<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

Hi,

<div class=""><br class="">

</div>

<div class="">In the first case your keystore is /opt/midpoint/var/keystore.jceks. In the second case you use /opt/midpoint-4.0.1/var/keystore.jceks. You should also import your CA cert and not the server cert in your keystore.  In a testing env where you don’t

 have real users and password you can set the 'Allow untrusted SSL/TLS’-option on the AD resource.</div>

<div id="id4f5" class=""><i class="fa-info-circle fa fa-fw text-info" id="id37b" title="" data-toggle="tooltip" data-placement="right" data-original-title="If set to false (which is default and recommended), connector checks server certificate validity in SSL/TLS mode against system default truststore (e.g. Java cacerts). If set to true, connector does not check server certificate validity - do not use this option in the production environment."></i></div>

<div class=""><br class="">

</div>

<div class="">Best regards</div>

<div class="">Davy<br class="">

<div><br class="">

<blockquote type="cite" class="">

<div class="">Op 26 mei 2020, om 12:35 heeft Щенев Антон Вячеславович <<a href="mailto:anton.shchenev@beeper.ru" class="">anton.shchenev@beeper.ru</a>> het volgende geschreven:</div>

<br class="Apple-interchange-newline">

<div class="">

<div class="">Hi, Ivan,Davy<br class="">

Thanks for your reply<br class="">

I'm  trying  ssl(636 port)  ..before that  I 've  got server certificate(openssl : openssl s_client -connect

<a href="http://server.mydomain.com:636" class="">server.mydomain.com:636</a>) and have imported (keytool -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass changeit -import -alias servercert -trustcacerts -file servercert.pem)<br class="">

After then I' ve modified ExecStart directive in the midpoint.service file and restarted midPoint.<br class="">

ExecStart=/usr/bin/java -Xmx12288m -Dmidpoint.home=/opt/midpoint-4.0.1/var  -Djavax.net.ssl.trustStore=/opt/midpoint-4.0.1/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks  -jar /opt/midpoint-4.0.1/lib/midpoint.war<br class="">

<br class="">

But I 'm getting all the time the same error as if the option(-Djavax.net.ssl.trustStore=/opt/midpoint-4.0.1/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks  ) does not work<br class="">

<br class="">

<br class="">

Connection failed: org.identityconnectors.framework.common.exceptions.ConnectionFailedException(Unable to connect to LDAP

<a href="http://server.mydomain.com:636" class="">server.mydomain.com:636</a>: ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed, reason: Failed to build certification path: unable to find valid certification path to requested target<br class="">

<br class="">

How to make sure  the option works?<br class="">

<br class="">

С уважением, <br class="">

Щенев Антон<br class="">

-----Original Message-----<br class="">

From: midPoint [<a href="mailto:midpoint-bounces@lists.evolveum.com" class="">mailto:midpoint-bounces@lists.evolveum.com</a>] On Behalf Of

<a href="mailto:midpoint-request@lists.evolveum.com" class="">midpoint-request@lists.evolveum.com</a><br class="">

Sent: Monday, May 25, 2020 4:23 PM<br class="">

To: <a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a><br class="">

Subject: midPoint Digest, Vol 97, Issue 54<br class="">

<br class="">

Send midPoint mailing list submissions to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a><br class="">

<br class="">

To subscribe or unsubscribe via the World Wide Web, visit<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

or, via email, send a message with subject or body 'help' to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">

<br class="">

You can reach the person managing the list at<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">

<br class="">

When replying, please edit your Subject line so it is more specific<br class="">

than "Re: Contents of midPoint digest..."<br class="">

<br class="">

<br class="">

Today's Topics:<br class="">

<br class="">

  1. Re: Error add credential<br class="">

     (Щенев Антон Вячеславович)<br class="">

  2. Re: Error add credential (Davy Priem)<br class="">

  3. Re: Error add credential (Ivan Noris)<br class="">

<br class="">

<br class="">

----------------------------------------------------------------------<br class="">

