[midPoint] Synchronization: no focus deletion after account deleted on HR

Pavol Mederly mederly at evolveum.com
Mon Jul 6 11:11:12 CEST 2015 

Giovanni,

I totally forgot that the connector (and therefore the LiveSync task) 
has no way of knowing that a record - i.e. row in a table - was deleted.

It is because the connector is stateless. When doing LiveSync, it simply 
gets a request from midPoint: "give me all the records that were changed 
since XXXXX", where XXXXX is the last time when LiveSync was run. 
Obviously, if a record was deleted, there's no way for a connector to 
know that there was such a record before.

What to do with that?

One possibility how to deal with these deleted records is to use 
reconciliation. The reconciliation would discover that db records that 
used to be there do not exist any longer.

Other possibility is maybe by simulating deletion using a dedicated 
column to flag a record as disabled. (So midPoint would view the record 
not as deleted, but instead as disabled.) However, I'm currently not 
sure how to configure midPoint to delete the user record in such a 
situation.

Best regards,
Pavol


> Hi Giovanni,
>
> quick and stupid question: is Livesync task running? How often?
>
> Thanks,
> Ivan
>
> On 07/06/2015 10:55 AM, Giovanni Rosavini wrote:
>> Hello Pavol,
>>
>> I'm sorry, I accidentally disabled some of the loggers while testing 
>> another scenario. Now I have changed my settings enabling the logging 
>> for Model (attached is my System Configuration).
>> Here is the test I made:
>>
>>   * at 10:32 I deleted my user from HR;
>>   * at 10:33 I listed the users in the GUI: the to-be-deleted user
>>     was still there;
>>   * at 10:34 I tried to access the user details from the GUI,
>>     receiving the "user not found" error.
>>
>> I previously forgot to mention that I am using Midpoint version 3.1.1.
>>
>> Thank you for your help
>>
>> Best regards,
>>
>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>
>> *nova systems roma / nsr*
>>
>> via della foce micina, 74
>> 00054 Fiumicino (RM) - Italia
>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>
>> web:http://www.nsr.it <http://www.nsr.it/>
>> Il 06/07/2015 09:29, Pavol Mederly ha scritto:
>>> Hello Giovanni,
>>>
>>> I've looked at your resource configuration and your log, but so far 
>>> I don't see the cause of the behavior you observe.
>>>
>>> However, we could perhaps help you more if you could send us 
>>> complete log files. First of all, I think the current log describes 
>>> only the "discovery" part of the process (and shows that midPoint 
>>> correctly decided to delete the user). What would be more useful is 
>>> the log covering the situation when you delete the row in DB, 
>>> execute the LiveSync cycle and observe that no reaction is 
>>> performed. Also, currently there seems to be only logs from the 
>>> Projector. Could you enable the TRACE logging for the whole Model 
>>> component?
>>>
>>> Best regards,
>>> Pavol
>>>
>>> On 3. 7. 2015 17:40, Giovanni Rosavini wrote:
>>>> Hi,
>>>>
>>>> I have a problem with synchronization against a DB read-only 
>>>> resource (my "HR" resource).
>>>> When a new row is inserted in HR, Midpoint reacts and correctly 
>>>> creates the relative user (inbound mappings evaluations and object 
>>>> template application are OK), but when a row is deleted no reaction 
>>>> is performed; also, when I try to access the user in the GUI, 
>>>> discovery occurs and I receive the error message: "Object of type 
>>>> 'UserType' with oid 'ffa976d3-1700-476f-a6ba-a1d8c7f0875e' was not 
>>>> found".
>>>> In the attachments you can find the relevant log lines and the 
>>>> resource configuration.
>>>>
>>>> Can you please help us?
>>>>
>>>> Thanks in advance.
>>>>
>>>> -- 
>>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>>
>>>> *nova systems roma / nsr*
>>>>
>>>> via della foce micina, 74
>>>> 00054 Fiumicino (RM) - Italia
>>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>>
>>>> web:http://www.nsr.it <http://www.nsr.it/>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
>    Ing. Ivan Noris
>    Senior Identity Management Engineer & IDM Architect
>    evolveum.com                     evolveum.com/blog/
>    ___________________________________________________
>    "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150706/49eca1e7/attachment.htm>

More information about the midPoint mailing list