<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">
Hi,
<div class=""><br class="">
</div>
<div class="">In the first case your keystore is /opt/midpoint/var/keystore.jceks. In the second case you use /opt/midpoint-4.0.1/var/keystore.jceks. You should also import your CA cert and not the server cert in your keystore. In a testing env where you don’t
have real users and password you can set the 'Allow untrusted SSL/TLS’-option on the AD resource.</div>
<div id="id4f5" class=""><i class="fa-info-circle fa fa-fw text-info" id="id37b" title="" data-toggle="tooltip" data-placement="right" data-original-title="If set to false (which is default and recommended), connector checks server certificate validity in SSL/TLS mode against system default truststore (e.g. Java cacerts). If set to true, connector does not check server certificate validity - do not use this option in the production environment."></i></div>
<div class=""><br class="">
</div>
<div class="">Best regards</div>
<div class="">Davy<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">Op 26 mei 2020, om 12:35 heeft Щенев Антон Вячеславович <<a href="mailto:anton.shchenev@beeper.ru" class="">anton.shchenev@beeper.ru</a>> het volgende geschreven:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Hi, Ivan,Davy<br class="">
Thanks for your reply<br class="">
I'm trying ssl(636 port) ..before that I 've got server certificate(openssl : openssl s_client -connect
<a href="http://server.mydomain.com:636" class="">server.mydomain.com:636</a>) and have imported (keytool -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass changeit -import -alias servercert -trustcacerts -file servercert.pem)<br class="">
After then I' ve modified ExecStart directive in the midpoint.service file and restarted midPoint.<br class="">
ExecStart=/usr/bin/java -Xmx12288m -Dmidpoint.home=/opt/midpoint-4.0.1/var -Djavax.net.ssl.trustStore=/opt/midpoint-4.0.1/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks -jar /opt/midpoint-4.0.1/lib/midpoint.war<br class="">
<br class="">
But I 'm getting all the time the same error as if the option(-Djavax.net.ssl.trustStore=/opt/midpoint-4.0.1/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks ) does not work<br class="">
<br class="">
<br class="">
Connection failed: org.identityconnectors.framework.common.exceptions.ConnectionFailedException(Unable to connect to LDAP
<a href="http://server.mydomain.com:636" class="">server.mydomain.com:636</a>: ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed, reason: Failed to build certification path: unable to find valid certification path to requested target<br class="">
<br class="">
How to make sure the option works?<br class="">
<br class="">
С уважением, <br class="">
Щенев Антон<br class="">
-----Original Message-----<br class="">
From: midPoint [<a href="mailto:midpoint-bounces@lists.evolveum.com" class="">mailto:midpoint-bounces@lists.evolveum.com</a>] On Behalf Of
<a href="mailto:midpoint-request@lists.evolveum.com" class="">midpoint-request@lists.evolveum.com</a><br class="">
Sent: Monday, May 25, 2020 4:23 PM<br class="">
To: <a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a><br class="">
Subject: midPoint Digest, Vol 97, Issue 54<br class="">
<br class="">
Send midPoint mailing list submissions to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a><br class="">
<br class="">
To subscribe or unsubscribe via the World Wide Web, visit<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
or, via email, send a message with subject or body 'help' to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">
<br class="">
You can reach the person managing the list at<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">
<br class="">
When replying, please edit your Subject line so it is more specific<br class="">
than "Re: Contents of midPoint digest..."<br class="">
<br class="">
<br class="">
Today's Topics:<br class="">
<br class="">
1. Re: Error add credential<br class="">
(Щенев Антон Вячеславович)<br class="">
2. Re: Error add credential (Davy Priem)<br class="">
3. Re: Error add credential (Ivan Noris)<br class="">
<br class="">
<br class="">
----------------------------------------------------------------------<br class="">
<br class="">
Message: 1<br class="">
Date: Mon, 25 May 2020 10:05:42 +0000<br class="">
From: Щенев Антон Вячеславович<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><anton.shchenev@beeper.ru><br class="">
To: "midpoint@lists.evolveum.com" <midpoint@lists.evolveum.com><br class="">
Subject: Re: [midPoint] Error add credential<br class="">
Message-ID:<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><651689E53CC19841968296084942E1E849E87158@ekt-asbt-mxs001.beeper.ru><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi, Ivan<br class="">
I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )<br class="">
