[midPoint] AD account duplication
Ващенков Алексей
a.vashchenkov at solarsecurity.ru
Tue Jul 14 11:28:03 CEST 2015
Hi, we have one more problem with Exchange.
We create live synchronization task with Exchange connector. And it bring us one problem.
Too many iterations (6) for account(ID {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}uid = [ <GUID=af020927ab893540bf7ca32f4ad86f30> ], type 'default', resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d(Exchange)): cannot determine values that satisfy constraints: Found more than one object with attribute {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}uid = [ <GUID=af020927ab893540bf7ca32f4ad86f30> ], Found more than one object with attribute {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}name = [ CN=abaulin.d.v,OU=???????????? ????,OU=inrights,DC=isim,DC=local ]
I see this situation like "Live synchronization" task was started after user creation process (it take about 40 seconds) and finished before creation process ends. In this case "Live synchronization" see "new" AD account which already created with "Creation process" (but doesn't ends because waiting for ends of Exchange creation) and create new shadow. After that "Creation process" ends and returns UID of "new" shadow but it doesn't know that shadow already exists (in "Live synchronization" process).
What can we do with this situation?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150714/3243e2f0/attachment.htm>
More information about the midPoint
mailing list