<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Richard<br></div><div dir="ltr">I checked the permissions of the midpooint account in AD again and it is in accordance with the guidelines in the link below:<br></div><div dir="ltr"><a href="https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector">Active Directory with LDAP connector - midPoint - Evolveum Confluence</a><br></div><div dir="ltr"><br></div><div dir="ltr">I applied permissions at the domain level <a href="http://xyz.net">xyz.net</a><br></div><div dir="ltr"><br></div><div>Here it is part of midpoint log:</div><div>----------------------------------------------------------------------------------------------------------------</div><div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px"><div>2020-12-11 16:53:22,996 [] [Thread-327] ERROR (com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy): method: null msg:LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div>2020-12-11 16:53:22,997 [] [midPointScheduler_Worker-2] WARN (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId exception (might be handled by upper layers later) org.identityconnectors.framework.common.exceptions.PermissionDeniedException in connector:a0c5bb85-f4f0-4954-af1d-17ec4f27233e(ConnId com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v3.1): ConnectorSpec(resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa Active Directory (LDAP)), name=null, oid=a0c5bb85-f4f0-4954-af1d-17ec4f27233e): LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50), reason: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50) (class org.identityconnectors.framework.common.exceptions.PermissionDeniedException)</div><div>2020-12-11 16:53:22,997 [PROVISIONING] [midPointScheduler_Worker-2] ERROR (com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl): Got unexpected exception: org.identityconnectors.framework.common.exceptions.PermissionDeniedException: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div>com.evolveum.midpoint.util.exception.SystemException: Got unexpected exception: org.identityconnectors.framework.common.exceptions.PermissionDeniedException: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div><span style="white-space:pre">      </span>at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)</div><div><span style="white-space:pre"> </span>at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)</div><div><span style="white-space:pre">    </span>at com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)</div><div><span style="white-space:pre">       </span>at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)</div><div><span style="white-space:pre">      </span>at com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)</div><div><span style="white-space:pre"> </span>at com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)</div><div><span style="white-space:pre">   </span>at com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)</div><div><span style="white-space:pre">    </span>at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)</div><div><span style="white-space:pre">   </span>at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)</div><div><span style="white-space:pre">     </span>at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)</div><div><span style="white-space:pre">  </span>at org.quartz.core.JobRunShell.run(JobRunShell.java:202)</div><div><span style="white-space:pre">      </span>at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)</div><div>Caused by: org.identityconnectors.framework.common.exceptions.PermissionDeniedException: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div><span style="white-space:pre">  </span>at com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)</div><div><span style="white-space:pre">  </span>at com.evolveum.polygon.connector.ldap.ad.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)</div><div><span style="white-space:pre">    </span>at com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)</div><div><span style="white-space:pre">        </span>at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)</div><div><span style="white-space:pre">    </span>at org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)</div><div><span style="white-space:pre">        </span>at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div><div><span style="white-space:pre">    </span>at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span style="white-space:pre">   </span>at java.base/java.lang.reflect.Method.invoke(Method.java:566)</div><div><span style="white-space:pre"> </span>at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)</div><div><span style="white-space:pre">       </span>at com.sun.proxy.$Proxy249.sync(Unknown Source)</div><div><span style="white-space:pre">       </span>at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div><div><span style="white-space:pre">    </span>at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span style="white-space:pre">   </span>at java.base/java.lang.reflect.Method.invoke(Method.java:566)</div><div><span style="white-space:pre"> </span>at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)</div><div><span style="white-space:pre">     </span>at com.sun.proxy.$Proxy249.sync(Unknown Source)</div><div><span style="white-space:pre">       </span>at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div><div><span style="white-space:pre">    </span>at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span style="white-space:pre">   </span>at java.base/java.lang.reflect.Method.invoke(Method.java:566)</div><div><span style="white-space:pre"> </span>at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div><div>2020-12-11 16:53:22,997 [] [midPointScheduler_Worker-2] ERROR (com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler): Live Sync: Unspecified error: Got unexpected exception: org.identityconnectors.framework.common.exceptions.PermissionDeniedException: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div>com.evolveum.midpoint.util.exception.SystemException: Got unexpected exception: org.identityconnectors.framework.common.exceptions.PermissionDeniedException: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div><span style="white-space:pre">      </span>at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)</div><div><span style="white-space:pre"> </span>at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)</div><div><span style="white-space:pre">    </span>at com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)</div><div><span style="white-space:pre">       </span>at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)</div><div><span style="white-space:pre">      </span>at com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)</div><div><span style="white-space:pre"> </span>at com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)</div><div><span style="white-space:pre">   </span>at com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)</div><div><span style="white-space:pre">    </span>at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)</div><div><span style="white-space:pre">   </span>at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)</div><div><span style="white-space:pre">     </span>at com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)</div><div><span style="white-space:pre">  </span>at org.quartz.core.JobRunShell.run(JobRunShell.java:202)</div><div><span style="white-space:pre">      </span>at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)</div><div>Caused by: org.identityconnectors.framework.common.exceptions.PermissionDeniedException: LDAP error during DirSync search: insufficientAccessRights: 00002105: LdapErr: DSID-0C0909A9, comment: Error processing control, data 0, v3839? (50)</div><div><span style="white-space:pre">  </span>at com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)</div><div><span style="white-space:pre">  </span>at com.evolveum.polygon.connector.ldap.ad.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)</div><div><span style="white-space:pre">    </span>at com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)</div><div><span style="white-space:pre">        </span>at com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)</div><div><span style="white-space:pre">    </span>at org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)</div><div><span style="white-space:pre">        </span>at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div><div><span style="white-space:pre">    </span>at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span style="white-space:pre">   </span>at java.base/java.lang.reflect.Method.invoke(Method.java:566)</div><div><span style="white-space:pre"> </span>at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)</div><div><span style="white-space:pre">       </span>at com.sun.proxy.$Proxy249.sync(Unknown Source)</div><div><span style="white-space:pre">       </span>at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div><div><span style="white-space:pre">    </span>at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span style="white-space:pre">   </span>at java.base/java.lang.reflect.Method.invoke(Method.java:566)</div><div><span style="white-space:pre"> </span>at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)</div><div><span style="white-space:pre">     </span>at com.sun.proxy.$Proxy249.sync(Unknown Source)</div><div><span style="white-space:pre">       </span>at jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div><div><span style="white-space:pre">    </span>at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div><div><span style="white-space:pre">   </span>at java.base/java.lang.reflect.Method.invoke(Method.java:566)</div><div><span style="white-space:pre"> </span>at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div><div>2020-12-11 16:53:23,015 [] [midPointScheduler_Worker-2] INFO (com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor): Task encountered permanent error, suspending the task. Task = Task(id:1546210629125-0-1, name:Sync: Active Directory (Groups), oid:36d98518-9db1-49ce-a4d7-75be1047bac6)</div><div>2020-12-11 16:53:23,015 [TASK_MANAGER] [midPointScheduler_Worker-2] INFO (com.evolveum.midpoint.task.quartzimpl.TaskManagerQuartzImpl): Suspending tasks [Task(id:1546210629125-0-1, name:Sync: Active Directory (Groups), oid:36d98518-9db1-49ce-a4d7-75be1047bac6)]; do not stop tasks.</div><div>-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br></div><div><br></div></div></div><div>Best Regards</div><div><br></div><div>Gus</div><div><br></div><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em sex., 11 de dez. de 2020 às 20:22, Richard Richter via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div>Hello<br></div><div><br></div><div>I have no idea why this happens, just looking at the message, it seems to come from <strong>java.util.Base64.decode(...)</strong> call, it is in the code and probably some Base64 encoded string is not correct.<br></div><div>It always helps if you can provide also a stacktrace, part of the log or something. If it's easy to answer without it, it doesn't hurt. Here, I have no idea where the call originates from.<br></div><div><br></div><div>Regards<br></div><div><br></div><div>Richard Richter<br></div><div>midPoint developer</div><div><br></div><hr id="gmail-m_-1796343538307558694zwchr"><div><b>From: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Cc: </b>"Gus Lou" <<a href="mailto:gugalou38@gmail.com" target="_blank">gugalou38@gmail.com</a>><br><b>Sent: </b>Friday, December 11, 2020 11:44:56 PM<br><b>Subject: </b>[midPoint] Synchronization Trouble - Active Directory to MP<br></div><div><br></div><div><div dir="ltr"><div dir="ltr"><div>Hi Guys</div><br><div>I need to import groups, users and users and their existing access into Active Directory to Midpoint (MP version 4.2, ADLdapConector 3.1)</div><br><div>To achieve this goal, I did the following:</div><br><div>1-I imported the active directory resource template from the address below:</div><div><a href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml" rel="nofollow noopener noreferrer" target="_blank">https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml</a><br></div><br><div>2-I created two synchronization tasks, one for users and one for groups.</div><br><div>When I run the synchronization tasks, I get the following error:</div><br><div><b>Unspecified error: Got unexpected exception: java.lang.IllegalArgumentException: Last unit does not have enough valid bits</b></div><br><div>I have already checked the required permissions following the guidelines in the link below:</div><div><a href="https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector" rel="nofollow noopener noreferrer" target="_blank">https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector</a><br></div><br><br><div>Does anyone have any ideas to resolve or any other documentation that I can review.?</div><br></div></div>
<br>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div></div></div></div></div></div></div></div></div>