Content
Updated by Lubomir Marton 9 months ago
AdLdap connector with native associations fails with error for group objects processed from active directory. Unable to fetch group objects from active directory due to identified issue with LDAP search query sent to active directory to get objects,
trace log :
2024-11-12 17:51:51,377 \[\] \[Thread-176\] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://xxxx/ Search REQ base=DC=midpoint,DC=dev, filter=(objectClass=group), scope=sub, attributes=\[groupType, owner, nTGroupMembers, operatorCount, adminCount, groupAttributes, groupMembershipSAM, controlAccessRights, location, desktopProfile, nonSecurityMember, managedBy, primaryGroupToken, msDS-AzLDAPQuery, msDS-NonMembers, msDS-AzBizRule, msDS-AzBizRuleLanguage, msDS-AzLastImportedBizRulePath, msDS-AzApplicationData, msDS-PhoneticDisplayName, msDS-AzObjectGuid, msDS-AzGenericData, msDS-HABSeniorityIndex, msDS-PrimaryComputer, msDS-preferredDataLocation, mail, thumbnailPhoto, msSFU30Name, msSFU30NisDomain, msSFU30PosixMember, msExchGroupJoinRestriction, oOFReplyToOriginator, msOrg-IsOrganizational, reportToOriginator, msOrg-OtherDisplayNames, msExchMasterAccountHistory, msExchArbitrationMailbox, msOrg-GroupSubtypeName, msExchGroupDepartRestriction, dLMemberRule, hideDLMembership, msExchServerAdminDelegationBL, msOrg-Leaders, msExchOriginatingForest, msExchCoManagedByLink, reportToOwner, objectClass, instanceType, nTSecurityDescriptor, objectCategory, cn, description, distinguishedName, whenCreated, whenChanged, subRefs, displayName, uSNCreated, isDeleted, dSASignature, objectVersion, repsTo, repsFrom, memberOf, ownerBL, uSNChanged, uSNLastObjRem, showInAdvancedViewOnly, adminDisplayName, proxyAddresses, adminDescription, extensionName, uSNDSALastObjRemoved, displayNamePrintable, directReports, wWWHomePage, USNIntersite, name, objectGUID, replPropertyMetaData, replUpToDateVector, flags, revision, wbemPath, fSMORoleOwner, systemFlags, siteObjectBL, serverReferenceBL, nonSecurityMemberBL, queryPolicyBL, wellKnownObjects, isPrivilegeHolder, partialAttributeSet, managedObjects, partialAttributeDeletionList, url, lastKnownParent, bridgeheadServerListBL, netbootSCPBL, isCriticalSystemObject, frsComputerReferenceBL, fRSMemberReferenceBL, uSNSource, fromEntry, allowedChildClasses, allowedChildClassesEffective, allowedAttributes, allowedAttributesEffective, possibleInferiors, canonicalName, proxiedObjectName, sDRightsEffective, dSCorePropagationData, otherWellKnownObjects, mS-DS-ConsistencyGuid, mS-DS-ConsistencyChildCount, masteredBy, msCOM-PartitionSetLink, msCOM-UserLink, msDS-Approx-Immed-Subordinates, msDS-NCReplCursors, msDS-NCReplInboundNeighbors, msDS-NCReplOutboundNeighbors, msDS-ReplAttributeMetaData, msDS-ReplValueMetaData, msDS-NonMembersBL, msDS-MembersForAzRoleBL, msDS-OperationsForAzTaskBL, msDS-TasksForAzTaskBL, msDS-OperationsForAzRoleBL, msDS-TasksForAzRoleBL, msDs-masteredBy, msDS-ObjectReferenceBL, msDS-PrincipalName, msDS-RevealedDSAs, msDS-KrbTgtLinkBl, msDS-IsFullReplicaFor, msDS-IsDomainFor, msDS-IsPartialReplicaFor, msDS-AuthenticatedToAccountlist, msDS-NC-RO-Replica-Locations-BL, msDS-RevealedListBL, msDS-PSOApplied, msDS-NcType, msDS-OIDToGroupLinkBl, msDS-HostServiceAccountBL, isRecycled, msDS-LocalEffectiveDeletionTime, msDS-LocalEffectiveRecycleTime, msDS-LastKnownRDN, msDS-EnabledFeatureBL, msDS-ClaimSharesPossibleValuesWithBL, msDS-MembersOfResourcePropertyListBL, msDS-IsPrimaryComputerFor, msDS-ValueTypeReferenceBL, msDS-TDOIngressBL, msDS-TDOEgressBL, msDS-parentdistname, msDS-ReplValueMetaDataExt, msds-memberOfTransitive, msds-memberTransitive, msDS-CloudAnchor, msDS-SourceAnchor, msDS-ObjectSoa, structuralObjectClass, createTimeStamp, modifyTimeStamp, subSchemaSubEntry, msSFU30PosixMemberOf, msDFSR-MemberReferenceBL, msDFSR-ComputerReferenceBL, msExchSupervisionOneOffBL, msExchOWARemoteDocumentsBlockedServersBL, msExchRMSComputerAccountsBL, msExchOWABlockedFileTypesBL, msExchOWARemoteDocumentsAllowedServersBL, msExchMultiMailboxDatabasesBL, msExchHygieneConfigurationMalwareBL, msExchSMTPReceiveDefaultAcceptedDomainBL, msExchOWAForceSaveFileTypesBL, msExchOrganizationsTemplateRootsBL, msExchOWABlockedMIMETypesBL, msExchUGMemberBL, msExchHygieneConfigurationSpamBL, msExchOWATranscodingFileTypesBL, msExchMobileRemoteDocumentsAllowedServersBL, msExchMobileRemoteDocumentsBlockedServersBL, msExchOWAAllowedFileTypesBL, msExchMDBAvailabilityGroupConfigurationBL, msExchOWATranscodingMimeTypesBL, msExchOWAForceSaveMIMETypesBL, msExchMultiMailboxLocationsBL, msExchAcceptedDomainBL, msExchAuxMailboxParentObjectIdBL, msExchOrganizationsGlobalAddressListsBL, msExchMailboxMoveTargetUserBL, msExchTrustedDomainBL, msExchTransportRuleTargetBL, msExchAvailabilityOrgWideAccountBL, msExchArchiveDatabaseBL, msExchMailboxMoveTargetArchiveMDBBL, msExchUserBL, msExchMailboxMoveTargetMDBBL, msExchUGEventSubscriptionBL, msExchAvailabilityPerUserAccountBL, msExchOWARemoteDocumentsInternalDomainSuffixListBL, msExchMailboxMoveSourceUserBL, msExchOWAAllowedMimeTypesBL, msExchEvictedMemebersBL, msExchDataEncryptionPolicyBL, msExchDeviceAccessControlRuleBL, msExchOrganizationsAddressBookRootsBL, msExchMailboxMoveSourceMDBBL, msExchMobileRemoteDocumentsInternalDomainSuffixListBL, msExchParentPlanBL, msExchMailboxMoveSourceArchiveMDBBL, msExchAccountForestBL, msExchDelegateListBL, msExchAdministrativeUnitBL, msExchOABGeneratingMailboxBL, msExchSupervisionDLBL, msExchMailboxMoveStorageMDBBL, msExchIntendedMailboxPlanBL, msOrg-LeadersBL, msExchServerSiteBL, msExchCatchAllRecipientBL, msExchHABRootDepartmentBL, msExchServerAssociationBL, msExchSupervisionUserBL, msExchAssociatedAcceptedDomainBL, msExchAuthPolicyBL, msExchRBACPolicyBL, proxyAddresses, unicodePwd, groupType, manager, managedBy, msDS-parentdistname, msExchHideFromAddressLists, userAccountControl, msDS-parentdistname, manager, managedBy, adminDescription, groupType, extensionAttribute3, extensionAttribute2, exchangeEmailAddresses, msExchRecipientDisplayType, msExchRecipientTypeDetails, msExchRemoteRecipientType, legacyExchangeDN, targetAddress, mailNickname, msExchVersion, msExchPoliciesExcluded, msExchHideFromAddressLists, uidNumber, uid, gidNumber, extensionAttribute6, memberOf, objectGUID, objectClass\], controls=PagedResults(size=20, cookie=null),
2024-11-12 17:51:51,393 \[\] \[Thread-176\] DEBUG (com.evolveum.polygon.connector.ldap.ConnectionLog): method: null msg:CONN ldaps://xxxx/ search success (DC=midpoint,DC=dev sub (objectClass=group) spr): 0 entries returned
2024-11-12 17:51:51,393 \[\] \[Thread-176\] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://xxxx/ Search RES Done: no paged response control
