<html><body>Hi All,<div><br></div><div>I need help with setup of Org. Structure. First of all i have prepared demo Active Directory with hundrets of users and groups.</div><div><span style="background-color:transparent">User are synced to MidPoint and also Roles are synced to AD as Groups. So it works.</span><br></div><div><span style="background-color:transparent"><br></span></div><div><span style="background-color:transparent">I would like to try also Org Structure. I watched demo online and after some adjustments I was able to create Orgs: </span></div><div><span style="background-color:transparent">'functional as OU' and 'projects as Groups'.</span><br></div><div><span style="background-color:transparent"><br></span></div><div><span style="background-color:transparent">I am having multiple issues: </span></div><div><span style="background-color:transparent"><br></span></div><div>If I create root Org for project, everything is OK. Security Group is created in AD. If I try to assign user, then user is added to corresponding Group.</div><div>But if I try to create child Org type project. I got error:</div><div><br></div><div><span style="color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px">Can't process shadow: null (OID:null): Generic error in connector: Invalid credentials: org.identityconnectors.framework.common.exceptions.InvalidPasswordException(0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0??: PASSWORD_RESTRICTION: Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain): Can't process shadow: null (OID:null): Generic error in connector: Invalid credentials: org.identityconnectors.framework.common.exceptions.InvalidPasswordException(0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0??: PASSWORD_RESTRICTION: Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain): Can't process shadow: null (OID:null): Generic error in connector: Invalid credentials: org.identityconnectors.framework.common.exceptions.InvalidPasswordException(0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0??: PASSWORD_RESTRICTION: Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain): Can't process shadow: null (OID:null): Generic error in connector: Invalid credentials: org.identityconnectors.framework.common.exceptions.InvalidPasswordException(0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0??: PASSWORD_RESTRICTION: Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain)</span><br></div><div><span style="color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><br></span></div><div>I see that it is creating object type account :</div><div><br></div><div><div style="box-sizing:border-box;border-radius:3px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;border-top:3px solid rgb(210,214,222);margin-bottom:20px;width:auto;box-shadow:rgba(0,0,0,0.1)0px 1px 1px;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px;display:table"><div style="box-sizing:border-box;border-radius:0px 0px 3px 3px;padding:0px!important"><table style="box-sizing:border-box;border-spacing:0px;border-collapse:collapse;background-color:transparent;width:709px;max-width:100%;margin-bottom:0px;border:1px solid rgb(244,244,244)"><tbody style="box-sizing:border-box"><tr style="box-sizing:border-box;background-color:rgb(249,249,249)"><th style="box-sizing:border-box;padding:5px;text-align:left;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)">Activity</th><th style="box-sizing:border-box;padding:5px;text-align:left;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)">Status</th><th style="box-sizing:border-box;padding:5px;text-align:left;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial">Resource object (if applicable)</th></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Computing projections of the focus object</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box"></span></td></tr><tr style="box-sizing:border-box;background-color:rgb(249,249,249)"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Operation on focus object (repository)</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box"></span></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Account (default) on Hell Active Directory (LDAP)</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(169,68,66);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="FATAL_ERROR"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box">Add:Fatal error -> CN=A2,OU=Users,OU=CZ,DC=hell,DC=local</span></td></tr><tr style="box-sizing:border-box;background-color:rgb(249,249,249)"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Considering or starting approval workflows</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box"></span></td></tr></tbody></table></div></div><div style="box-sizing:border-box;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px;background-color:rgb(236,240,245)"><div style="box-sizing:border-box"><div style="box-sizing:border-box;border-radius:3px;background:rgb(255,255,255);border-top:3px solid rgb(210,214,222);margin-bottom:20px;width:auto;box-shadow:rgba(0,0,0,0.1)0px 1px 1px;display:table"></div></div></div></div><div>I see that it tryes to use correct meta role. </div><div><br></div><div><span style="color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:11.6667px">Successfully finished evaluation of mapping mapping in for association {.../resource/instance-3}group in role:3154fafb-9f9f-4c3b-93ae-7fffd43796bf(LDAP Projects MetaRole) in 7 ms.</span><br></div><div><br></div><div>When i add manualy metarole to child Org. I got error:</div><div><br></div><div><div style="box-sizing:border-box;border-radius:3px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;border-top:3px solid rgb(210,214,222);margin-bottom:20px;width:auto;box-shadow:rgba(0,0,0,0.1)0px 1px 1px;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px;display:table"><div style="box-sizing:border-box;border-radius:0px 0px 3px 3px;padding:0px!important"><table style="box-sizing:border-box;border-spacing:0px;border-collapse:collapse;background-color:transparent;width:758px;max-width:100%;margin-bottom:0px;border:1px solid rgb(244,244,244)"><tbody style="box-sizing:border-box"><tr style="box-sizing:border-box;background-color:rgb(249,249,249)"><th style="box-sizing:border-box;padding:5px;text-align:left;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)">Activity</th><th style="box-sizing:border-box;padding:5px;text-align:left;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)">Status</th><th style="box-sizing:border-box;padding:5px;text-align:left;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial">Resource object (if applicable)</th></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Computing projections of the focus object</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box"></span></td></tr><tr style="box-sizing:border-box;background-color:rgb(249,249,249)"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Operation on focus object (repository)</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box"></span></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Account (default) on Hell Active Directory (LDAP)</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(169,68,66);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="FATAL_ERROR"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box">Add:Fatal error -> CN=A2,OU=Users,OU=CZ,DC=hell,DC=local</span></td></tr><tr style="box-sizing:border-box;background-color:rgb(249,249,249)"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Entitlement (ldapProject) on Hell Active Directory (LDAP)</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box">Add:Success -> cn=A2,ou=Projects,dc=hell,dc=local</span></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box">Considering or starting approval workflows</span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border:1px solid rgb(244,244,244)"><span style="box-sizing:border-box;color:rgb(60,118,61);display:inline-block;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:0.75em;font-family:FontAwesome;font-size:1.33333em;text-rendering:auto;vertical-align:-15%;width:1.28571em;text-align:center" title="SUCCESS"></span></td><td style="box-sizing:border-box;padding:5px;line-height:1.42857;vertical-align:top;border-width:1px 0px 1px 1px;border-style:solid;border-color:rgb(244,244,244);border-image:initial"><span style="box-sizing:border-box"></span></td></tr></tbody></table></div></div></div><div>In the end groups is created but it is not correct behaviour. </div><div><br></div><div>Other problem is that when i add someone to child Org. it is added to correcsponding group. But not to AD group of root Org.</div><div><br></div><div>Hope I described it clearly.  <span style="background-color:transparent">Can Someone please help me with correct settings? </span></div><div><br></div><div>Thank you</div><div><br></div><div>Jan</div><div><br></div></body></html>