[midPoint] Synchronize multiple accounts per user?

Aivo Kuhlberg aivo.kuhlberg at rmit.ee
Tue Dec 20 10:42:10 CET 2016 

Hi Mikko,
I have exactly the same problem and have not yet found any good solution. There is a JIRA feature request about that (MID-3571) but it is waiting a sponsor.
At the moment my "solution" is just to just avoid the problems - as my accounts data comes from CSV-file then I do pre-processing of the accounts with script and just remove the user accounts who have identical ID-s. In future when we move to production I probably have to do more script processing - create exclusion list where I remove only user accounts which should not be imported. Of course this is not viable solution but at last there is no more users in input data who could create problems.
Regards,
Aivo
________________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com>  nimelMikko Pekkarinen <mikko.pekkarinen at datactica.fi>
Saadetud: 20. detsember 2016 10:36
Adressaat: midpoint at lists.evolveum.com
Teema: [midPoint] Synchronize multiple accounts per user?

Hello,

Use case: A resource maintains user accounts and organization information. I need to synchronize these to midPoint.
The user accounts are associated to the organizations, and one person may have an account in multiple organizations.
The accounts have an ID field that uniquely identifies the person who owns the account, and I use this ID to correlate the accounts to midPoint Users. Straigthforward synchronization leads to constraint violation exceptions, as the different accounts have same (resource, kind, intent).

I can see some possible solutions:
 - Writing a script that creates N copies of the resource configuration, with different 'intent' values.
   This is ugly, possibly inefficient, and limits the maximum number of accounts per user.
 - Create a separate User in midPoint for each account.
   Feels wrong. Seems simple in the short term, but leads at least to usability problems.
   Probably other problems as well?

Are there better choices or any best practices for this situation?
Would the new "identity merging" feature help, i.e. can it merge Users whose shadows have identical
(resource, kind, intent)?


Mikko
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.

More information about the midPoint mailing list