<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Gus,</p>
<p>seems to be permission problem in your AD.</p>
<p>LDAP error during DirSync search: insufficientAccessRights:
00002105: LdapErr: DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</p>
<p><br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 12. 12. 2020 18:38, Gus Lou via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+XZjGRZsKyYka9RVS0Z03wbCRe-FzqK-ncTy_3t2ov6E0LKVw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Richard<br>
</div>
<div dir="ltr">I checked the permissions of the
midpooint account in AD again and it is in
accordance with the guidelines in the link
below:<br>
</div>
<div dir="ltr"><a
href="https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector"
moz-do-not-send="true">Active Directory with
LDAP connector - midPoint - Evolveum
Confluence</a><br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">I applied permissions at the domain
level <a href="http://xyz.net"
moz-do-not-send="true">xyz.net</a><br>
</div>
<div dir="ltr"><br>
</div>
<div>Here it is part of midpoint log:</div>
<div>----------------------------------------------------------------------------------------------------------------</div>
<div>
<div
style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px">
<div>2020-12-11 16:53:22,996 [] [Thread-327]
ERROR
(com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy):
method: null msg:LDAP error during DirSync
search: insufficientAccessRights: 00002105:
LdapErr: DSID-0C0909A9, comment: Error
processing control, data 0, v3839? (50)</div>
<div>2020-12-11 16:53:22,997 []
[midPointScheduler_Worker-2] WARN
(com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
Got ConnId exception (might be handled by
upper layers later)
org.identityconnectors.framework.common.exceptions.PermissionDeniedException
in
connector:a0c5bb85-f4f0-4954-af1d-17ec4f27233e(ConnId
com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v3.1):
ConnectorSpec(<a class="moz-txt-link-freetext" href="resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa">resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(Medusa</a>
Active Directory (LDAP)), name=null,
oid=a0c5bb85-f4f0-4954-af1d-17ec4f27233e):
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50), reason: LDAP
error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50) (class
org.identityconnectors.framework.common.exceptions.PermissionDeniedException)</div>
<div>2020-12-11 16:53:22,997 [PROVISIONING]
[midPointScheduler_Worker-2] ERROR
(com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl):
Got unexpected exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</div>
<div>com.evolveum.midpoint.util.exception.SystemException:
Got unexpected exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)</div>
<div><span style="white-space:pre"> </span>at
org.quartz.core.JobRunShell.run(JobRunShell.java:202)</div>
<div><span style="white-space:pre"> </span>at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)</div>
<div>Caused by:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.ad.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)</div>
<div><span style="white-space:pre"> </span>at
jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div><span style="white-space:pre"> </span>at
java.base/java.lang.reflect.Method.invoke(Method.java:566)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)</div>
<div><span style="white-space:pre"> </span>at
com.sun.proxy.$Proxy249.sync(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div><span style="white-space:pre"> </span>at
java.base/java.lang.reflect.Method.invoke(Method.java:566)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)</div>
<div><span style="white-space:pre"> </span>at
com.sun.proxy.$Proxy249.sync(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div><span style="white-space:pre"> </span>at
java.base/java.lang.reflect.Method.invoke(Method.java:566)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div>
<div>2020-12-11 16:53:22,997 []
[midPointScheduler_Worker-2] ERROR
(com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler):
Live Sync: Unspecified error: Got unexpected
exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</div>
<div>com.evolveum.midpoint.util.exception.SystemException:
Got unexpected exception:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.fetchChanges(ConnectorInstanceConnIdImpl.java:1731)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.fetchChanges(ResourceObjectConverter.java:1924)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer.synchronize(LiveSynchronizer.java:199)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.synchronize(ProvisioningServiceImpl.java:347)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.model.impl.sync.LiveSyncTaskHandler.run(LiveSyncTaskHandler.java:90)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executePlainTaskHandler(HandlerExecutor.java:62)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.HandlerExecutor.executeHandler(HandlerExecutor.java:52)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:731)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeRecurrentTask(JobExecutor.java:608)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:185)</div>
<div><span style="white-space:pre"> </span>at
org.quartz.core.JobRunShell.run(JobRunShell.java:202)</div>
<div><span style="white-space:pre"> </span>at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:588)</div>
