<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
Ordering rule 2.5.13.3 works for OpenLDAP. It is perhaps worth
trying. The trouble with AD is that it does not specify any
matching rules in its LDAP schema. Therefore this is all pretty
much a guesswork.<br>
<br>
However, I'm quite curious. What version/flavor of AD are you
using? I have tested the connector with several versions and
configurations, but I have never run into this problem.
Paging/sorting worked without any need for special configuration.
I wonder what might me the root cause.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com</pre>
<br>
<br>
<br>
On 7/29/19 5:50 PM, <a class="moz-txt-link-abbreviated" href="mailto:JStanczak@vinu.edu">JStanczak@vinu.edu</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OFE896DA2F.E968812E-ON85258443.00707F15-85258446.005701FB@vinu.edu">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif"><font size="2"
face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif">
<div style="font-family: Verdana, Arial, Helvetica,
sans-serif;">That helps. It's the VLV causing it. I think I
have it almost there but I'm not sure what ordering rule
(VLV ordering rule) to use. </div>
<div style="font-family: Verdana, Arial, Helvetica,
sans-serif;"><br>
</div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">controls=Sort(uid:<????>:A) <-- I've
tried several numbers and each time I get
unavailableCriticalExtension. </font><br>
</div>
<div style=""><br>
</div>
<div style="">Setting to SPR works just fine but it would be
nice to use VLV if it's better. </div>
<div style=""><br>
</div>
<div style="">Thanks.</div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif"><br>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif"><br>
</font></div>
<br>
<br>
<font style="font-family: Verdana, Arial, Helvetica,
sans-serif;" color="#990099">-----"midPoint" <<a
href="mailto:midpoint-bounces@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint-bounces@lists.evolveum.com</a>>
wrote: -----</font>
<div class="iNotesHistory" style="font-family: Verdana, Arial,
Helvetica, sans-serif; padding-left: 5px;">
<div
style="padding-right:0px;padding-left:5px;border-left:solid
black 2px;">To: <a
href="mailto:midpoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a><br>
From: "Radovan Semancik"
<!--Notes ACF
<radovan.semancik@evolveum.com>--><br>
Sent by: "midPoint"
<!--Notes ACF
<midpoint-bounces@lists.evolveum.com>--><br>
Date: 07/25/2019 05:27AM<br>
Subject: Re: [midPoint] unavailableCriticalExtension:
000020EF: SvcErr: DSID-03140552, problem 5010
(UNAVAIL_EXTENSION)<br>
<br>
<!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">-->
<div class="moz-cite-prefix">Hi,<br>
<br>
LDAP protocol is extensible by using a mechanisms of
extended operations and controls. This error suggests,
that AD does not support one of the controls that are
used in operation that midPoint has requested. You can
have a look at AD log files and hope that you will find
more information as to which particular control is not
supported. Or you can contact Microsoft support.
However, according to my experience, both are quite
pointless exercises. When it comes to that particular
technology, trial-and-error is the best approach that I
could find.<br>
<br>
Therefore I would suggest to follow our troubleshooting
guide:<br>
<br>
<a class="moz-txt-link-freetext"
href="https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Troubleshooting"
moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Troubleshooting</a><br>
<br>
I would recommend to find the LDAP operation that caused
the error. The connector should log all important parts
of the operations, including the controls. Look for
"controls=....". One of those controls is probably the
cause of the problem. Once you know what control is the
problem, you can try enable that control in the AD. Or,
if that is not possible, then the connector has several
configuration options that control the use those LDAP
controls. However, the connector is only using a very
basic set of controls that make LDAP protocol barely
usable for IDM purposes. Disabling any of them may
affect usability of midPoint's connection to AD. But I'm
speculating here. Let's see what control is the problem
first.<br>
<br>
<div><font size="2" face="Courier New,Courier,monospace">--
<br>
Radovan Semancik<br>
Software Architect<br>
evolveum.com</font></div>
<br>
<br>
On 7/24/19 3:44 PM, <a class="moz-txt-link-abbreviated"
href="mailto:JStanczak@vinu.edu"
moz-do-not-send="true">JStanczak@vinu.edu</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OFBBED4F62.FB37290F-ON85258441.004B7D8C-85258441.004B7D8C@vinu.edu">
<!--Notes ACF
<meta http-equiv="content-type" content="text/html; charset=windows-1252">-->
<font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif">
<div style="">
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">When accessing all users on the
resource I get the below error. Searching for
users works fine too. Is this some AD
limitation?</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif"><br>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif"><br>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">
<div>
<div>com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
- <span style="font-size: 12.8px;">2.0</span></div>
</div>
<div>java.version - 1.8.0_191</div>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">
<div>Version - 3.9</div>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">
<div>ConnId framework version - 1.5.0.0</div>
<div><br>
</div>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">com.evolveum.midpoint.util.exception.CommunicationException:
Error communicating with the connector
ConnectorInstanceIcfImpl(connector:cd7ec95b-9007-47b4-b6f6-9a95ec085f68(ConnId
com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0)): IO error:
org.identityconnectors.framework.common.exceptions.ConnectorIOException(LDAP
error during search in
DC=local-test,DC=vinu,DC=edu:
unavailableCriticalExtension: 000020EF: SvcErr:
DSID-03140552, problem 5010 (UNAVAIL_EXTENSION),
data 0?? (12))</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif"><span style="white-space: pre;"> </span>at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1330)</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif"><br>
</font></div>
<div style=""><font face="Verdana, Arial, Helvetica,
sans-serif">Thanks.</font></div>
</div>
</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<div><font size="2" face="Courier New,Courier,monospace">_______________________________________________<br>
midPoint mailing list<br>
<a class="moz-txt-link-abbreviated"
href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a class="moz-txt-link-freetext"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</font></div>
</blockquote>
<br>
<br>
<div><font size="2" face="Courier New,Courier,monospace">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</font></div>
<!--Notes ACF
</midpoint-bounces@lists.evolveum.com>--><!--Notes ACF
</radovan.semancik@evolveum.com>--></div>
</div>
</font></font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>