<br class="">

Message: 1<br class="">

Date: Mon, 25 May 2020 10:05:42 +0000<br class="">

From: Щенев Антон Вячеславович<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><anton.shchenev@beeper.ru><br class="">

To: "midpoint@lists.evolveum.com" <midpoint@lists.evolveum.com><br class="">

Subject: Re: [midPoint] Error add credential<br class="">

Message-ID:<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><651689E53CC19841968296084942E1E849E87158@ekt-asbt-mxs001.beeper.ru><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi, Ivan<br class="">

I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )<br class="">

I think that  bind DN  must be with the rights to change the password..<br class="">

<br class="">

<br class="">

<br class="">

С уважением, <br class="">

Щенев Антон<br class="">

<br class="">

-----Original Message-----<br class="">

From: midPoint [mailto:midpoint-bounces@lists.evolveum.com] On Behalf Of midpoint-request@lists.evolveum.com<br class="">

Sent: Monday, May 25, 2020 2:49 PM<br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: midPoint Digest, Vol 97, Issue 53<br class="">

<br class="">

Send midPoint mailing list submissions to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint@lists.evolveum.com<br class="">

<br class="">

To subscribe or unsubscribe via the World Wide Web, visit<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

or, via email, send a message with subject or body 'help' to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">

<br class="">

You can reach the person managing the list at<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">

<br class="">

When replying, please edit your Subject line so it is more specific<br class="">

than "Re: Contents of midPoint digest..."<br class="">

<br class="">

<br class="">

Today's Topics:<br class="">

<br class="">

  1. Re: Error add credential (Ivan Noris)<br class="">

  2. User password expiration notifications (Vladislavs Filipciks)<br class="">

  3. Re: User password expiration notifications (Pálos Gustáv)<br class="">

<br class="">

<br class="">

----------------------------------------------------------------------<br class="">

<br class="">

Message: 1<br class="">

Date: Mon, 25 May 2020 08:17:03 +0200<br class="">

From: Ivan Noris <ivan.noris@evolveum.com><br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: Re: [midPoint] Error add credential<br class="">

Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c@evolveum.com><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi,<br class="">

<br class="">

if you get permission denied exception from AD, then the error probably<br class="">

happens somewhere else and not in the inbound password mapping you<br class="">

pasted. Is there any outbound mapping for password as well?<br class="">

<br class="">

Ivan<br class="">

<br class="">

On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:<br class="">

<blockquote type="cite" class=""><br class="">

Hi,<br class="">

<br class="">

I get<br class="">

error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error<br class="">

adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:<br class="">

DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))<br class="">

<br class="">

when I try to add user<br class="">

<br class="">

Is there not enough rights for this operation?<br class="">

It’s absolutely certain that this problem is due to a password.<br class="">

<br class="">

 <br class="">

<br class="">

<credentials><br class="">

<br class="">

            <password><br class="">

<br class="">

               <inbound><br class="">

<br class="">

                  <strength>weak</strength><br class="">

<br class="">

                  <expression><br class="">

<br class="">

                     <script><br class="">

<br class="">

                        <code>basic.encrypt("??????????")</code><br class="">

<br class="">

                     </script><br class="">

<br class="">

                  </expression><br class="">

<br class="">

               </inbound><br class="">

<br class="">

            </password><br class="">

<br class="">

         </credentials><br class="">

<br class="">

 <br class="">

<br class="">

Описание: Описание: Описание: cid:image004.png@01D47D0D.3B8B0380<br class="">

<br class="">

 <br class="">

<br class="">

 <br class="">

<br class="">

Суважением,<br class="">

<br class="">

Щенев Антон Вячеславович<br class="">

<br class="">

 <br class="">

<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

</blockquote>

<br class="">

-- <br class="">

Ivan Noris<br class="">

Senior Identity Engineer<br class="">

evolveum.com<br class="">

<br class="">

-------------- next part --------------<br class="">

An HTML attachment was scrubbed...<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.htm><br class="">