I think that bind DN must be with the rights to change the password..<br class="">
<br class="">
<br class="">
<br class="">
С уважением, <br class="">
Щенев Антон<br class="">
<br class="">
-----Original Message-----<br class="">
From: midPoint [mailto:midpoint-bounces@lists.evolveum.com] On Behalf Of midpoint-request@lists.evolveum.com<br class="">
Sent: Monday, May 25, 2020 2:49 PM<br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: midPoint Digest, Vol 97, Issue 53<br class="">
<br class="">
Send midPoint mailing list submissions to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint@lists.evolveum.com<br class="">
<br class="">
To subscribe or unsubscribe via the World Wide Web, visit<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
or, via email, send a message with subject or body 'help' to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">
<br class="">
You can reach the person managing the list at<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">
<br class="">
When replying, please edit your Subject line so it is more specific<br class="">
than "Re: Contents of midPoint digest..."<br class="">
<br class="">
<br class="">
Today's Topics:<br class="">
<br class="">
1. Re: Error add credential (Ivan Noris)<br class="">
2. User password expiration notifications (Vladislavs Filipciks)<br class="">
3. Re: User password expiration notifications (Pálos Gustáv)<br class="">
<br class="">
<br class="">
----------------------------------------------------------------------<br class="">
<br class="">
Message: 1<br class="">
Date: Mon, 25 May 2020 08:17:03 +0200<br class="">
From: Ivan Noris <ivan.noris@evolveum.com><br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: Re: [midPoint] Error add credential<br class="">
Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c@evolveum.com><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi,<br class="">
<br class="">
if you get permission denied exception from AD, then the error probably<br class="">
happens somewhere else and not in the inbound password mapping you<br class="">
pasted. Is there any outbound mapping for password as well?<br class="">
<br class="">
Ivan<br class="">
<br class="">
On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:<br class="">
<blockquote type="cite" class=""><br class="">
Hi,<br class="">
<br class="">
I get<br class="">
error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error<br class="">
adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:<br class="">
DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))<br class="">
<br class="">
when I try to add user<br class="">
<br class="">
Is there not enough rights for this operation?<br class="">
It’s absolutely certain that this problem is due to a password.<br class="">
<br class="">
<br class="">
<br class="">
<credentials><br class="">
<br class="">
<password><br class="">
<br class="">
<inbound><br class="">
<br class="">
<strength>weak</strength><br class="">
<br class="">
<expression><br class="">
<br class="">
<script><br class="">
<br class="">
<code>basic.encrypt("??????????")</code><br class="">
<br class="">
</script><br class="">
<br class="">
</expression><br class="">
<br class="">
</inbound><br class="">
<br class="">
</password><br class="">
<br class="">
</credentials><br class="">
<br class="">
<br class="">
<br class="">
Описание: Описание: Описание: cid:image004.png@01D47D0D.3B8B0380<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
Суважением,<br class="">
<br class="">
Щенев Антон Вячеславович<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
</blockquote>
<br class="">
-- <br class="">
Ivan Noris<br class="">
Senior Identity Engineer<br class="">
evolveum.com<br class="">
<br class="">
-------------- next part --------------<br class="">
An HTML attachment was scrubbed...<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.htm><br class="">
-------------- next part --------------<br class="">
A non-text attachment was scrubbed...<br class="">
Name: image001.png<br class="">
Type: image/png<br class="">
Size: 1457 bytes<br class="">
Desc: not available<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.png><br class="">
<br class="">
------------------------------<br class="">
<br class="">
Message: 2<br class="">
Date: Mon, 25 May 2020 11:55:03 +0300 (EEST)<br class="">
From: Vladislavs Filipciks <vladislavs.filipciks@csolutions.lv><br class="">
To: midpoint <midpoint@lists.evolveum.com><br class="">
Subject: [midPoint] User password expiration notifications<br class="">
Message-ID:<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><24589014.5114809.1590396903451.JavaMail.zimbra@csolutions.lv><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hello, <br class="">
<br class="">
does MidPoint have any functionality to notify user about soon expiring password, that it should be changed?
