<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Sorry, I should not be doing OpenLDAP tech support in the midPoint list.</div><div class=""><br class=""></div>Do you have an ACL set in the front end database? <div class=""><br class=""></div><div class="">To view the front end, do an ldapsearch like this one:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[mbrookov@nineoften ~]$ <b class="">ldapsearch -LLL -bcn=config -x -<a href="Hldaps://ldap.mines.edu" class="">Hldaps://ldap.mines.edu</a> -Dcn=config -W olcDatabase={-1}frontend</b></span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Enter LDAP Password: </span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">dn: olcDatabase={-1}frontend,cn=config</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">objectClass: olcDatabaseConfig</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">objectClass: olcFrontendConfig</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcDatabase: {-1}frontend</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcAddContentAcl: FALSE</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcLastMod: TRUE</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcMaxDerefDepth: 0</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcReadOnly: FALSE</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcSchemaDN: cn=Subschema</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcSyncUseSubentry: FALSE</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">olcMonitoring: FALSE</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo; min-height: 16px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[mbrookov@nineoften ~]$ </span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div><br class=""><blockquote type="cite" class=""><div class="">On Mar 2, 2021, at 12:47 PM, Matthew Brookover via midPoint <<a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">RootDSA is a list of schema and other supported features. If it is blocked in your configuration a number of LDAP clients will not work.<div class=""><br class=""></div><div class="">Off the top of my head, I do not remember how to unlock. I will do some poking around and see if I can find the config line item to controls access to the root DSE.</div><div class=""><br class=""></div><div class="">FYI, you can see the root dse with this command:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[mbrookov@nineoften ~]$ <b class="">ldapsearch -LLL -<a href="hldaps://ldap.mines.edu" class="">Hldaps://ldap.mines.edu</a> -x -D "" -s base -b "" +</b></span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">dn:</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">structuralObjectClass: OpenLDAProotDSE</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">configContext: cn=config</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">namingContexts: dc=mines,dc=edu</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">monitorContext: cn=Monitor</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.3.6.1.4.1.4203.1.9.1.1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 2.16.840.1.113730.3.4.18</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 2.16.840.1.113730.3.4.2</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.3.6.1.4.1.4203.1.10.1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.3.6.1.1.22</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.2.840.113556.1.4.319</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.2.826.0.1.3344810.2.3</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.3.6.1.1.13.2</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.3.6.1.1.13.1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedControl: 1.3.6.1.1.12</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedExtension: 1.3.6.1.4.1.1466.20037</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedExtension: 1.3.6.1.4.1.4203.1.11.1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedExtension: 1.3.6.1.4.1.4203.1.11.3</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedExtension: 1.3.6.1.1.8</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedFeatures: 1.3.6.1.1.14</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedFeatures: 1.3.6.1.4.1.4203.1.5.1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedFeatures: 1.3.6.1.4.1.4203.1.5.2</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedFeatures: 1.3.6.1.4.1.4203.1.5.3</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedFeatures: 1.3.6.1.4.1.4203.1.5.4</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedFeatures: 1.3.6.1.4.1.4203.1.5.5</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedLDAPVersion: 3</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">supportedSASLMechanisms: GSSAPI</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">entryDN:</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">subschemaSubentry: cn=Subschema</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo; min-height: 16px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[mbrookov@nineoften ~]$ </span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><br class=""><blockquote type="cite" class=""><div class="">On Mar 2, 2021, at 12:12 PM, Keith LeValley via midPoint <<a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div class="">
<div style="background-color: rgb(255, 235, 156); width: 100%; border: 1pt solid rgb(156, 101, 0); padding: 2pt; font-size: 10pt; line-height: 12pt; font-family: Calibri; text-align: left;" class="">
<span style="color:#9C6500; font-weight:bold;" class="">CAUTION:</span> This email originated from outside of the Colorado School of Mines organization. Do not click on links or open attachments unless you recognize the sender and know the content is safe.</div>
<br class="">
<div class="">
<div dir="ltr" class="">I am trying to set up a connector with an openldap server. It's a test environment so everything is very simple to this point. When I go to test the connection I am getting a strange error:
