[midPoint] First Reconcile Reset Passwords?

Ivan Noris ivan.noris at evolveum.com
Mon Jun 15 17:10:55 CEST 2015 

Hi Jason,

commenting/removing <credentials> .. </credentials> in all required
objectType definitions (if you have more than one default account
intent) in your AD resource is a quick and efficient way. I'm using this
safety as well.

Don't forget to remove the hack after successful recon.

There are also possibilities to filter <credentials> using a <channel>.
But usually I stick to just removing/commenting out the <credentials>
sections in the resource.

Regarding the recon itself I recommend to run it first with "dry run"
flag to see if your correlation rule(s) is working as expected and check
the results in Configure - Shadow details for your resource.

Regards,
Ivan

On 06/15/2015 03:28 PM, Jason Everling wrote:
> I will be setting midPoint into Production this coming weekend. I
> almost did it this past weekend but I was fearful that all user
> passwords would get changed during the first reconcile.
>
> How can I run a reconcile after adding the AD resource making sure
> passwords are not modified?
>
> Just comment out the credentials section in the resource?
>
> Thanks,
> JASON
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150615/d4269c35/attachment.htm>

More information about the midPoint mailing list