<br class="">
I found possibility to notify user by e-mail about new password generated for him, but how to handle notification about expiring password? I didn't find any examples or topic in documentation for that.
<br class="">
<br class="">
Thank You in advance. <br class="">
<br class="">
<br class="">
<br class="">
<br class="">
-------------- next part --------------<br class="">
An HTML attachment was scrubbed...<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/96dae07d/attachment-0001.htm><br class="">
<br class="">
------------------------------<br class="">
<br class="">
Message: 3<br class="">
Date: Mon, 25 May 2020 11:48:19 +0200<br class="">
From: Pálos Gustáv <gustav.palos@gmail.com><br class="">
To: midPoint General Discussion <midpoint@lists.evolveum.com><br class="">
Subject: Re: [midPoint] User password expiration notifications<br class="">
Message-ID:<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><CAPXQVkema8VDymG5goPwSDV3yqKSD7mdRV-Bs2i=6QwvcW45OQ@mail.gmail.com><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi Vladislavs,<br class="">
<br class="">
please see:<br class="">
https://evolveum.com/how-to-notify-future-account-expiration/<br class="">
<br class="">
Best regards,<br class="">
<br class="">
Gustav<br class="">
<br class="">
po 25. 5. 2020 o 10:55 Vladislavs Filipciks <<br class="">
vladislavs.filipciks@csolutions.lv> napísal(a):<br class="">
<br class="">
<blockquote type="cite" class="">Hello,<br class="">
<br class="">
does MidPoint have any functionality to notify user about soon expiring<br class="">
password, that it should be changed?<br class="">
I found possibility to notify user by e-mail about new password generated<br class="">
for him, but how to handle notification about expiring password? I didn't<br class="">
find any examples or topic in documentation for that.<br class="">
<br class="">
Thank You in advance.<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
<br class="">
</blockquote>
<br class="">
<br class="">
-- <br class="">
s pozdravom<br class="">
<br class="">
Gustáv Pálos<br class="">
-------------- next part --------------<br class="">
An HTML attachment was scrubbed...<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/675f77c4/attachment.htm><br class="">
<br class="">
------------------------------<br class="">
<br class="">
Subject: Digest Footer<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
<br class="">
<br class="">
------------------------------<br class="">
<br class="">
End of midPoint Digest, Vol 97, Issue 53<br class="">
****************************************<br class="">
<br class="">
------------------------------<br class="">
<br class="">
Message: 2<br class="">
Date: Mon, 25 May 2020 10:45:15 +0000<br class="">
From: Davy Priem <davy.priem@vives.be><br class="">
To: midPoint General Discussion <midpoint@lists.evolveum.com><br class="">
Subject: Re: [midPoint] Error add credential<br class="">
Message-ID: <9358FD7B-E018-4912-96F0-8055054D42F9@vives.be><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi,<br class="">
<br class="">
You should also have a secure connection to the AD LDAP server.<br class="">
<br class="">
Best regards,<br class="">
Davy Priem<br class="">
<br class="">
<blockquote type="cite" class="">Op 25 mei 2020, om 12:05 heeft Щенев Антон Вячеславович <anton.shchenev@beeper.ru> het volgende geschreven:<br class="">
<br class="">
Hi, Ivan<br class="">
I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )<br class="">
I think that bind DN must be with the rights to change the password..<br class="">
<br class="">
<br class="">
<br class="">
С уважением, <br class="">
Щенев Антон<br class="">
<br class="">
-----Original Message-----<br class="">
From: midPoint [mailto:midpoint-bounces@lists.evolveum.com] On Behalf Of midpoint-request@lists.evolveum.com<br class="">
Sent: Monday, May 25, 2020 2:49 PM<br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: midPoint Digest, Vol 97, Issue 53<br class="">
<br class="">
Send midPoint mailing list submissions to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint@lists.evolveum.com<br class="">
<br class="">
To subscribe or unsubscribe via the World Wide Web, visit<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
