
<div dir="ltr">Hi John,<div><br></div><div>What does your <synchronization> section of your resource definition look like? The error you're receiving makes me think that the midPoint account is not linked to your AD resource's shadow (if that's even possible, since you said some of it is actually syncing).</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 10, 2020 at 2:14 AM John Kamminga <<a href="mailto:jkamminga@ucmerced.edu">jkamminga@ucmerced.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div lang="EN-US">

<div class="gmail-m_-8853658475619185164WordSection1">

<p class="MsoNormal">We are a member of InCommon and are in the process of setting up midPoint for our Identity Registry and user provisioning to LDAP and Active Directory. We have LDAP working but I’m having an issue with Active Directory. We were using the

<a><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(60,141,188);background:rgb(249,249,249);text-decoration:none">AdLdapConnector</span></a> 2.0 connector but were having problems syncing the password and the userAccountControll

 attribute. After looking at this page: <a href="https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393" target="_blank">

https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393</a> I see that those issues may be fixed, so I upgraded to

<a><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(60,141,188);background:rgb(249,249,249);text-decoration:none">AdLdapConnector</span></a> 2.3. The good news is the password seems to be syncing fine and midPoint can create

 a new user in AD; however, now it can’t update any of the other attributes.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">If I try and update a user Attribute directly in the GUI on the Resource page here is the error that I get:<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal" align="right" style="text-align:right;background:white"><b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Operation<u></u><u></u></span></b></p>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Save account (Gui)</span></b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)"><u></u><u></u></span></p>

<p class="MsoNormal" align="right" style="margin-left:97.5pt;text-align:right;background:white">

<b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Message<u></u><u></u></span></b></p>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Couldn't save account.<u></u><u></u></span></p>

<table border="0" cellspacing="0" cellpadding="0" style="margin-left:0.5in;border-collapse:collapse">

<tbody>

<tr>

<td style="padding:0.75pt"></td>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51);display:none"><u></u> <u></u></span></p>

<table border="0" cellspacing="0" cellpadding="0" style="margin-left:0.5in;border-collapse:collapse">

<tbody>

<tr>

<td style="padding:0.75pt"></td>

</tr>

</tbody>

</table>

<p class="MsoNormal" align="right" style="margin-left:390pt;text-align:right;background:white">

<b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Error<u></u><u></u></span></b></p>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Object to modify not found: org.identityconnectors.framework.common.exceptions.UnknownUidException(Entry for

 GUID cn=cerri,ou=people,dc=test,dc=edu was not found)<u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal" align="right" style="text-align:right;background:white"><b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Operation<u></u><u></u></span></b></p>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Modify object (Provisioning)</span></b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)"><u></u><u></u></span></p>

<p class="MsoNormal" align="right" style="margin-left:97.5pt;text-align:right;background:white">

<b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Message<u></u><u></u></span></b></p>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Object to modify not found: org.identityconnectors.framework.common.exceptions.UnknownUidException(Entry for

 GUID cn=cerri,ou=people,dc=test,dc=edu was not found)<u></u><u></u></span></p>

<p class="MsoNormal" align="right" style="margin-left:195pt;text-align:right;background:white">

<b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Parameters<u></u><u></u></span></b></p>

<table border="0" cellspacing="0" cellpadding="0" style="margin-left:0.5in;border-collapse:collapse">

<tbody>

<tr>

<td valign="top" style="padding:0in">

<p class="MsoNormal"><b>options<u></u><u></u></b></p>

</td>

<td style="padding:0in 15pt 0in 3.75pt">

<p class="MsoNormal" style="word-break:break-all">[ProvisioningOperationOptions((empty))]<u></u><u></u></p>

</td>

</tr>

<tr>

<td valign="top" style="padding:0in">

<p class="MsoNormal"><b>oid<u></u><u></u></b></p>

</td>

<td style="padding:0in 15pt 0in 3.75pt">

<p class="MsoNormal" style="word-break:break-all">[ff2cc3fd-142a-4c8b-8631-c6d2a7faf152]<u></u><u></u></p>

</td>

</tr>

<tr>

<td valign="top" style="padding:0in">

<p class="MsoNormal"><b>scripts<u></u><u></u></b></p>

</td>

<td style="padding:0in 15pt 0in 3.75pt">

<p class="MsoNormal" style="word-break:break-all">[com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType@3131a937[script=<null>]]<u></u><u></u></p>

</td>

</tr>

<tr>

<td valign="top" style="padding:0in">

<p class="MsoNormal"><b>modifications<u></u><u></u></b></p>

</td>

<td style="padding:0in 15pt 0in 3.75pt">

<p class="MsoNormal" style="word-break:break-all">[PropertyDelta(attributes / {.../resource/instance-3}givenName, REPLACE), PropertyDelta(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDelta(metadata / {.../common/common-3}modifyTimestamp,

 REPLACE), ReferenceDelta(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDelta(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDelta(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDelta(metadata / {.../common/common-3}modifyApprovalComment,

 REPLACE)]<u></u><u></u></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" align="right" style="margin-left:292.5pt;text-align:right;background:white">

<b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Context<u></u><u></u></span></b></p>

<table border="0" cellspacing="0" cellpadding="0" style="margin-left:0.5in;border-collapse:collapse">

<tbody>

<tr>

<td valign="top" style="padding:0in">

<p class="MsoNormal"><b>implementationClass<u></u><u></u></b></p>

</td>

<td style="padding:0in 15pt 0in 3.75pt">

<p class="MsoNormal" style="word-break:break-all">[class com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl]<u></u><u></u></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal" align="right" style="margin-left:390pt;text-align:right;background:white">

<b><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Error<u></u><u></u></span></b></p>

