[midPoint] Synchronization: no focus deletion after account deleted on HR

Giovanni Rosavini g.rosavini at nsr.it
Mon Jul 6 15:11:32 CEST 2015 

Hi Pavol (and Ivan),

using reconciliation I was able to do what I wanted.

Thank you very much again :-)

Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>

*nova systems roma / nsr*

via della foce micina, 74
00054 Fiumicino (RM) - Italia
t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>

web:http://www.nsr.it <http://www.nsr.it/>
Il 06/07/2015 11:42, Giovanni Rosavini ha scritto:
> Hello Pavol,
>
> thanks for the clear and comprehensive answer; we will explore both 
> the ways to reach our goal.
>
> Best regards,
>
> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>
> *nova systems roma / nsr*
>
> via della foce micina, 74
> 00054 Fiumicino (RM) - Italia
> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>
> web:http://www.nsr.it <http://www.nsr.it/>
> Il 06/07/2015 11:11, Pavol Mederly ha scritto:
>> Giovanni,
>>
>> I totally forgot that the connector (and therefore the LiveSync task) 
>> has no way of knowing that a record - i.e. row in a table - was deleted.
>>
>> It is because the connector is stateless. When doing LiveSync, it 
>> simply gets a request from midPoint: "give me all the records that 
>> were changed since XXXXX", where XXXXX is the last time when LiveSync 
>> was run. Obviously, if a record was deleted, there's no way for a 
>> connector to know that there was such a record before.
>>
>> What to do with that?
>>
>> One possibility how to deal with these deleted records is to use 
>> reconciliation. The reconciliation would discover that db records 
>> that used to be there do not exist any longer.
>>
>> Other possibility is maybe by simulating deletion using a dedicated 
>> column to flag a record as disabled. (So midPoint would view the 
>> record not as deleted, but instead as disabled.) However, I'm 
>> currently not sure how to configure midPoint to delete the user 
>> record in such a situation.
>>
>> Best regards,
>> Pavol
>>
>>
>>> Hi Giovanni,
>>>
>>> quick and stupid question: is Livesync task running? How often?
>>>
>>> Thanks,
>>> Ivan
>>>
>>> On 07/06/2015 10:55 AM, Giovanni Rosavini wrote:
>>>> Hello Pavol,
>>>>
>>>> I'm sorry, I accidentally disabled some of the loggers while 
>>>> testing another scenario. Now I have changed my settings enabling 
>>>> the logging for Model (attached is my System Configuration).
>>>> Here is the test I made:
>>>>
>>>>   * at 10:32 I deleted my user from HR;
>>>>   * at 10:33 I listed the users in the GUI: the to-be-deleted user
>>>>     was still there;
>>>>   * at 10:34 I tried to access the user details from the GUI,
>>>>     receiving the "user not found" error.
>>>>
>>>> I previously forgot to mention that I am using Midpoint version 3.1.1.
>>>>
>>>> Thank you for your help
>>>>
>>>> Best regards,
>>>>
>>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>>
>>>> *nova systems roma / nsr*
>>>>
>>>> via della foce micina, 74
>>>> 00054 Fiumicino (RM) - Italia
>>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>>
>>>> web:http://www.nsr.it <http://www.nsr.it/>
>>>> Il 06/07/2015 09:29, Pavol Mederly ha scritto:
>>>>> Hello Giovanni,
>>>>>
>>>>> I've looked at your resource configuration and your log, but so 
>>>>> far I don't see the cause of the behavior you observe.
>>>>>
>>>>> However, we could perhaps help you more if you could send us 
>>>>> complete log files. First of all, I think the current log 
>>>>> describes only the "discovery" part of the process (and shows that 
>>>>> midPoint correctly decided to delete the user). What would be more 
>>>>> useful is the log covering the situation when you delete the row 
>>>>> in DB, execute the LiveSync cycle and observe that no reaction is 
>>>>> performed. Also, currently there seems to be only logs from the 
>>>>> Projector. Could you enable the TRACE logging for the whole Model 
>>>>> component?
>>>>>
>>>>> Best regards,
>>>>> Pavol
>>>>>
>>>>> On 3. 7. 2015 17:40, Giovanni Rosavini wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I have a problem with synchronization against a DB read-only 
>>>>>> resource (my "HR" resource).
>>>>>> When a new row is inserted in HR, Midpoint reacts and correctly 
>>>>>> creates the relative user (inbound mappings evaluations and 
>>>>>> object template application are OK), but when a row is deleted no 
>>>>>> reaction is performed; also, when I try to access the user in the 
>>>>>> GUI, discovery occurs and I receive the error message: "Object of 
>>>>>> type 'UserType' with oid 'ffa976d3-1700-476f-a6ba-a1d8c7f0875e' 
>>>>>> was not found".
>>>>>> In the attachments you can find the relevant log lines and the 
>>>>>> resource configuration.
>>>>>>
>>>>>> Can you please help us?
>>>>>>
>>>>>> Thanks in advance.
>>>>>>
>>>>>> -- 
>>>>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>>>>
>>>>>> *nova systems roma / nsr*
>>>>>>
>>>>>> via della foce micina, 74
>>>>>> 00054 Fiumicino (RM) - Italia
>>>>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>>>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>>>>
>>>>>> web:http://www.nsr.it <http://www.nsr.it/>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> -- 
>>>    Ing. Ivan Noris
>>>    Senior Identity Management Engineer & IDM Architect
>>>    evolveum.com                     evolveum.com/blog/
>>>    ___________________________________________________
>>>    "Semper Id(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150706/b79a5bdb/attachment.htm>

More information about the midPoint mailing list