or, via email, send a message with subject or body 'help' to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">
<br class="">
You can reach the person managing the list at<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">
<br class="">
When replying, please edit your Subject line so it is more specific<br class="">
than "Re: Contents of midPoint digest..."<br class="">
<br class="">
<br class="">
Today's Topics:<br class="">
<br class="">
1. Re: Error add credential (Ivan Noris)<br class="">
2. User password expiration notifications (Vladislavs Filipciks)<br class="">
3. Re: User password expiration notifications (Pálos Gustáv)<br class="">
<br class="">
<br class="">
----------------------------------------------------------------------<br class="">
<br class="">
Message: 1<br class="">
Date: Mon, 25 May 2020 08:17:03 +0200<br class="">
From: Ivan Noris <ivan.noris@evolveum.com><br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: Re: [midPoint] Error add credential<br class="">
Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c@evolveum.com><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi,<br class="">
<br class="">
if you get permission denied exception from AD, then the error probably<br class="">
happens somewhere else and not in the inbound password mapping you<br class="">
pasted. Is there any outbound mapping for password as well?<br class="">
<br class="">
Ivan<br class="">
<br class="">
On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:<br class="">
<blockquote type="cite" class=""><br class="">
Hi,<br class="">
<br class="">
I get<br class="">
error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error<br class="">
adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:<br class="">
DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))<br class="">
<br class="">
when I try to add user<br class="">
<br class="">
Is there not enough rights for this operation?<br class="">
It’s absolutely certain that this problem is due to a password.<br class="">
<br class="">
<br class="">
<br class="">
<credentials><br class="">
<br class="">
<password><br class="">
<br class="">
<inbound><br class="">
<br class="">
<strength>weak</strength><br class="">
<br class="">
<expression><br class="">
<br class="">
<script><br class="">
<br class="">
<code>basic.encrypt("??????????")</code><br class="">
<br class="">
</script><br class="">
<br class="">
</expression><br class="">
<br class="">
</inbound><br class="">
<br class="">
</password><br class="">
<br class="">
</credentials><br class="">
<br class="">
<br class="">
<br class="">
Описание: Описание: Описание: cid:image004.png@01D47D0D.3B8B0380<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
Суважением,<br class="">
<br class="">
Щенев Антон Вячеславович<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
</blockquote>
<br class="">
-- <br class="">
Ivan Noris<br class="">
Senior Identity Engineer<br class="">
evolveum.com<br class="">
<br class="">
-------------- next part --------------<br class="">
An HTML attachment was scrubbed...<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.htm><br class="">
-------------- next part --------------<br class="">
A non-text attachment was scrubbed...<br class="">
Name: image001.png<br class="">
Type: image/png<br class="">
Size: 1457 bytes<br class="">
Desc: not available<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/bdcb7784/attachment-0001.png><br class="">
<br class="">
------------------------------<br class="">
<br class="">
Message: 2<br class="">
Date: Mon, 25 May 2020 11:55:03 +0300 (EEST)<br class="">
From: Vladislavs Filipciks <vladislavs.filipciks@csolutions.lv><br class="">
To: midpoint <midpoint@lists.evolveum.com><br class="">
Subject: [midPoint] User password expiration notifications<br class="">
Message-ID:<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><24589014.5114809.1590396903451.JavaMail.zimbra@csolutions.lv><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hello, <br class="">
<br class="">
does MidPoint have any functionality to notify user about soon expiring password, that it should be changed?
<br class="">
I found possibility to notify user by e-mail about new password generated for him, but how to handle notification about expiring password? I didn't find any examples or topic in documentation for that.