-------------- next part --------------<br class="">

A non-text attachment was scrubbed...<br class="">

Name: image001.png<br class="">

Type: image/png<br class="">

Size: 1457 bytes<br class="">

Desc: not available<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.png><br class="">

<br class="">

------------------------------<br class="">

<br class="">

Message: 2<br class="">

Date: Mon, 25 May 2020 11:55:03 +0300 (EEST)<br class="">

From: Vladislavs Filipciks <vladislavs.filipciks@csolutions.lv><br class="">

To: midpoint <midpoint@lists.evolveum.com><br class="">

Subject: [midPoint] User password expiration notifications<br class="">

Message-ID:<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><24589014.5114809.1590396903451.JavaMail.zimbra@csolutions.lv><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hello, <br class="">

<br class="">

does MidPoint have any functionality to notify user about soon expiring password, that it should be changed?

<br class="">

I found possibility to notify user by e-mail about new password generated for him, but how to handle notification about expiring password? I didn't find any examples or topic in documentation for that.

<br class="">

<br class="">

Thank You in advance. <br class="">

<br class="">

<br class="">

<br class="">

<br class="">

-------------- next part --------------<br class="">

An HTML attachment was scrubbed...<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/96dae07d/attachment-0001.htm><br class="">

<br class="">

------------------------------<br class="">

<br class="">

Message: 3<br class="">

Date: Mon, 25 May 2020 11:48:19 +0200<br class="">

From: Pálos Gustáv <gustav.palos@gmail.com><br class="">

To: midPoint General Discussion <midpoint@lists.evolveum.com><br class="">

Subject: Re: [midPoint] User password expiration notifications<br class="">

Message-ID:<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><CAPXQVkema8VDymG5goPwSDV3yqKSD7mdRV-Bs2i=6QwvcW45OQ@mail.gmail.com><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi Vladislavs,<br class="">

<br class="">

please see:<br class="">

https://evolveum.com/how-to-notify-future-account-expiration/<br class="">

<br class="">

Best regards,<br class="">

<br class="">

Gustav<br class="">

<br class="">

po 25. 5. 2020 o 10:55 Vladislavs Filipciks <<br class="">

vladislavs.filipciks@csolutions.lv> napísal(a):<br class="">

<br class="">

<blockquote type="cite" class="">Hello,<br class="">

<br class="">

does MidPoint have any functionality to notify user about soon expiring<br class="">

password, that it should be changed?<br class="">

I found possibility to notify user by e-mail about new password generated<br class="">

for him, but how to handle notification about expiring password? I didn't<br class="">

find any examples or topic in documentation for that.<br class="">

<br class="">

Thank You in advance.<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

<br class="">

</blockquote>

<br class="">

<br class="">

-- <br class="">

s pozdravom<br class="">

<br class="">

Gustáv Pálos<br class="">

-------------- next part --------------<br class="">

An HTML attachment was scrubbed...<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/675f77c4/attachment.htm><br class="">

<br class="">

------------------------------<br class="">

<br class="">

Subject: Digest Footer<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

<br class="">

<br class="">

------------------------------<br class="">

<br class="">

End of midPoint Digest, Vol 97, Issue 53<br class="">

****************************************<br class="">

<br class="">

------------------------------<br class="">

<br class="">

Message: 2<br class="">

Date: Mon, 25 May 2020 10:45:15 +0000<br class="">

From: Davy Priem <davy.priem@vives.be><br class="">

To: midPoint General Discussion <midpoint@lists.evolveum.com><br class="">

Subject: Re: [midPoint] Error add credential<br class="">

Message-ID: <9358FD7B-E018-4912-96F0-8055054D42F9@vives.be><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi,<br class="">

<br class="">

You should also have a secure connection to the AD LDAP server.<br class="">

<br class="">

Best regards,<br class="">

Davy Priem<br class="">

<br class="">

<blockquote type="cite" class="">Op 25 mei 2020, om 12:05 heeft Щенев Антон Вячеславович <anton.shchenev@beeper.ru> het volgende geschreven:<br class="">