Ldap Result
Result code : (OPERATIONS\_ERROR) operationsError
Matched Dn : ''
Diagnostic message : '00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060
'
2024-11-12 17:51:51,393 \[\] \[Thread-176\] ERROR (com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy): method: null msg:LDAP error during search: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1)
2024-11-12 17:51:51,394 \[\] \[http-nio-8080-exec-3\] WARN (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId exception (might be handled by upper layers later) org.identityconnectors.framework.common.exceptions.ConnectorException in adLDAP: ConnectorSpec.Main(resource:6771ed9e-6523-4e8e-8879-e77afd2bda27(adLDAP)): LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1), reason: LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1) (class org.identityconnectors.framework.common.exceptions.ConnectorException)
2024-11-12 17:51:51,394 \[MODEL\] \[http-nio-8080-exec-3\] WARN (com.evolveum.midpoint.model.impl.controller.ModelController): Couldn't search objects in provisioning, reason: Generic error in the connector: org.identityconnectors.framework.common.exceptions.ConnectorException(LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1)) (class com.evolveum.midpoint.util.exception.SystemException)
2024-11-12 17:51:51,395 \[MODEL\] \[http-nio-8080-exec-3\] ERROR (com.evolveum.midpoint.gui.impl.component.data.provider.SelectableBeanContainerDataProvider): Couldn't list objects.
com.evolveum.midpoint.util.exception.SystemException: Generic error in the connector: org.identityconnectors.framework.common.exceptions.ConnectorException(LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1))
trace log :
2024-11-12 17:51:51,377 \[\] \[Thread-176\] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://xxxx/ Search REQ base=DC=midpoint,DC=dev, filter=(objectClass=group), scope=sub, attributes=\[groupType, owner, nTGroupMembers, operatorCount, adminCount, groupAttributes, groupMembershipSAM, controlAccessRights, location, desktopProfile, nonSecurityMember, managedBy, primaryGroupToken, msDS-AzLDAPQuery, msDS-NonMembers, msDS-AzBizRule, msDS-AzBizRuleLanguage, msDS-AzLastImportedBizRulePath, msDS-AzApplicationData, msDS-PhoneticDisplayName, msDS-AzObjectGuid, msDS-AzGenericData, msDS-HABSeniorityIndex, msDS-PrimaryComputer, msDS-preferredDataLocation, mail, thumbnailPhoto, msSFU30Name, msSFU30NisDomain, msSFU30PosixMember, msExchGroupJoinRestriction, oOFReplyToOriginator, msOrg-IsOrganizational, reportToOriginator, msOrg-OtherDisplayNames, msExchMasterAccountHistory, msExchArbitrationMailbox, msOrg-GroupSubtypeName, msExchGroupDepartRestriction, dLMemberRule, hideDLMembership, msExchServerAdminDelegationBL, msOrg-Leaders, msExchOriginatingForest, msExchCoManagedByLink, reportToOwner, objectClass, instanceType, nTSecurityDescriptor, objectCategory, cn, description, distinguishedName, whenCreated, whenChanged, subRefs, displayName, uSNCreated, isDeleted, dSASignature, objectVersion, repsTo, repsFrom, memberOf, ownerBL, uSNChanged, uSNLastObjRem, showInAdvancedViewOnly, adminDisplayName, proxyAddresses, adminDescription, extensionName, uSNDSALastObjRemoved, displayNamePrintable, directReports, wWWHomePage, USNIntersite