[midPoint] Recomputation task

Wed Jan 31 21:21:35 CET 2024

Hello, Steven and Fabian,

Fabian - you are right. Let me add that in more recent midPoint 
versions, you can use the following "task creation" feature in the GUI:

https://docs.evolveum.com/midpoint/reference/support-4.8/admin-gui/resource-wizard/#wizard-for-task-creation

---

If you'd need the XML, here is a sample:

<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
         oid="51bbde22-9c4e-4d04-8daf-5fef7043a368">
     <name>Reconciliation: AD</name>
     <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
     <executionState>runnable</executionState>
     <activity>
         <work>
             <reconciliation>
                 <resourceObjects>
                     <resourceRef 
oid="851b6547-8288-4f32-96a6-5bb1f2a256fe"/> <!-- please provide your 
resource OID here -->
                     <kind>account</kind>
                     <intent>default</intent>
<!-- or, instead of specifying kind/intent, you can specify objectclass 
here -->
                 </resourceObjects>
             </reconciliation>
         </work>
         <execution>
             <mode>preview</mode> <!-- remove this for "real execution" 
mode -->
         </execution>
     </activity>
</task>

It will work for midPoint 4.4 and later.

If you run midPoint 4.7 or later, you can run the /simulation/ before 
you start the task "for real".

In 4.8, it is enabled by putting the blue code there. If you have too 
many AD accounts (like tens of thousands), you can limit the simulation 
task to e.g. first 500 of them, like this:

<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
       xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
         oid="dc7a6589-ef99-4b92-bacf-4f6da7f65f57">
     <name>Reconciliation: AD (limited)</name>
     <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
     <executionState>runnable</executionState>
     <activity>
         <work>
             <reconciliation>
                 <resourceObjects>
                     <resourceRef 
oid="1d622f56-9f0c-467f-be1b-b2f502c08cd5"/>
                     <kind>account</kind>
                     <intent>default</intent>
                     <!-- or, instead of specifying kind/intent, you can 
specify objectclass here -->
                     <query>
                         <q:paging>
<q:maxSize>500</q:maxSize>
                         </q:paging>
                     </query>
<queryApplication>append</queryApplication>
                 </resourceObjects>
             </reconciliation>
         </work>
         <execution>
             <mode>preview</mode> <!-- remove this for "real execution" 
mode -->
         </execution>
         <!-- disables "remaining shadows" processing -->
         <tailoring>
             <change>
<reference>remainingShadows</reference>
                 <controlFlow>
<processingOption>skip</processingOption>
                 </controlFlow>
             </change>
         </tailoring>
     </activity>
</task>

(In 4.7.x, it is similar, but an additional parameter has to be 
provided; it is no longer needed in 4.8.)

Finally, if you'd like to have multithreaded processing, include just 
the following to any of the tasks (into <activity> item):

         <distribution>
             <workerThreads>4</workerThreads>
         </distribution>

Best regards,

-- 
Pavol Mederly
Software developer
evolveum.com

Meet us at the MidPoint Working Group duringhttps://tiime-unconference.eu/

On 30/01/2024 17:37, Fabian Noll-Dukiewicz via midPoint wrote:
>
> This is quite simple and you can do this in GUI.
>
>   * Go to you resource and choose the tab “Defined Tasks”
>   * Use the “+” symbol to create a new task
>   * Select the icon with the arrows (from left to right and right to
>     left), a tooltip shows “New reconciliation task”
>   * Then enter a name for the task, e.g. AD recon
>   * Set “Indestructible” to true
>   * Set “Handler URI” to Reconciliation Task (can be selected from the
>     drop down list)
>   * Set “Recurrence” to single
>   * Set “Object class” to AccountObjectClass
>   * Set “Kind” to Account (if you want to reconcile your accounts)
>   * Optional: set “Intent” if you want to run reconciliation for a
>     subgroup, e.g. admin, or user, if you have defined something like this
>   * Optional: “Dry run” – can be used to check how many changes will
>     be processed
>   * Optional: “Worker threads” – can be used to increase performance
>     of the task (we use 4 to 6 workers on 8 core cpu)
>   * Optional: “Thread stop action” – restart
>   * Binding: Tight
>
> Save you changes an run the task. I think it is always a good idea to 
> take a dry run first.
>
> If you want to check if your outbound mapping works, you can edit a 
> single user and select the “Reconcile” option at the bottom of the 
> edit page. My steps are describe the procedure in midpoint 4.2.
>
> Good luck!
>
> Kind regards,
>
> Fabian
>
> --
>
> *Fabian Noll-Dukiewicz*
>
> /Spezialist Identity & Access Management | Geschäftsführer/
>
> Tel.: +49 152 244 63 211
>
> Email: fabian.noll-dukiewicz at veryfy.gmbh
>
> Web: https://veryfy.gmbh
>
> *Von: *Ashwill, Steven L <sashwill at uillinois.edu>
> *Datum: *Dienstag, 30. Januar 2024 um 16:18
> *An: *Fabian Noll-Dukiewicz <fabian.noll-dukiewicz at veryfy.gmbh>, 
> midPoint General Discussion <midpoint at lists.evolveum.com>
> *Betreff: *RE: Recomputation task
>
> Hi Fabian,
>
> Thank you for your reply.
>
> The main problem is I don’t have a reconciliation task or a compute 
> task for the resource. I did the mapping as you suggested, I just need 
> to get the AD updated with the new value for all of its users. Would 
> you happen to have an xml example of the task?
>
> Thanks,
>
> Steven
>
> *From:*Fabian Noll-Dukiewicz <fabian.noll-dukiewicz at veryfy.gmbh>
> *Sent:* Tuesday, January 30, 2024 8:13 AM
> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Cc:* Ashwill, Steven L <sashwill at uillinois.edu>
> *Subject:* AW: Recomputation task
>
> Hi Steven,
>
> if this is resource specific I would add the new value as outbound 
> mapping to the resource configuration with strength = strong and run 
> the reconciliation task for the resource. This should affect all users 
> having an account in the resource.
>
> Kind regards,
>
> Fabian
>
> --
>
> *Fabian Noll-Dukiewicz*
>
> /Spezialist Identity & Access Management | Geschäftsführer/
>
> Tel.: +49 152 244 63 211
>
> Email: fabian.noll-dukiewicz at veryfy.gmbh
>
> Web: https://veryfy.gmbh 
> <https://urldefense.com/v3/__https:/veryfy.gmbh__;!!DZ3fjg!85R3doDyECABzeBgZIpkrdmRZgasNaesYnj9U4HLNQ-O-sjI7qa_4zApqW-XZE4UrB2UcUGIDYOvyPzmIOY1cCQ6GzoMXdgZBkdw$> 
>
>
> *Von: *midPoint <midpoint-bounces at lists.evolveum.com> im Auftrag von 
> Ashwill, Steven L via midPoint <midpoint at lists.evolveum.com>
> *Datum: *Dienstag, 30. Januar 2024 um 15:07
> *An: *midpoint at lists.evolveum.com <midpoint at lists.evolveum.com>
> *Cc: *Ashwill, Steven L <sashwill at uillinois.edu>
> *Betreff: *[midPoint] Recomputation task
>
> Hello all,
>
> I’m in need of a recompute task that will push out a new value to all 
> users in one of my repositories. I’ve just started the tutorials but 
> have a production need that exceeds the speed of which I’m learning 
> about Midpoint.  Anyone have a sample they can share?
>
> *STEVEN L ASHWILL*
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240131/bbfe1bf5/attachment-0001.htm>