<br class="">

Hi, Ivan<br class="">

I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )<br class="">

I think that  bind DN  must be with the rights to change the password..<br class="">

<br class="">

<br class="">

<br class="">

С уважением, <br class="">

Щенев Антон<br class="">

<br class="">

-----Original Message-----<br class="">

From: midPoint [mailto:midpoint-bounces@lists.evolveum.com] On Behalf Of midpoint-request@lists.evolveum.com<br class="">

Sent: Monday, May 25, 2020 2:49 PM<br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: midPoint Digest, Vol 97, Issue 53<br class="">

<br class="">

Send midPoint mailing list submissions to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint@lists.evolveum.com<br class="">

<br class="">

To subscribe or unsubscribe via the World Wide Web, visit<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

or, via email, send a message with subject or body 'help' to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">

<br class="">

You can reach the person managing the list at<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">

<br class="">

When replying, please edit your Subject line so it is more specific<br class="">

than "Re: Contents of midPoint digest..."<br class="">

<br class="">

<br class="">

Today's Topics:<br class="">

<br class="">

 1. Re: Error add credential (Ivan Noris)<br class="">

 2. User password expiration notifications (Vladislavs Filipciks)<br class="">

 3. Re: User password expiration notifications (Pálos Gustáv)<br class="">

<br class="">

<br class="">

----------------------------------------------------------------------<br class="">

<br class="">

Message: 1<br class="">

Date: Mon, 25 May 2020 08:17:03 +0200<br class="">

From: Ivan Noris <ivan.noris@evolveum.com><br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: Re: [midPoint] Error add credential<br class="">

Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c@evolveum.com><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi,<br class="">

<br class="">

if you get permission denied exception from AD, then the error probably<br class="">

happens somewhere else and not in the inbound password mapping you<br class="">

pasted. Is there any outbound mapping for password as well?<br class="">

<br class="">

Ivan<br class="">

<br class="">

On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:<br class="">

<blockquote type="cite" class=""><br class="">

Hi,<br class="">

<br class="">

I get<br class="">

error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error<br class="">

adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:<br class="">

DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))<br class="">

<br class="">

when I try to add user<br class="">

<br class="">

Is there not enough rights for this operation?<br class="">

It’s absolutely certain that this problem is due to a password.<br class="">

<br class="">

<br class="">

<br class="">

<credentials><br class="">

<br class="">

           <password><br class="">

<br class="">

              <inbound><br class="">

<br class="">

                 <strength>weak</strength><br class="">

<br class="">

                 <expression><br class="">

<br class="">

                    <script><br class="">

<br class="">

                       <code>basic.encrypt("??????????")</code><br class="">

<br class="">

                    </script><br class="">

<br class="">

                 </expression><br class="">

<br class="">

              </inbound><br class="">

<br class="">

           </password><br class="">

<br class="">

        </credentials><br class="">

<br class="">

<br class="">

<br class="">

Описание: Описание: Описание: cid:image004.png@01D47D0D.3B8B0380<br class="">

<br class="">

<br class="">

<br class="">

<br class="">

<br class="">

Суважением,<br class="">

<br class="">

Щенев Антон Вячеславович<br class="">

<br class="">

<br class="">

<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

</blockquote>

<br class="">

-- <br class="">

Ivan Noris<br class="">

Senior Identity Engineer<br class="">

evolveum.com<br class="">

<br class="">

-------------- next part --------------<br class="">

An HTML attachment was scrubbed...<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.htm><br class="">

-------------- next part --------------<br class="">

A non-text attachment was scrubbed...<br class="">

Name: image001.png<br class="">

Type: image/png<br class="">

Size: 1457 bytes<br class="">

Desc: not available<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.png><br class="">

<br class="">

------------------------------<br class="">

<br class="">

Message: 2<br class="">

Date: Mon, 25 May 2020 11:55:03 +0300 (EEST)<br class="">

From: Vladislavs Filipciks <vladislavs.filipciks@csolutions.lv><br class="">

To: midpoint <midpoint@lists.evolveum.com><br class="">

Subject: [midPoint] User password expiration notifications<br class="">

Message-ID:<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><24589014.5114809.1590396903451.JavaMail.zimbra@csolutions.lv><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hello, <br class="">

<br class="">

does MidPoint have any functionality to notify user about soon expiring password, that it should be changed?

