[midPoint] Reconciliation For a Subset of Users
Oskar Butovič - AMI Praha a.s.
oskar.butovic at ami.cz
Tue Oct 25 09:34:12 CEST 2016
Hi Gustav,
does this simulated reconcile fetch shadows from resource?
for example i have one user in midpoint with assignments on accounts on
those resources but is missing shadows. (because i deleted them, was
corrupted by outage, etc...). Will this simulated reconcile fetch and link
shadows from resource before creating them from midpoint user account?
Best regards,
Oskar
2016-10-24 21:57 GMT+02:00 Pálos Gustáv <gustav.palos at evolveum.com>:
> Hi Martin,
>
> I'm using this task as workaround to reconcile only one user by OID
> (symulating GUI reconcile):
> <?xml version="1.0" encoding="UTF-8"?>
> <c:objects xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/
> common-3">
> <c:task>
> <c:name>reconcile one org</c:name>
> <c:extension xmlns:mext="http://midpoint.ev
> olveum.com/xml/ns/public/model/extension-3">
> <mext:objectType>ObjectType</mext:objectType>
> <mext:objectQuery>
> <q:filter xmlns:q="http://prism.evolveum
> .com/xml/ns/public/query-3">
> <q:inOid>
> <q:value>73ca114b-dec5-4ae7-be
> a1-645b4fa0fcb9</q:value>
> </q:inOid>
> </q:filter>
> </mext:objectQuery>
> <mext:objectDelta>
> <t:changeType xmlns:t="http://prism.evolveum
> .com/xml/ns/public/types-3">modify</t:changeType>
> <t:objectType xmlns:t="http://prism.evolveum
> .com/xml/ns/public/types-3">OrgType</t:objectType>
> <t:oid xmlns:t="http://prism.evolveum
> .com/xml/ns/public/types-3">unused</t:oid>
> </mext:objectDelta>
> </c:extension>
> <c:taskIdentifier>1476345263272:174415297</c:taskIdentifier>
> <c:ownerRef oid="00000000-0000-0000-0000-000000000002"/>
> <c:executionStatus>runnable</c:executionStatus>
> <c:category>ExecuteChanges</c:category>
> <c:handlerUri>http://midpoint.evolveum.com/xml/ns/public/mod
> el/synchronization/task/execute/handler-3</c:handlerUri>
> <c:recurrence>single</c:recurrence>
> </c:task>
> </c:objects>
>
> if you need more, you can reconcile more OIDs, but I never tryed other
> types of filter in this way.
>
> Best regards,
>
> Gustav
>
> 2016-10-24 21:56 GMT+02:00 Pálos Gustáv <gustav.palos at gmail.com>:
>
>> Hi Martin,
>>
>> I'm using this task as workaround to reconcile only one user by OID
>> (symulating GUI reconcile):
>> <?xml version="1.0" encoding="UTF-8"?>
>> <c:objects xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/
>> common-3">
>> <c:task>
>> <c:name>reconcile one org</c:name>
>> <c:extension xmlns:mext="http://midpoint.ev
>> olveum.com/xml/ns/public/model/extension-3">
>> <mext:objectType>ObjectType</mext:objectType>
>> <mext:objectQuery>
>> <q:filter xmlns:q="http://prism.evolveum
>> .com/xml/ns/public/query-3">
>> <q:inOid>
>> <q:value>73ca114b-dec5-4ae7-be
>> a1-645b4fa0fcb9</q:value>
>> </q:inOid>
>> </q:filter>
>> </mext:objectQuery>
>> <mext:objectDelta>
>> <t:changeType xmlns:t="http://prism.evolveum
>> .com/xml/ns/public/types-3">modify</t:changeType>
>> <t:objectType xmlns:t="http://prism.evolveum
>> .com/xml/ns/public/types-3">OrgType</t:objectType>
>> <t:oid xmlns:t="http://prism.evolveum
>> .com/xml/ns/public/types-3">unused</t:oid>
>> </mext:objectDelta>
>> </c:extension>
>> <c:taskIdentifier>1476345263272:174415297</c:taskIdentifier>
>> <c:ownerRef oid="00000000-0000-0000-0000-000000000002"/>
>> <c:executionStatus>runnable</c:executionStatus>
>> <c:category>ExecuteChanges</c:category>
>> <c:handlerUri>http://midpoint.evolveum.com/xml/ns/public/mod
>> el/synchronization/task/execute/handler-3</c:handlerUri>
>> <c:recurrence>single</c:recurrence>
>> </c:task>
>> </c:objects>
>>
>> if you need more, you can reconcile more OIDs, but I never try other
>> types of filter in this way.
>>
>> Best regards,
>>
>> Gustav
>>
>> 2016-10-24 16:01 GMT+02:00 Martin Marchese <mmarchese at identicum.com>:
>>
>>> Hi All,
>>>
>>> We have a almost 600k users within midpoint and we need to reconcile all
>>> of them with our eDirectory resource since we need to change the users
>>> container within eDirectory.
>>>
>>> Since it's a large number of users, we want to do this in subsets. We've
>>> already did something similar for recomputing users, but as far as I could
>>> find in the documentation, Reconciliation is always run for all the
>>> accounts. And even though we add an objectQuery extension into the task, it
>>> runs for all of them.
>>>
>>> Is there a way to accomplish this? With reconciliation or any other
>>> action?
>>>
>>> Thanks in Advance.
>>>
>>> *Ing. Martín Marchese*
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Tel: +54 (11) 4552-3050
>>> mmarchese at identicum.com
>>> www.identicum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> s pozdravom
>>
>> Gustáv Pálos
>>
>
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
Oskar Butovič
solution architect
gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image: AMI Praha a.s.]
[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161025/7d8008c0/attachment.htm>
More information about the midPoint
mailing list