<p class="MsoNormal" style="margin-left:0.5in;background:white"><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51)">Object to modify not found: org.identityconnectors.framework.common.exceptions.UnknownUidException(Entry for

 GUID cn=cerri,ou=people,dc=test,dc=edu was not found)<u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">I’m using the same configuration that I was in the 2.0 connector.<u></u><u></u></p>

<p class="MsoNormal">        <connectorConfiguration xmlns:icfc="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3</a>"><u></u><u></u></p>

<p class="MsoNormal">            <icfc:resultsHandlerConfiguration><u></u><u></u></p>

<p class="MsoNormal">                <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler><u></u><u></u></p>

<p class="MsoNormal">                <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler><u></u><u></u></p>

<p class="MsoNormal">                <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler><u></u><u></u></p>

<p class="MsoNormal">            </icfc:resultsHandlerConfiguration><u></u><u></u></p>

<p class="MsoNormal">            <icfc:configurationProperties xmlns:gen880="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.ad.AdLdapConnector" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.ad.AdLdapConnector</a>"><u></u><u></u></p>

<p class="MsoNormal">                <gen880:host><a href="http://addc01.test.edu" target="_blank">addc01.test.edu</a></gen880:host><u></u><u></u></p>

<p class="MsoNormal">                <gen880:port>636</gen880:port><u></u><u></u></p>

<p class="MsoNormal">                <gen880:connectionSecurity>ssl</gen880:connectionSecurity><u></u><u></u></p>

<p class="MsoNormal">                <gen880:authenticationType>simple</gen880:authenticationType><u></u><u></u></p>

<p class="MsoNormal">                <gen880:bindDn>***DC=test,DC=edu</gen880:bindDn><u></u><u></u></p>

<p class="MsoNormal">                <gen880:bindPassword><u></u><u></u></p>

<p class="MsoNormal">                    </t:encryptedData><u></u><u></u></p>

<p class="MsoNormal">                </gen880:bindPassword><u></u><u></u></p>

<p class="MsoNormal">                <gen880:baseContext>OU=people,dc=test,dc=edu</gen880:baseContext><u></u><u></u></p>

<p class="MsoNormal">                <gen880:passwordAttribute>userPassword</gen880:passwordAttribute><u></u><u></u></p>

<p class="MsoNormal">                <gen880:pagingStrategy>auto</gen880:pagingStrategy><u></u><u></u></p>

<p class="MsoNormal">                <gen880:uidAttribute>dn</gen880:uidAttribute><u></u><u></u></p>

<p class="MsoNormal">                <gen880:readSchema>true</gen880:readSchema><u></u><u></u></p>

<p class="MsoNormal">                <gen880:objectClassesToSynchronize>user</gen880:objectClassesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:objectClassesToSynchronize>account</gen880:objectClassesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:objectClassesToSynchronize>inetOrgPerson</gen880:objectClassesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:attributesToSynchronize>dn</gen880:attributesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:attributesToSynchronize>cn</gen880:attributesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:attributesToSynchronize>sAMAccountName</gen880:attributesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:attributesToSynchronize>sn</gen880:attributesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:attributesToSynchronize>givenName</gen880:attributesToSynchronize><u></u><u></u></p>

<p class="MsoNormal">                <gen880:rawUserAccountControlAttribute>true</gen880:rawUserAccountControlAttribute><u></u><u></u></p>

<p class="MsoNormal">            </icfc:configurationProperties><u></u><u></u></p>

<p class="MsoNormal">        </connectorConfiguration><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">If I run an import sync that would update the same attribute in AD, I get about the same error, and it disconnects the AD Resource from the user.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(51,51,51);background:white">SystemException: Object to modify not found: org.identityconnectors.framework.common.exceptions.UnknownUidException(Entry

 for GUID CN=cerri,OU=people,DC=test,DC=edu was not found)<u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">Do I need to use different configuration for the <a>

<span style="font-size:10.5pt;font-family:"Source Sans Pro",sans-serif;color:rgb(60,141,188);background:rgb(249,249,249);text-decoration:none">AdLdapConnector</span></a> 2.3  ?<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">Thanks,<u></u><u></u></p>

<p class="MsoNormal"><b><span style="color:rgb(76,75,76)">John Kamminga</span></b><span style="color:black"><u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:rgb(76,75,76)">Identity Management Architect</span><span style="color:black"><u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:rgb(76,75,76)">University of California Merced, Office of Information Technology</span><span style="color:black"><u></u><u></u></span></p>

<p class="MsoNormal"><a href="mailto:jkamminga@ucmerced.edu" target="_blank"><span style="color:rgb(5,99,193)">jkamminga@ucmerced.edu</span></a><span style="color:rgb(76,75,76)">| </span><a href="http://it.ucmerced.edu/" target="_blank"><span style="color:rgb(68,84,106)">it.ucmerced.edu </span></a><span style="color:rgb(76,75,76)">| 209.205.0372<u></u><u></u></span></p>

<p class="MsoNormal"><a href="https://www.facebook.com/UCMercedITdep/" target="_blank"><span style="color:rgb(5,99,193)">Facebook</span></a> |

<a href="https://twitter.com/ucmit" target="_blank"><span style="color:rgb(5,99,193)">Twitter</span></a> |

<a href="https://www.linkedin.com/company/uc-merced" target="_blank"><span style="color:rgb(5,99,193)">Linkedin</span></a><u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

</div>


_______________________________________________<br>

midPoint mailing list<br>

<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>

<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>

</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Colin A Foley, CISSP</div><div><div><div>Information Security Architect</div><div>(610) 758-3072</div></div></div></div></div></div></div></div></div></div></div></div></div>