[midPoint] AD account duplication

Pavol Mederly mederly at evolveum.com
Tue Jul 14 12:05:39 CEST 2015 

:-( That's unfortunate. But in other installations it usually takes only 
a few hundred milliseconds (except for initial connection opening, which 
could take 20-30 seconds indeed).

Is your connector opening a new remote PowerShell connection each time? 
Because if not, subsequent operation should be much quicker.

Anyway, couldn't you avoid using Live Sync from Exchange resource?

We can fix this "race condition" issue in midPoint, but I'm not sure how 
quickly.

Pavol

> Power shell works very slow. It’s work takes about 35 second from 
> console.
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On 
> Behalf Of *Pavol Mederly
> *Sent:* Tuesday, July 14, 2015 12:35 PM
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] AD account duplication
>
> Hello Alexej,
>
> are you sure you need Live Synchronization for Exchange resource? If a 
> resource is a target and a source at the same time, problems may 
> occur. It is best to avoid this, it it's not strictly necessary.
>
> However, 40 seconds for user creation process is a waaaaay too long. 
> Have you any idea why it takes so long?
>
> Pavol
>
> On 14. 7. 2015 11:28, Ващенков Алексей wrote:
>
>     Hi, we have one more problem with Exchange.
>
>     We create live synchronization task with Exchange connector. And
>     it bring us one problem.
>
>     Too many iterations (6) for account(ID
>     {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}uid
>     = [ <GUID=af020927ab893540bf7ca32f4ad86f30> ], type 'default',
>     resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d(Exchange))
>     <resource:8790e490-326a-46e9-ba35-9e0c1dcbb41d%28Exchange%29%29>:
>     cannot determine values that satisfy constraints: Found more than
>     one object with attribute
>     {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}uid
>     = [ <GUID=af020927ab893540bf7ca32f4ad86f30> ], Found more than one
>     object with attribute
>     {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}name
>     = [ CN=abaulin.d.v,OU=???????????? ????,OU=inrights,DC=isim,DC=local ]
>
>     I see this situation like “Live synchronization” task was started
>     after user creation process (it take about 40 seconds) and
>     finished before creation process ends. In this case “Live
>     synchronization” see “new” AD account which already created with
>     “Creation process” (but doesn’t ends because waiting for ends of
>     Exchange creation) and create new shadow. After that “Creation
>     process” ends and returns UID of “new” shadow but it doesn’t know
>     that shadow already exists (in “Live synchronization” process).
>
>     What can we do with this situation?
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150714/1bca8456/attachment.htm>

More information about the midPoint mailing list