[midPoint] Ad-hoc Reconciliation
Ivan Noris
ivan.noris at evolveum.com
Tue Mar 31 14:19:44 CEST 2015
Hi Martin,
is every user that is being synced from DB and created in midPoint
expected to have existing account in LDAP?
Do you have the same value of email attribute in midPoint and LDAP?
I.
On 03/31/2015 02:13 PM, Martin Lízner - AMI Praha a.s. wrote:
> Hi guys, Im in situation that I have one really big LDAP with no
> changelog, which can be full reconciled e.g. every 24 hours. I got new
> identities being synced from DB resource every minute or so. Right
> after new DB user is created in midPoint I need to adhoc reconcile
> this user with LDAP resource. I can lookup user via email attribute,
> dont know LDAP DN yet.
>
> I guess that typical correlation logic in synchronization wont help me
> here, since I need to query resource, not IdM. I came to these two
> solutions, but I dont know how to implement them in midPoint. And
> maybe there is better way...
>
> 1. Query resource objects in LDAP connector. Using standard ldap
> filter with email=XXX and fetching DN => linking to midpoint User. Im
> not sure if midPoint can do these queries yet.
>
> 2. Query shadow objects in midPoint repo. These would have been loaded
> in last reconc. It wouldnt be 100% online, but might work for my
> business case. Unfortunatelly, I havent found how to extend shadow
> schema in the doc :-(
>
> Please help, if you can :-)
>
> Regards, Martin
>
> Martin Lízner
> solution architect
>
> gsm: [+420] 737 745 571
> e-mail: martin.lizner at ami.cz <mailto:jmeno.prijmeni at ami.cz>
>
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
>
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap>
>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150331/baf94b49/attachment.htm>
More information about the midPoint
mailing list