<div class=""><br class="">
</div>
<div class=""><dt id="gmail-id1275" style="box-sizing:border-box;line-height:1.42857;font-weight:700;float:left;width:100px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
Operation</dt><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
<span id="gmail-id1276" style="box-sizing:border-box;font-weight:700" class="">Connector configuration</span></dd><dt id="gmail-id1277" style="box-sizing:border-box;line-height:1.42857;font-weight:700;float:left;width:100px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
Message</dt><dd id="gmail-id1278" style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
Communication error</dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
<table class="gmail-paramtable" style="border-collapse:collapse;border-spacing:0px;background-color:transparent;border:0px">
</table>
</dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
<table class="gmail-paramtable" style="border-collapse:collapse;border-spacing:0px;background-color:transparent;border:0px">
</table>
</dd><dt id="gmail-id1279" style="box-sizing:border-box;line-height:1.42857;font-weight:700;float:left;width:100px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
Error</dt><dd id="gmail-id127a" style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px" class="">
IO error: org.identityconnectors.framework.common.exceptions.ConnectorIOException(Error getting supported controls: ERR_04156_FAILED_FETCHING_ROOT_DSE Failed to fetch the RootDSE)->org.apache.directory.api.ldap.model.exception.LdapException(ERR_04156_FAILED_FETCHING_ROOT_DSE
Failed to fetch the RootDSE)->org.apache.directory.api.ldap.model.exception.LdapException(ERR_04155_ROOT_DSE_SEARCH_FAILED Search for root DSE returned no entry)
<div class=""><br class="">
</div>
<div class="">The RootDSE should be configured on the server, when I login using phpldapadmin the ldap server itself looks fine, so I don't think it's anything with the server or authentication. I am a little stumped...</div>
<div class=""><br class="">
</div>
-- <br class="">
<div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">Keith LeValley<br class="">
<div class=""><font face="arial, helvetica, sans-serif" class="">Identity Services Architect</font>, Davenport University</div>
<div class="">phone: (616) 732-1102</div>
<div class=""><a href="mailto:klevalley2@davenport.edu" target="_blank" class="">klevalley2@davenport.edu<br class="">
</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</dd></div>
</div>
</div>
</div>
_______________________________________________<br class="">midPoint mailing list<br class=""><a href="mailto:midPoint@lists.evolveum.com" class="">midPoint@lists.evolveum.com</a><br class=""><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" class="">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br class=""></div></blockquote></div><br class=""><div class="">
<div style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(0, 0, 0);" class=""><span style="font-style: normal;" class=""><span style="font-weight: normal; font-size: 11px;" class=""><font color="#324765" style="font-weight: bold;" class="">Matthew B. Brookover</font><br class=""><font color="#2b4160" style="font-weight: bold;" class="">Solutions Architect</font><br class=""><font color="#767171" class="">Information and Technology Solutions (ITS)<br class="">303-273-3436 | <a href="mailto:mbrookov@mines.edu" class="">mbrookov@mines.edu</a></font></span></span></div><br class="Apple-interchange-newline"><span class=""><span id="cid:202B1FAA-309E-4884-B9C2-55A790586871@mattbrookover.com"><PastedGraphic-2.tiff></span></span><b style="font-family: Helvetica; font-style: normal; font-variant-caps: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-size: 11px; caret-color: rgb(0, 0, 0);" class=""><font color="#2b4160" class=""><br class="Apple-interchange-newline">Our Values:</font><font color="#767171" class=""> </font></b><font color="#767171" style="font-family: Helvetica; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; font-size: 11px; caret-color: rgb(0, 0, 0);" class="">Trust | Integrity | Respect | Responsibility</font>
</div>
<br class=""></div></div>_______________________________________________<br class="">midPoint mailing list<br class=""><a href="mailto:midPoint@lists.evolveum.com" class="">midPoint@lists.evolveum.com</a><br class="">https://lists.evolveum.com/mailman/listinfo/midpoint<br class=""></div></blockquote></div><br class=""><div class="">
<div style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><span style="font-style: normal;"><span style="font-weight: normal; font-size: 11px;" class=""><font color="#324765" style="font-weight: bold;" class="">Matthew B. Brookover</font><br class=""><font color="#2b4160" style="font-weight: bold;" class="">Solutions Architect</font><br class=""><font color="#767171" class="">Information and Technology Solutions (ITS)<br class="">303-273-3436 | <a href="mailto:mbrookov@mines.edu" class="">mbrookov@mines.edu</a></font></span></span></div><br class="Apple-interchange-newline"><span><img apple-inline="yes" id="DC705E90-9EF9-4F67-A38D-E8EEB5550F7F" src="cid:202B1FAA-309E-4884-B9C2-55A790586871@mattbrookover.com" class=""></span><b style="font-family: Helvetica; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; font-size: 11px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><font color="#2b4160" class=""><br class="Apple-interchange-newline">Our Values:</font><font color="#767171" class=""> </font></b><font color="#767171" style="font-family: Helvetica; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; font-size: 11px; caret-color: rgb(0, 0, 0);" class="">Trust | Integrity | Respect | Responsibility</font>
</div>
<br class=""></div></body></html>