<div>Caused by:
org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
LDAP error during DirSync search:
insufficientAccessRights: 00002105: LdapErr:
DSID-0C0909A9, comment: Error processing
control, data 0, v3839? (50)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.ErrorHandler.processLdapResult(ErrorHandler.java:149)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.ad.AdErrorHandler.processLdapResult(AdErrorHandler.java:63)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.sync.AdDirSyncStrategy.sync(AdDirSyncStrategy.java:189)</div>
<div><span style="white-space:pre"> </span>at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.sync(AbstractLdapConnector.java:1405)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:134)</div>
<div><span style="white-space:pre"> </span>at
jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div><span style="white-space:pre"> </span>at
java.base/java.lang.reflect.Method.invoke(Method.java:566)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)</div>
<div><span style="white-space:pre"> </span>at
com.sun.proxy.$Proxy249.sync(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div><span style="white-space:pre"> </span>at
java.base/java.lang.reflect.Method.invoke(Method.java:566)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)</div>
<div><span style="white-space:pre"> </span>at
com.sun.proxy.$Proxy249.sync(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
jdk.internal.reflect.GeneratedMethodAccessor1305.invoke(Unknown Source)</div>
<div><span style="white-space:pre"> </span>at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div><span style="white-space:pre"> </span>at
java.base/java.lang.reflect.Method.invoke(Method.java:566)</div>
<div><span style="white-space:pre"> </span>at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div>
<div>2020-12-11 16:53:23,015 []
[midPointScheduler_Worker-2] INFO
(com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor):
Task encountered permanent error, suspending
the task. Task = Task(id:1546210629125-0-1,
name:Sync: Active Directory (Groups),
oid:36d98518-9db1-49ce-a4d7-75be1047bac6)</div>
<div>2020-12-11 16:53:23,015 [TASK_MANAGER]
[midPointScheduler_Worker-2] INFO
(com.evolveum.midpoint.task.quartzimpl.TaskManagerQuartzImpl):
Suspending tasks [Task(id:1546210629125-0-1,
name:Sync: Active Directory (Groups),
oid:36d98518-9db1-49ce-a4d7-75be1047bac6)];
do not stop tasks.</div>
<div>-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
</div>
<div><br>
</div>
</div>
</div>
<div>Best Regards</div>
<div><br>
</div>
<div>Gus</div>
<div><br>
</div>
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em sex., 11 de
dez. de 2020 às 20:22, Richard Richter via
midPoint <<a
href="mailto:midpoint@lists.evolveum.com"
moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<div>Hello<br>
</div>
<div><br>
</div>
<div>I have no idea why this happens, just
looking at the message, it seems to come
from <strong>java.util.Base64.decode(...)</strong>
call, it is in the code and probably
some Base64 encoded string is not
correct.<br>
</div>
<div>It always helps if you can provide
also a stacktrace, part of the log or
something. If it's easy to answer
without it, it doesn't hurt. Here, I
have no idea where the call originates
from.<br>
</div>
<div><br>
</div>
<div>Regards<br>
</div>
<div><br>
</div>
<div>Richard Richter<br>
</div>
<div>midPoint developer</div>
<div><br>
</div>
<hr id="gmail-m_-1796343538307558694zwchr">
<div><b>From: </b>"midPoint General
Discussion" <<a
href="mailto:midpoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
<b>To: </b>"midPoint General
Discussion" <<a
href="mailto:midpoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
<b>Cc: </b>"Gus Lou" <<a
href="mailto:gugalou38@gmail.com"
target="_blank" moz-do-not-send="true">gugalou38@gmail.com</a>><br>
<b>Sent: </b>Friday, December 11, 2020
11:44:56 PM<br>
<b>Subject: </b>[midPoint]
Synchronization Trouble - Active
Directory to MP<br>
</div>
<div><br>
</div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>Hi Guys</div>
<br>
<div>I need to import groups, users
and users and their existing
access into Active Directory to
Midpoint (MP version 4.2,
ADLdapConector 3.1)</div>
<br>
<div>To achieve this goal, I did the
following:</div>
<br>
<div>1-I imported the active
directory resource template from
the address below:</div>
<div><a
href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml"
rel="nofollow noopener
noreferrer" target="_blank"
moz-do-not-send="true">https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/ad-ldap/ad-ldap-medusa-medium.xml</a><br>
</div>
<br>
<div>2-I created two synchronization
tasks, one for users and one for
groups.</div>
<br>
<div>When I run the synchronization
tasks, I get the following error:</div>
<br>
<div><b>Unspecified error: Got
unexpected exception:
java.lang.IllegalArgumentException:
Last unit does not have enough
valid bits</b></div>
<br>
<div>I have already checked the
required permissions following the
guidelines in the link below:</div>
<div><a
href="https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector"
rel="nofollow noopener
noreferrer" target="_blank"
moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector</a><br>
</div>
<br>
<br>
<div>Does anyone have any ideas to
resolve or any other documentation
that I can review.?</div>
<br>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a
href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>