Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-1556

Creating user on Active Directory fails when the account exists even if the iterator should be used and correlation rule seems to be ok

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0 (Newton)
    • Fix Version/s: 3.1 (Sinan)
    • Component/s: None
    • Labels:
      None
    • Git Revision:
      git-midpoint-2.2rc2-36-gdec1426

      Description

      1. account in AD is already created (left from previous tests)
      2. add account on AD (which will result in the same account)
      3. save

      2013-08-20 19:31:33,565 [UCF] [http-bio-8080-exec-6] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception java.lang.RuntimeException: The object already exists.
      
      java.lang.RuntimeException: The object already exists.
      
              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:281) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:278) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:113) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:422) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:168) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:165) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at com.sun.proxy.$Proxy172.create(Unknown Source) ~[na:na]
      ...
      2013-08-20 19:31:33,577 [MODEL] [http-bio-8080-exec-6] TRACE (com.evolveum.midpoint.model.lens.ChangeExecutor): EXECUTION result R(com.evolveum.midpoint.provisioning.api.ProvisioningService.addObject FATAL_ERROR The object already exists.
      )
      2013-08-20 19:31:33,592 [MODEL] [http-bio-8080-exec-6] ERROR (com.evolveum.midpoint.model.lens.ChangeExecutor): Error executing changes for (account (default) on resource:ef2bc95b-76e0-48e2-86d6-a000ff000003(Active Directory)): java.lang.RuntimeException: The object already exists.
      
      com.evolveum.midpoint.util.exception.SystemException: java.lang.RuntimeException: The object already exists.
      
              at com.evolveum.midpoint.provisioning.consistency.impl.ErrorHandlerFactory.createErrorHandler(ErrorHandlerFactory.java:90) ~[provisioning-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.provisioning.impl.ShadowCache.handleError(ShadowCache.java:616) ~[provisioning-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.provisioning.impl.ShadowCache.addShadow(ShadowCache.java:341) ~[provisioning-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.addObject_aroundBody2(ProvisioningServiceImpl.java:323) ~[provisioning-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure3.run(ProvisioningServiceImpl.java:1) ~[provisioning-impl-2.2-SNAPSHOT.jar:na]
              at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) ~[aspectjrt-1.6.12.jar:na]
              at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169) ~[util-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) ~[util-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:69) ~[util-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.addObject(ProvisioningServiceImpl.java:303) ~[provisioning-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.ChangeExecutor.addProvisioningObject(ChangeExecutor.java:791) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.ChangeExecutor.executeAddition(ChangeExecutor.java:613) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:509) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:243) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.Clockwork.processSecondary(Clockwork.java:261) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.Clockwork.click(Clockwork.java:176) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.lens.Clockwork.run(Clockwork.java:110) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.controller.ModelController.executeChanges_aroundBody2(ModelController.java:384) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.model.controller.ModelController$AjcClosure3.run(ModelController.java:1) ~[model-impl-2.2-SNAPSHOT.jar:na]
              at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) ~[aspectjrt-1.6.12.jar:na]
              at com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169) ~[util-2.2-SNAPSHOT.jar:na]
              at com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1) ~[util-2.2-SNAPSHOT.jar:na]
      ...
      Caused by: java.lang.RuntimeException: The object already exists.
      
              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:281) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:278) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:113) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:422) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:168) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:165) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101) ~[connector-framework-internal-1.1.1.e6329.jar:na]
              at com.sun.proxy.$Proxy172.create(Unknown Source) ~[na:na]
      

      The account indeed exists, but according to the reconciliation, it is unlinked, thus the owner should be ok.

      Correlation:

      	            <correlation>
      	                <q:description>
      			Correlation rule for both internal employees and external accounts.
      	                </q:description>
      			<q:equal>
      				<q:path>c:name</q:path>
      				<expression>
      					<description>Matches using sAMAccountName.</description>
      		                        <script>
      		                        	<language>http://www.w3.org/TR/xpath/</language>
      			                        <code>$c:account/c:attributes/ri:sAMAccountName</code>
      		                        </script>
      				</expression>
      			</q:equal>
      	            </correlation>
      
      

      icfs:name mapping:

      				<attribute>
      					<ref>icfs:name</ref>
      					<displayName>Distinguished Name</displayName>
      
      					<limitations>
      						<minOccurs>0</minOccurs>
      						<access>
      							<create>true</create>
      							<read>true</read>
      							<update>true</update>
      						</access>
      					</limitations>
      
      					<outbound>
      					
      						<source>
      							<path>$user/givenName</path>
      						</source>
      						<source>
      							<path>$user/familyName</path>
      						</source>
      						<source>
      							<path>$user/employeeType</path>
      						</source>
      						<source>
      							<name>ouPath</name>
      							<path>$user/extension/mycustomer:ouPath</path>
      						</source>
      						<expression>
      							<script>
      								<code>
      
      if (basic.stringify(employeeType) == 'T' || basic.stringify(employeeType) == 'Z')
      {
      	String[] tmpOuPath = ouPath ? ouPath.toString().split(':') : []
      	tmpOuPathDn = ''
      
      	for (i = 0; i &lt; tmpOuPath.size(); i++) {
      		tmpOuPathDn = ',ou=' + tmpOuPath[i] + tmpOuPathDn
      	}
      'cn=' + familyName + ' ' + givenName + iterationToken + tmpOuPathDn + ',ou=vix,dc=win,dc=evolveum,dc=com'
      } else
      'cn=' + familyName + ' ' + givenName + iterationToken + ',ou=ext' + ',ou=vix,dc=win,dc=evolveum,dc=com'
      </code>
      							</script>
      						</expression>
      					</outbound>
      				</attribute>
      
      

      The resource has relaxed dependency on another resource, but is added alone.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              vix Ivan Noris
              Reporter:
              vix Ivan Noris
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: