<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<p>Hi Chris,</p>
<p>I hit that problem with an attribute named "id" in a connector I
was writing, that one wasn't a lot of fun to track down. I've seen
this "shadow without attributes" thing in other connectors, I
think there is something fundamental I'm not understanding about
cases where midPoint isn't managing the Accounts in the resource,
but I still want it to read or right information about those
Accounts.</p>
<p>Thanks,</p>
<p>Ethan<br>
</p>
<div class="moz-cite-prefix">On 9/15/20 11:15 AM, Chris Woods wrote:<br>
</div>
<blockquote type="cite" cite="mid:17492555520.278b.b31242745c19d1e738abf173820fc831@cmwoods.com">
<div dir="auto">
<div dir="auto">Hi Ethan, </div>
<div dir="auto"><br>
</div>
<div dir="auto">We are using the connector too. I think there
are a few bugs in the connector. All of our broken shadows
came from this connector (the schema has an "id" attribute
that causes problems in midPoint) </div>
<div dir="auto"><br>
</div>
<div dir="auto">I will be doing the same as you next week, so I
can report back then if you like. At the moment we are only
provisioning user accounts. </div>
<div dir="auto"><br>
</div>
<div dir="auto">Regards, </div>
<div dir="auto">Chris</div>
<div dir="auto"><br>
</div>
<div id="aqm-original" style="color: black;">
<div dir="auto">Am 15. September 2020 16:45:59 schrieb Ethan
Kromhout via midPoint <a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a>:</div>
<div><br>
</div>
<blockquote type="cite" class="gmail_quote" style="margin: 0 0
0 0.75ex; border-left: 1px solid #808080; padding-left:
0.75ex;">
<div dir="auto">I'm working with the experimental MS Graph
connector to Azure AD. My </div>
<div dir="auto">initial use case is just creating groups and
updating memberships, so my </div>
<div dir="auto">mappings are just an association for the
AccountObjectClass and a more </div>
<div dir="auto">complete set of mappings for the
GroupObjectClass. The schema this </div>
<div dir="auto">connector generates contain no mandatory
attributes, e.g. nothing is </div>
<div dir="auto">marked minOccurs="1".. Group creation is
working just fine, but I'm </div>
<div dir="auto">having a problem with the membership
management. If I go into a user </div>
<div dir="auto">who is a member of an organization that
should connect the user to the </div>
<div dir="auto">Azure AD group, and preview a reconciliation
change, it sees that it </div>
<div dir="auto">should add the Azure AD group, but when I
hit save on the user, the </div>
<div dir="auto">change fails with this error:</div>
<div dir="auto"><br>
</div>
<div dir="auto">2020-09-15 14:22:05,611 [MODEL]
[pool-3-thread-16] WARN </div>
<div dir="auto">(com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor): </div>
<div dir="auto">Can't do reconciliation. Account context
doesn't contain current version </div>
<div dir="auto">of account.</div>
<div dir="auto">2020-09-15 14:22:05,820 [MODEL]
[pool-3-thread-16] ERROR </div>
<div dir="auto">(com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl): </div>
<div dir="auto">Attempt to add shadow without any
attributes: shadow:null(null)</div>
<div dir="auto">com.evolveum.midpoint.util.exception.SchemaException:
Attempt to add </div>
<div dir="auto">shadow without any attributes:
shadow:null(null)</div>
<div dir="auto"> at </div>
<div dir="auto">com.evolveum.midpoint.provisioning.impl.ShadowCache.addShadowAttempt(ShadowCache.java:508)</div>
<div dir="auto"><br>
</div>
<div dir="auto">And indeed, no Account shadow is created for
the Azure AD resource for </div>
<div dir="auto">that user. If I import the the Account
object for that user directly </div>
<div dir="auto">from the Azure AD resource, then the shadow
is created, and the </div>
<div dir="auto">membership in Azure AD is updated. So I'm
confused as to why saving a </div>
<div dir="auto">user on reconciliation would fail with this
error, but an import on the </div>
<div dir="auto">resource succeeds.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks for any experience or advise, I've
attached the resource </div>
<div dir="auto">definition in case that is of interest,</div>
<div dir="auto"><br>
</div>
<div dir="auto">Ethan</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">----------</div>
<div dir="auto">_______________________________________________</div>
<div dir="auto">midPoint mailing list</div>
<div dir="auto"><a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></div>
<div dir="auto"><a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a></div>
</blockquote>
</div>
<div dir="auto"><br>
</div>
</div>
</blockquote>
</body>
</html>