<br class="">

I found possibility to notify user by e-mail about new password generated for him, but how to handle notification about expiring password? I didn't find any examples or topic in documentation for that.

<br class="">

<br class="">

Thank You in advance. <br class="">

<br class="">

<br class="">

<br class="">

<br class="">

-------------- next part --------------<br class="">

An HTML attachment was scrubbed...<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/96dae07d/attachment-0001.htm><br class="">

<br class="">

------------------------------<br class="">

<br class="">

Message: 3<br class="">

Date: Mon, 25 May 2020 11:48:19 +0200<br class="">

From: Pálos Gustáv <gustav.palos@gmail.com><br class="">

To: midPoint General Discussion <midpoint@lists.evolveum.com><br class="">

Subject: Re: [midPoint] User password expiration notifications<br class="">

Message-ID:<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span><CAPXQVkema8VDymG5goPwSDV3yqKSD7mdRV-Bs2i=6QwvcW45OQ@mail.gmail.com><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi Vladislavs,<br class="">

<br class="">

please see:<br class="">

https://evolveum.com/how-to-notify-future-account-expiration/<br class="">

<br class="">

Best regards,<br class="">

<br class="">

Gustav<br class="">

<br class="">

po 25. 5. 2020 o 10:55 Vladislavs Filipciks <<br class="">

vladislavs.filipciks@csolutions.lv> napísal(a):<br class="">

<br class="">

<blockquote type="cite" class="">Hello,<br class="">

<br class="">

does MidPoint have any functionality to notify user about soon expiring<br class="">

password, that it should be changed?<br class="">

I found possibility to notify user by e-mail about new password generated<br class="">

for him, but how to handle notification about expiring password? I didn't<br class="">

find any examples or topic in documentation for that.<br class="">

<br class="">

Thank You in advance.<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

<br class="">

</blockquote>

<br class="">

<br class="">

-- <br class="">

s pozdravom<br class="">

<br class="">

Gustáv Pálos<br class="">

-------------- next part --------------<br class="">

An HTML attachment was scrubbed...<br class="">

URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/675f77c4/attachment.htm><br class="">

<br class="">

------------------------------<br class="">

<br class="">

Subject: Digest Footer<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

<br class="">

<br class="">

------------------------------<br class="">

<br class="">

End of midPoint Digest, Vol 97, Issue 53<br class="">

****************************************<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

</blockquote>

<br class="">

<br class="">

------------------------------<br class="">

<br class="">

Message: 3<br class="">

Date: Mon, 25 May 2020 13:22:56 +0200<br class="">

From: Ivan Noris <ivan.noris@evolveum.com><br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: Re: [midPoint] Error add credential<br class="">

Message-ID: <95d2173f-ad65-bfd9-1243-1a8089507d5e@evolveum.com><br class="">

Content-Type: text/plain; charset=utf-8<br class="">

<br class="">

Hi Anton,<br class="">

<br class="">

yes, definitely should have permissions for that.<br class="">

<br class="">

Please check in<br class="">

https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector<br class="">

<br class="">

"Reset user passwords and force password change at next logon"<br class="">

<br class="">

And as Davy mentioned, you also need to go with port 636 and not 389.<br class="">

<br class="">

Last thing I remember is that AD has its own password complexity<br class="">

checking and your password cannot contain username or some other AD<br class="">

account attributes. You would get Unwilling to perform then.<br class="">

<br class="">

If you encounter any incorrect documentation, please let us know.<br class="">

<br class="">

Thanks.<br class="">

<br class="">

Best regards,<br class="">

<br class="">

Ivan<br class="">

<br class="">

On 25. 5. 2020 12:05, Щенев Антон Вячеславович wrote:<br class="">

<blockquote type="cite" class="">Hi, Ivan<br class="">

I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )<br class="">

I think that  bind DN  must be with the rights to change the password..<br class="">

