<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      LDAP protocol is extensible by using a mechanisms of extended
      operations and controls. This error suggests, that AD does not
      support one of the controls that are used in operation that
      midPoint has requested. You can have a look at AD log files and
      hope that you will find more information as to which particular
      control is not supported. Or you can contact Microsoft support.
      However, according to my experience, both are quite pointless
      exercises. When it comes to that particular technology,
      trial-and-error is the best approach that I could find.<br>
      <br>
      Therefore I would suggest to follow our troubleshooting guide:<br>
      <br>
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Troubleshooting">https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Troubleshooting</a><br>
      <br>
      I would recommend to find the LDAP operation that caused the
      error. The connector should log all important parts of the
      operations, including the controls. Look for "controls=....". One
      of those controls is probably the cause of the problem. Once you
      know what control is the problem, you can try enable that control
      in the AD. Or, if that is not possible, then the connector has
      several configuration options that control the use those LDAP
      controls. However, the connector is only using a very basic set of
      controls that make LDAP protocol barely usable for IDM purposes.
      Disabling any of them may affect usability of midPoint's
      connection to AD. But I'm speculating here. Let's see what control
      is the problem first.<br>
      <br>
      <pre class="moz-signature" cols="72">-- 
Radovan Semancik
Software Architect
evolveum.com</pre>
      <br>
      <br>
      On 7/24/19 3:44 PM, <a class="moz-txt-link-abbreviated" href="mailto:JStanczak@vinu.edu">JStanczak@vinu.edu</a> wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:OFBBED4F62.FB37290F-ON85258441.004B7D8C-85258441.004B7D8C@vinu.edu">
      <meta http-equiv="content-type" content="text/html;
        charset=windows-1252">
      <font size="2" face="Default Sans
        Serif,Verdana,Arial,Helvetica,sans-serif">
        <div style="">
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif">When accessing all users on the resource I get
              the below error. Searching for users works fine too. Is
              this some AD limitation?</font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif"><br>
            </font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif"><br>
            </font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif">
              <div>
                <div>com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
                  - <span style="font-size: 12.8px;">2.0</span></div>
              </div>
              <div>java.version - 1.8.0_191</div>
            </font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif">
              <div>Version - 3.9</div>
            </font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif">
              <div>ConnId framework version - 1.5.0.0</div>
              <div><br>
              </div>
            </font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif">com.evolveum.midpoint.util.exception.CommunicationException:
              Error communicating with the connector
ConnectorInstanceIcfImpl(connector:cd7ec95b-9007-47b4-b6f6-9a95ec085f68(ConnId
              com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
              v2.0)): IO error:
org.identityconnectors.framework.common.exceptions.ConnectorIOException(LDAP
              error during search in DC=local-test,DC=vinu,DC=edu:
              unavailableCriticalExtension: 000020EF: SvcErr:
              DSID-03140552, problem 5010 (UNAVAIL_EXTENSION), data 0??
              (12))</font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif"><span style="white-space: pre;">      </span>at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1330)</font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif"><br>
            </font></div>
          <div style=""><font face="Verdana, Arial, Helvetica,
              sans-serif">Thanks.</font></div>
        </div>
      </font>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">
</pre>
  </body>
</html>