[midPoint] Sync AD with Midpoint for one time, not create

Dilek Gider dilek.gider at basistek.com
Thu Aug 17 11:42:42 CEST 2017


To be more descriptive, I have unique identifer as identity number and
correlation works fine, there is a record on AD with that unique number and
also midpoint user has the same unique identifer. But it falls into
unmatched situation, tries to add new account with iterationToken as a new
record.

On Thu, Aug 17, 2017 at 12:11 PM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Hi,
>
> I have HR db resource to get users to midpoint, and then create accounts
> on the AD,  all of these operations are working fine now.
>
> But I have a requirement that; all of users are also in AD now and they
> are correct. Customer always used AD effectively by manual insert/update.
> Now with midpoint project, we are doing automation the process from HR to
> AD. But when project goes to production, only one time, we have to
> syncronize midpoint users with AD users, not create. After one time
> operation, AD account will be created automatically by midpoint, but for
> one time , at the beginning of production, we  won't create users on AD,
> only sync them with midpoint users.
>
> I tried to do this,  but I think LDAP connector searches AD accounts by
> "objectGUID". objectGUID on AD accounts didin't generated by midpoint, they
> generated by manuel create. How can I map midpoint users (comes from HR)
> and old AD accounts? There is unique value in each side that is identity
> number but i can't sync them because of searching by objectGUID.
>
> Thank you, I hope it is explanatory.
>
> Dilek.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170817/75860f8e/attachment.htm>


More information about the midPoint mailing list