<br class="">

<br class="">

<br class="">

С уважением, <br class="">

Щенев Антон<br class="">

<br class="">

-----Original Message-----<br class="">

From: midPoint [mailto:midpoint-bounces@lists.evolveum.com] On Behalf Of midpoint-request@lists.evolveum.com<br class="">

Sent: Monday, May 25, 2020 2:49 PM<br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: midPoint Digest, Vol 97, Issue 53<br class="">

<br class="">

Send midPoint mailing list submissions to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint@lists.evolveum.com<br class="">

<br class="">

To subscribe or unsubscribe via the World Wide Web, visit<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

or, via email, send a message with subject or body 'help' to<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">

<br class="">

You can reach the person managing the list at<br class="">

<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">

<br class="">

When replying, please edit your Subject line so it is more specific<br class="">

than "Re: Contents of midPoint digest..."<br class="">

<br class="">

<br class="">

Today's Topics:<br class="">

<br class="">

  1. Re: Error add credential (Ivan Noris)<br class="">

  2. User password expiration notifications (Vladislavs Filipciks)<br class="">

  3. Re: User password expiration notifications (Pálos Gustáv)<br class="">

<br class="">

<br class="">

----------------------------------------------------------------------<br class="">

<br class="">

Message: 1<br class="">

Date: Mon, 25 May 2020 08:17:03 +0200<br class="">

From: Ivan Noris <ivan.noris@evolveum.com><br class="">

To: midpoint@lists.evolveum.com<br class="">

Subject: Re: [midPoint] Error add credential<br class="">

Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c@evolveum.com><br class="">

Content-Type: text/plain; charset="utf-8"<br class="">

<br class="">

Hi,<br class="">

<br class="">

if you get permission denied exception from AD, then the error probably<br class="">

happens somewhere else and not in the inbound password mapping you<br class="">

pasted. Is there any outbound mapping for password as well?<br class="">

<br class="">

Ivan<br class="">

<br class="">

On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:<br class="">

<blockquote type="cite" class="">Hi,<br class="">

<br class="">

I get<br class="">

error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error<br class="">

adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:<br class="">

DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))<br class="">

<br class="">

when I try to add user<br class="">

<br class="">

Is there not enough rights for this operation?<br class="">

It’s absolutely certain that this problem is due to a password.<br class="">

<br class="">

 <br class="">

<br class="">

<credentials><br class="">

<br class="">

            <password><br class="">

<br class="">

               <inbound><br class="">

<br class="">

                  <strength>weak</strength><br class="">

<br class="">

                  <expression><br class="">

<br class="">

                     <script><br class="">

<br class="">

                        <code>basic.encrypt("??????????")</code><br class="">

<br class="">

                     </script><br class="">

<br class="">

                  </expression><br class="">

<br class="">

               </inbound><br class="">

<br class="">

            </password><br class="">

<br class="">

         </credentials><br class="">

<br class="">

 <br class="">

<br class="">

Описание: Описание: Описание: cid:image004.png@01D47D0D.3B8B0380<br class="">

<br class="">

 <br class="">

<br class="">

 <br class="">

<br class="">

Суважением,<br class="">

<br class="">

Щенев Антон Вячеславович<br class="">

<br class="">

 <br class="">

<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

</blockquote>

</blockquote>

<br class="">

-- <br class="">

Ivan Noris<br class="">

Senior Identity Engineer<br class="">

evolveum.com<br class="">

<br class="">

<br class="">

<br class="">

------------------------------<br class="">

<br class="">

Subject: Digest Footer<br class="">

<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

<br class="">

<br class="">

------------------------------<br class="">

<br class="">

End of midPoint Digest, Vol 97, Issue 54<br class="">

****************************************<br class="">

_______________________________________________<br class="">

midPoint mailing list<br class="">

midPoint@lists.evolveum.com<br class="">

https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">

</div>

</div>

</blockquote>

</div>

<br class="">

</div>

</body>

</html>