[midPoint] Synchronization: no focus deletion after account deleted on HR

Mon Jul 6 11:42:50 CEST 2015

Hello Pavol,

thanks for the clear and comprehensive answer; we will explore both the 
ways to reach our goal.

Best regards,

Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>

*nova systems roma / nsr*

via della foce micina, 74
00054 Fiumicino (RM) - Italia
t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>

web:http://www.nsr.it <http://www.nsr.it/>
Il 06/07/2015 11:11, Pavol Mederly ha scritto:
> Giovanni,
>
> I totally forgot that the connector (and therefore the LiveSync task) 
> has no way of knowing that a record - i.e. row in a table - was deleted.
>
> It is because the connector is stateless. When doing LiveSync, it 
> simply gets a request from midPoint: "give me all the records that 
> were changed since XXXXX", where XXXXX is the last time when LiveSync 
> was run. Obviously, if a record was deleted, there's no way for a 
> connector to know that there was such a record before.
>
> What to do with that?
>
> One possibility how to deal with these deleted records is to use 
> reconciliation. The reconciliation would discover that db records that 
> used to be there do not exist any longer.
>
> Other possibility is maybe by simulating deletion using a dedicated 
> column to flag a record as disabled. (So midPoint would view the 
> record not as deleted, but instead as disabled.) However, I'm 
> currently not sure how to configure midPoint to delete the user record 
> in such a situation.
>
> Best regards,
> Pavol
>
>
>> Hi Giovanni,
>>
>> quick and stupid question: is Livesync task running? How often?
>>
>> Thanks,
>> Ivan
>>
>> On 07/06/2015 10:55 AM, Giovanni Rosavini wrote:
>>> Hello Pavol,
>>>
>>> I'm sorry, I accidentally disabled some of the loggers while testing 
>>> another scenario. Now I have changed my settings enabling the 
>>> logging for Model (attached is my System Configuration).
>>> Here is the test I made:
>>>
>>>   * at 10:32 I deleted my user from HR;
>>>   * at 10:33 I listed the users in the GUI: the to-be-deleted user
>>>     was still there;
>>>   * at 10:34 I tried to access the user details from the GUI,
>>>     receiving the "user not found" error.
>>>
>>> I previously forgot to mention that I am using Midpoint version 3.1.1.
>>>
>>> Thank you for your help
>>>
>>> Best regards,
>>>
>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>
>>> *nova systems roma / nsr*
>>>
>>> via della foce micina, 74
>>> 00054 Fiumicino (RM) - Italia
>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>
>>> web:http://www.nsr.it <http://www.nsr.it/>
>>> Il 06/07/2015 09:29, Pavol Mederly ha scritto:
>>>> Hello Giovanni,
>>>>
>>>> I've looked at your resource configuration and your log, but so far 
>>>> I don't see the cause of the behavior you observe.
>>>>
>>>> However, we could perhaps help you more if you could send us 
>>>> complete log files. First of all, I think the current log describes 
>>>> only the "discovery" part of the process (and shows that midPoint 
>>>> correctly decided to delete the user). What would be more useful is 
>>>> the log covering the situation when you delete the row in DB, 
>>>> execute the LiveSync cycle and observe that no reaction is 
>>>> performed. Also, currently there seems to be only logs from the 
>>>> Projector. Could you enable the TRACE logging for the whole Model 
>>>> component?
>>>>
>>>> Best regards,
>>>> Pavol
>>>>
>>>> On 3. 7. 2015 17:40, Giovanni Rosavini wrote:
>>>>> Hi,
>>>>>
>>>>> I have a problem with synchronization against a DB read-only 
>>>>> resource (my "HR" resource).
>>>>> When a new row is inserted in HR, Midpoint reacts and correctly 
>>>>> creates the relative user (inbound mappings evaluations and object 
>>>>> template application are OK), but when a row is deleted no 
>>>>> reaction is performed; also, when I try to access the user in the 
>>>>> GUI, discovery occurs and I receive the error message: "Object of 
>>>>> type 'UserType' with oid 'ffa976d3-1700-476f-a6ba-a1d8c7f0875e' 
>>>>> was not found".
>>>>> In the attachments you can find the relevant log lines and the 
>>>>> resource configuration.
>>>>>
>>>>> Can you please help us?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> -- 
>>>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>>>
>>>>> *nova systems roma / nsr*
>>>>>
>>>>> via della foce micina, 74
>>>>> 00054 Fiumicino (RM) - Italia
>>>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>>>
>>>>> web:http://www.nsr.it <http://www.nsr.it/>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>>    Ing. Ivan Noris
>>    Senior Identity Management Engineer & IDM Architect
>>    evolveum.com                     evolveum.com/blog/
>>    ___________________________________________________
>>    "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150706/a8dfdfac/attachment.htm>