, name, objectGUID, replPropertyMetaData, replUpToDateVector, flags, revision, wbemPath, fSMORoleOwner, systemFlags, siteObjectBL, serverReferenceBL, nonSecurityMemberBL, queryPolicyBL, wellKnownObjects, isPrivilegeHolder, partialAttributeSet, managedObjects, partialAttributeDeletionList, url, lastKnownParent, bridgeheadServerListBL, netbootSCPBL, isCriticalSystemObject, frsComputerReferenceBL, fRSMemberReferenceBL, uSNSource, fromEntry, allowedChildClasses, allowedChildClassesEffective, allowedAttributes, allowedAttributesEffective, possibleInferiors, canonicalName, proxiedObjectName, sDRightsEffective, dSCorePropagationData, otherWellKnownObjects, mS-DS-ConsistencyGuid, mS-DS-ConsistencyChildCount, masteredBy, msCOM-PartitionSetLink, msCOM-UserLink, msDS-Approx-Immed-Subordinates, msDS-NCReplCursors, msDS-NCReplInboundNeighbors, msDS-NCReplOutboundNeighbors, msDS-ReplAttributeMetaData, msDS-ReplValueMetaData, msDS-NonMembersBL, msDS-MembersForAzRoleBL, msDS-OperationsForAzTaskBL, msDS-TasksForAzTaskBL, msDS-OperationsForAzRoleBL, msDS-TasksForAzRoleBL, msDs-masteredBy, msDS-ObjectReferenceBL, msDS-PrincipalName, msDS-RevealedDSAs, msDS-KrbTgtLinkBl, msDS-IsFullReplicaFor, msDS-IsDomainFor, msDS-IsPartialReplicaFor, msDS-AuthenticatedToAccountlist, msDS-NC-RO-Replica-Locations-BL, msDS-RevealedListBL, msDS-PSOApplied, msDS-NcType, msDS-OIDToGroupLinkBl, msDS-HostServiceAccountBL, isRecycled, msDS-LocalEffectiveDeletionTime, msDS-LocalEffectiveRecycleTime, msDS-LastKnownRDN, msDS-EnabledFeatureBL, msDS-ClaimSharesPossibleValuesWithBL, msDS-MembersOfResourcePropertyListBL, msDS-IsPrimaryComputerFor, msDS-ValueTypeReferenceBL, msDS-TDOIngressBL, msDS-TDOEgressBL, msDS-parentdistname, msDS-ReplValueMetaDataExt, msds-memberOfTransitive, msds-memberTransitive, msDS-CloudAnchor, msDS-SourceAnchor, msDS-ObjectSoa, structuralObjectClass, createTimeStamp, modifyTimeStamp, subSchemaSubEntry, msSFU30PosixMemberOf, msDFSR-MemberReferenceBL, msDFSR-ComputerReferenceBL, msExchSupervisionOneOffBL, msExchOWARemoteDocumentsBlockedServersBL, msExchRMSComputerAccountsBL, msExchOWABlockedFileTypesBL, msExchOWARemoteDocumentsAllowedServersBL, msExchMultiMailboxDatabasesBL, msExchHygieneConfigurationMalwareBL, msExchSMTPReceiveDefaultAcceptedDomainBL, msExchOWAForceSaveFileTypesBL, msExchOrganizationsTemplateRootsBL, msExchOWABlockedMIMETypesBL, msExchUGMemberBL, msExchHygieneConfigurationSpamBL, msExchOWATranscodingFileTypesBL, msExchMobileRemoteDocumentsAllowedServersBL, msExchMobileRemoteDocumentsBlockedServersBL, msExchOWAAllowedFileTypesBL, msExchMDBAvailabilityGroupConfigurationBL, msExchOWATranscodingMimeTypesBL, msExchOWAForceSaveMIMETypesBL, msExchMultiMailboxLocationsBL, msExchAcceptedDomainBL, msExchAuxMailboxParentObjectIdBL, msExchOrganizationsGlobalAddressListsBL, msExchMailboxMoveTargetUserBL, msExchTrustedDomainBL, msExchTransportRuleTargetBL, msExchAvailabilityOrgWideAccountBL, msExchArchiveDatabaseBL, msExchMailboxMoveTargetArchiveMDBBL, msExchUserBL, msExchMailboxMoveTargetMDBBL, msExchUGEventSubscriptionBL, msExchAvailabilityPerUserAccountBL, msExchOWARemoteDocumentsInternalDomainSuffixListBL, msExchMailboxMoveSourceUserBL, msExchOWAAllowedMimeTypesBL, msExchEvictedMemebersBL, msExchDataEncryptionPolicyBL, msExchDeviceAccessControlRuleBL, msExchOrganizationsAddressBookRootsBL, msExchMailboxMoveSourceMDBBL, msExchMobileRemoteDocumentsInternalDomainSuffixListBL, msExchParentPlanBL, msExchMailboxMoveSourceArchiveMDBBL, msExchAccountForestBL, msExchDelegateListBL, msExchAdministrativeUnitBL, msExchOABGeneratingMailboxBL, msExchSupervisionDLBL, msExchMailboxMoveStorageMDBBL, msExchIntendedMailboxPlanBL, msOrg-LeadersBL, msExchServerSiteBL, msExchCatchAllRecipientBL, msExchHABRootDepartmentBL, msExchServerAssociationBL, msExchSupervisionUserBL, msExchAssociatedAcceptedDomainBL, msExchAuthPolicyBL, msExchRBACPolicyBL, proxyAddresses, unicodePwd, groupType, manager, managedBy, msDS-parentdistname, msExchHideFromAddressLists, userAccountControl, msDS-parentdistname, manager, managedBy, adminDescription, groupType, extensionAttribute3, extensionAttribute2, exchangeEmailAddresses, msExchRecipientDisplayType, msExchRecipientTypeDetails, msExchRemoteRecipientType, legacyExchangeDN, targetAddress, mailNickname, msExchVersion, msExchPoliciesExcluded, msExchHideFromAddressLists, uidNumber, uid, gidNumber, extensionAttribute6, memberOf, objectGUID, objectClass\], controls=PagedResults(size=20, cookie=null),
2024-11-12 17:51:51,393 \[\] \[Thread-176\] DEBUG (com.evolveum.polygon.connector.ldap.ConnectionLog): method: null msg:CONN ldaps://xxxx/ search success (DC=midpoint,DC=dev sub (objectClass=group) spr): 0 entries returned
2024-11-12 17:51:51,393 \[\] \[Thread-176\] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://xxxx/ Search RES Done: no paged response control
Ldap Result
Result code : (OPERATIONS\_ERROR) operationsError
Matched Dn : ''
Diagnostic message : '00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060
'
2024-11-12 17:51:51,393 \[\] \[Thread-176\] ERROR (com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy): method: null msg:LDAP error during search: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1)
2024-11-12 17:51:51,394 \[\] \[http-nio-8080-exec-3\] WARN (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId exception (might be handled by upper layers later) org.identityconnectors.framework.common.exceptions.ConnectorException in adLDAP: ConnectorSpec.Main(resource:6771ed9e-6523-4e8e-8879-e77afd2bda27(adLDAP)): LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1), reason: LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1) (class org.identityconnectors.framework.common.exceptions.ConnectorException)
2024-11-12 17:51:51,394 \[MODEL\] \[http-nio-8080-exec-3\] WARN (com.evolveum.midpoint.model.impl.controller.ModelController): Couldn't search objects in provisioning, reason: Generic error in the connector: org.identityconnectors.framework.common.exceptions.ConnectorException(LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1)) (class com.evolveum.midpoint.util.exception.SystemException)
2024-11-12 17:51:51,395 \[MODEL\] \[http-nio-8080-exec-3\] ERROR (com.evolveum.midpoint.gui.impl.component.data.provider.SelectableBeanContainerDataProvider): Couldn't list objects.
com.evolveum.midpoint.util.exception.SystemException: Generic error in the connector: org.identityconnectors.framework.common.exceptions.ConnectorException(LDAP error during search in DC=midpoint,DC=dev: operationsError: 00002120: SvcErr: DSID-03120496, problem 5012 (DIR\_ERROR), data 592060?? (1))