br>
Oleksandr Nekriach | Identity and access management
engineer <br>
<br>
Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia <br>
<br>
<div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>
,
<div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div>
<br>
<br>
<img src="cid:part9.C3B3F473.D2CCD01F@evolveum.com"> <br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0 0"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:part10.10191E61.965F6530@evolveum.com"></a></div>
<div style="display:inline-block;margin:5px 0 0 0"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:part12.CA0E8B1A.04516373@evolveum.com"></a></div>
<br>
<br>
<span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential
information and is intended only for the named
recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities
with this information. If you have received this
transmission in error, please notify us by e-mail
immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information
could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.</span></span></div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-5149397472462509650mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-5149397472462509650moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-5149397472462509650moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="m_-5149397472462509650moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</div></div></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="color:#4c4c4c">Best regards, <br><br>Oleksandr Nekriach | Identity and access management engineer <br><br>Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia <br><br><div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>, <div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div> | <div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div> <br><br><img src="cid:o.nekriach@dynatech.lv1502777022855-7770"> <br><br>Stay connected: <br><div style="display:inline-block;margin:5px 5px 0 0"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:o.nekriach@dynatech.lv1502777022855-7771"></a></div><div style="display:inline-block;margin:5px 0 0 0"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:o.nekriach@dynatech.lv1502777022855-7772"></a></div><br><br><span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential information and is intended
only for the named recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses.</span></span></div></div></div></div>
</div>