<br class="">
<br class="">
Thank You in advance. <br class="">
<br class="">
<br class="">
<br class="">
<br class="">
-------------- next part --------------<br class="">
An HTML attachment was scrubbed...<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/96dae07d/attachment-0001.htm><br class="">
<br class="">
------------------------------<br class="">
<br class="">
Message: 3<br class="">
Date: Mon, 25 May 2020 11:48:19 +0200<br class="">
From: Pálos Gustáv <gustav.palos@gmail.com><br class="">
To: midPoint General Discussion <midpoint@lists.evolveum.com><br class="">
Subject: Re: [midPoint] User password expiration notifications<br class="">
Message-ID:<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><CAPXQVkema8VDymG5goPwSDV3yqKSD7mdRV-Bs2i=6QwvcW45OQ@mail.gmail.com><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi Vladislavs,<br class="">
<br class="">
please see:<br class="">
https://evolveum.com/how-to-notify-future-account-expiration/<br class="">
<br class="">
Best regards,<br class="">
<br class="">
Gustav<br class="">
<br class="">
po 25. 5. 2020 o 10:55 Vladislavs Filipciks <<br class="">
vladislavs.filipciks@csolutions.lv> napísal(a):<br class="">
<br class="">
<blockquote type="cite" class="">Hello,<br class="">
<br class="">
does MidPoint have any functionality to notify user about soon expiring<br class="">
password, that it should be changed?<br class="">
I found possibility to notify user by e-mail about new password generated<br class="">
for him, but how to handle notification about expiring password? I didn't<br class="">
find any examples or topic in documentation for that.<br class="">
<br class="">
Thank You in advance.<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
<br class="">
</blockquote>
<br class="">
<br class="">
-- <br class="">
s pozdravom<br class="">
<br class="">
Gustáv Pálos<br class="">
-------------- next part --------------<br class="">
An HTML attachment was scrubbed...<br class="">
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200525/675f77c4/attachment.htm><br class="">
<br class="">
------------------------------<br class="">
<br class="">
Subject: Digest Footer<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
<br class="">
<br class="">
------------------------------<br class="">
<br class="">
End of midPoint Digest, Vol 97, Issue 53<br class="">
****************************************<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
</blockquote>
<br class="">
<br class="">
------------------------------<br class="">
<br class="">
Message: 3<br class="">
Date: Mon, 25 May 2020 13:22:56 +0200<br class="">
From: Ivan Noris <ivan.noris@evolveum.com><br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: Re: [midPoint] Error add credential<br class="">
Message-ID: <95d2173f-ad65-bfd9-1243-1a8089507d5e@evolveum.com><br class="">
Content-Type: text/plain; charset=utf-8<br class="">
<br class="">
Hi Anton,<br class="">
<br class="">
yes, definitely should have permissions for that.<br class="">
<br class="">
Please check in<br class="">
https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector<br class="">
<br class="">
"Reset user passwords and force password change at next logon"<br class="">
<br class="">
And as Davy mentioned, you also need to go with port 636 and not 389.<br class="">
<br class="">
Last thing I remember is that AD has its own password complexity<br class="">
checking and your password cannot contain username or some other AD<br class="">
account attributes. You would get Unwilling to perform then.<br class="">
<br class="">
If you encounter any incorrect documentation, please let us know.<br class="">
<br class="">
Thanks.<br class="">
<br class="">
Best regards,<br class="">
<br class="">
Ivan<br class="">
<br class="">
On 25. 5. 2020 12:05, Щенев Антон Вячеславович wrote:<br class="">
<blockquote type="cite" class="">Hi, Ivan<br class="">
I apologize for my carelessness, of courses I used <outbound>(copy-past from other script very similar )<br class="">
I think that bind DN must be with the rights to change the password..<br class="">
<br class="">
<br class="">
<br class="">
С уважением, <br class="">
Щенев Антон<br class="">
<br class="">
-----Original Message-----<br class="">
