[midPoint] link account in AD

[Ivan Noris]

Hi,

I remember to use something like:

                <attribute>
                    <ref>ri:sAMAccountName</ref>
                    <secondaryIdentifier>true</secondaryIdentifier>
...
               </attribute>

to trigger automatic AlreadyExistsException to run discovery,
correlation and link the existing account using correlation expressions.
But I have not tried it recently and not with AdLdap connector at all.

Can you paste XML code how you try to process
$account/attributes/distinguishedName attribute (where you get null)?

Ivan

On 05/31/2016 04:52 PM, Michal Štekláč wrote:
> Hi,
>
> I use ICF com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
> v1.4.2.14 and I want synchronize users to AD and insert to
> organization unit. Users are in hierarchical structure in AD.
> Example:
> CN=Hrasko Janko,ou=BBB,ou=AAA,dc=example,dc=com
> Users exists in AD before start synchronization.
>
> When synchronize user from midpoint which is in OrgUnit AAA, then get
> exception object alredy exist in AD.
> In AD is user CN=Hrasko Janko,ou=BBB,ou=AAA,,dc=example,dc=com and
> synchronization try create CN=Hrasko Janko,ou=AAA,,dc=example,dc=com.
> Correlation atributte is sAMAcountName, which is same and have value
> jhrasko.
>
> 1) Can i link user which is in midpoint with user who exist in AD and
> change dn of user in AD? I don`t want to create new user in AD?
> 2) Can i get dn on user in AD? In old .Net AD connector get dn with
> $account/attributes/distinguishedName. I get null in new AD connector.
>
> Thanks & regards
> MiSo
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."