<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Brandon,</p>
<p>could be this? <a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-6439">https://jira.evolveum.com/browse/MID-6439</a></p>
<p>We had this issue too, but it seems to not happen again with
midPoint 4.2 and more important - newest AD connector 3.1.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 24. 11. 2020 23:06, Brandon Powers
via midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAP-GOHfD78wr5C3tXDrdWuevDy=X=_idyKig3bKAk7EFYW=NoQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hey MidPoint Community!
<div><br>
</div>
<div>We are currently struggling with an Active Directory
Connector/connectivity issue that we have not encountered in
any other midPoint implementation to date, and hoping someone
may be able to shed some light or provide some guidance.</div>
<div><br>
</div>
<div><b>Short Summary:</b></div>
<div>Receiving the following error <i>occasionally</i> when
importing many Active Directory accounts using the Active
Directory (LDAP) Connector.</div>
<div><b>Error Message:</b> In order to perform this operation a
successful bind must be completed on the connection.</div>
<div><b><br>
</b></div>
<div><b>Context:</b></div>
<div>MidPoint Version: 3.9</div>
<div>Active Directory Resource defined using the Active
Directory Connector (LDAP): <a
href="https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393"
moz-do-not-send="true">https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393</a></div>
<div>Active Directory Connector Version: 2.0</div>
<div>Active Directory</div>
<div><br>
</div>
<div>Issue is not with the bind credentials themselves -
connection works otherwise: Test connection is successful;
recomputing individual users (even those that the issue shows
up for during import); manually importing AD objects (users,
groups) all work fine.</div>
<div><br>
</div>
<div><b>Where we do have the issue:</b></div>
<div>- When running import task for Active Directory resource
including ~320 user accounts</div>
<div>- Issue appears consistently during each import attempt,
but inconsistently on varying user accounts</div>
<div>- When the bind error occurs with both domain controllers,
it halts the import and import task fails</div>
<div>- During import, midPoint is generally able to import most
user accounts before the issue starts manifesting</div>
<div><br>
</div>
<div><b>Stacktrace:</b></div>
<div>2020-11-24 02:34:19,110 [] [midPointScheduler_Worker-8]
ERROR
(com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
ConnId Exception
org.identityconnectors.framework.common.exceptions.ConnectorIOException
in connector:a399ee77-234c-4ae3-9880-65d557a67bc6(ConnId
com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0):
ConnectorSpec(<a class="moz-txt-link-freetext" href="resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active">resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active</a>
Directory (LDAP)), name=null,
oid=a399ee77-234c-4ae3-9880-65d557a67bc6): LDAP error during
search: operationsError: 000004DC: LdapErr: DSID-0C0907E9,
comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v2580? (1)<br>
org.identityconnectors.framework.common.exceptions.ConnectorIOException:
LDAP error during search: operationsError: 000004DC: LdapErr:
DSID-0C0907E9, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0,
v2580? (1)<br>
at
com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:580)<br>
at
com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy.search(SimplePagedResultsSearchStrategy.java:239)<br>
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:691)<br>
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:497)<br>
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:130)<br>
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:197)<br>
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:133)<br>
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:498)<br>
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)<br>
at com.sun.proxy.$Proxy219.search(Unknown Source)<br>
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:498)<br>
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)<br>
at com.sun.proxy.$Proxy219.search(Unknown Source)<br>
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:498)<br>
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div>
<div><br>
</div>
<div>Has anyone seen this issue before or have any ideas?
Because the import fails, it causes issues with other
resources and processes.</div>
<div><br>
</div>
<div>Appreciate any advice anyone has to offer!<br clear="all">
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div style="text-align:left"><br>
</div>
<div style="text-align:left">Brandon Powers</div>
<div>
<div style="text-align:left"><span>Exclamation
Labs</span></div>
<span>
<div style="text-align:left">300
Washington Street</div>
</span><span>
<div style="text-align:left">Cumberland,
MD 21502</div>
</span>
<div><a value="+18885455008"
style="color:rgb(17,85,204)"
href="tel:888.545.5008" target="_blank"
moz-do-not-send="true">888.545.5008</a><span
style="color:rgb(34,34,34)"> or </span><a
value="+13017225008"
style="color:rgb(17,85,204)"
href="tel:301.722.5008+ext+144"
target="_blank" moz-do-not-send="true">301.722.5008
ext 144</a></div>
<span>
<div style="text-align:left">fax <a
value="+13017222183"
style="color:rgb(17,85,204)"
moz-do-not-send="true">301.722.2183</a></div>
</span>
<div><a
href="mailto:brandon@exclamationlabs.com"
style="color:rgb(17,85,204)"
target="_blank" moz-do-not-send="true">brandon@exclamationlabs.com</a></div>
<span>
<div style="text-align:left"><a
href="mailto:brandon@exclamationlabs.com"
style="color:rgb(17,85,204);font-size:13px" target="_blank"
moz-do-not-send="true">www.exclamationlabs.com</a></div>
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>