From: midPoint [mailto:midpoint-bounces@lists.evolveum.com] On Behalf Of midpoint-request@lists.evolveum.com<br class="">
Sent: Monday, May 25, 2020 2:49 PM<br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: midPoint Digest, Vol 97, Issue 53<br class="">
<br class="">
Send midPoint mailing list submissions to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint@lists.evolveum.com<br class="">
<br class="">
To subscribe or unsubscribe via the World Wide Web, visit<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
or, via email, send a message with subject or body 'help' to<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-request@lists.evolveum.com<br class="">
<br class="">
You can reach the person managing the list at<br class="">
<span class="Apple-tab-span" style="white-space:pre"></span>midpoint-owner@lists.evolveum.com<br class="">
<br class="">
When replying, please edit your Subject line so it is more specific<br class="">
than "Re: Contents of midPoint digest..."<br class="">
<br class="">
<br class="">
Today's Topics:<br class="">
<br class="">
1. Re: Error add credential (Ivan Noris)<br class="">
2. User password expiration notifications (Vladislavs Filipciks)<br class="">
3. Re: User password expiration notifications (Pálos Gustáv)<br class="">
<br class="">
<br class="">
----------------------------------------------------------------------<br class="">
<br class="">
Message: 1<br class="">
Date: Mon, 25 May 2020 08:17:03 +0200<br class="">
From: Ivan Noris <ivan.noris@evolveum.com><br class="">
To: midpoint@lists.evolveum.com<br class="">
Subject: Re: [midPoint] Error add credential<br class="">
Message-ID: <27dda94a-a83f-8222-1790-ff34ca25a01c@evolveum.com><br class="">
Content-Type: text/plain; charset="utf-8"<br class="">
<br class="">
Hi,<br class="">
<br class="">
if you get permission denied exception from AD, then the error probably<br class="">
happens somewhere else and not in the inbound password mapping you<br class="">
pasted. Is there any outbound mapping for password as well?<br class="">
<br class="">
Ivan<br class="">
<br class="">
On 23. 5. 2020 17:14, Щенев Антон Вячеславович wrote:<br class="">
<blockquote type="cite" class="">Hi,<br class="">
<br class="">
I get<br class="">
error(org.identityconnectors.framework.common.exceptions.PermissionDeniedException(Error<br class="">
adding LDAP entry CN=????: unwillingToPerform: 0000001F: SvcErr:<br class="">
DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0?? (53)))<br class="">
<br class="">
when I try to add user<br class="">
<br class="">
Is there not enough rights for this operation?<br class="">
It’s absolutely certain that this problem is due to a password.<br class="">
<br class="">
<br class="">
<br class="">
<credentials><br class="">
<br class="">
<password><br class="">
<br class="">
<inbound><br class="">
<br class="">
<strength>weak</strength><br class="">
<br class="">
<expression><br class="">
<br class="">
<script><br class="">
<br class="">
<code>basic.encrypt("??????????")</code><br class="">
<br class="">
</script><br class="">
<br class="">
</expression><br class="">
<br class="">
</inbound><br class="">
<br class="">
</password><br class="">
<br class="">
</credentials><br class="">
<br class="">
<br class="">
<br class="">
Описание: Описание: Описание: cid:image004.png@01D47D0D.3B8B0380<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
Суважением,<br class="">
<br class="">
Щенев Антон Вячеславович<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
</blockquote>
</blockquote>
<br class="">
-- <br class="">
Ivan Noris<br class="">
Senior Identity Engineer<br class="">
evolveum.com<br class="">
<br class="">
<br class="">
<br class="">
------------------------------<br class="">
<br class="">
Subject: Digest Footer<br class="">
<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
<br class="">
<br class="">
------------------------------<br class="">
<br class="">
End of midPoint Digest, Vol 97, Issue 54<br class="">
****************************************<br class="">
_______________________________________________<br class="">
midPoint mailing list<br class="">
midPoint@lists.evolveum.com<br class="">
https://lists.evolveum.com/mailman/listinfo/midpoint<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>