[midPoint] Sync AD with Midpoint for one time, not create

Ivan Noris ivan.noris at evolveum.com
Thu Aug 17 12:52:00 CEST 2017 

Hi,

if it fails with UNMATCHED, it means that the correlation filter is
incorrect. Or at least it does not allow matching. Case-sensitivity problem?

In generic cases your scenario is pretty common. For one-time
synchronization (without creating users in midPoint) you can setup
different correlation expression in the resource object synchronization.
The correlation expression can even be OR so two or more different
expressions can be used.

Without knowing more it's hard to tell what's wrong.

Best regards,

Ivan


On 17.08.2017 11:42, Dilek Gider wrote:
> To be more descriptive, I have unique identifer as identity number and
> correlation works fine, there is a record on AD with that unique
> number and also midpoint user has the same unique identifer. But it
> falls into unmatched situation, tries to add new account with
> iterationToken as a new record. 
>
> On Thu, Aug 17, 2017 at 12:11 PM, Dilek Gider
> <dilek.gider at basistek.com <mailto:dilek.gider at basistek.com>> wrote:
>
>     Hi,
>
>     I have HR db resource to get users to midpoint, and then create
>     accounts on the AD,  all of these operations are working fine now. 
>
>     But I have a requirement that; all of users are also in AD now and
>     they are correct. Customer always used AD effectively by manual
>     insert/update. Now with midpoint project, we are doing automation
>     the process from HR to AD. But when project goes to production,
>     only one time, we have to syncronize midpoint users with AD users,
>     not create. After one time operation, AD account will be created
>     automatically by midpoint, but for one time , at the beginning of
>     production, we  won't create users on AD, only sync them with
>     midpoint users.
>
>     I tried to do this,  but I think LDAP connector searches AD
>     accounts by "objectGUID". objectGUID on AD accounts didin't
>     generated by midpoint, they generated by manuel create. How can I
>     map midpoint users (comes from HR) and old AD accounts? There is
>     unique value in each side that is identity number but i can't sync
>     them because of searching by objectGUID.
>
>     Thank you, I hope it is explanatory.
>
>     Dilek.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170817/22c4cd93/attachment.htm>

More information about the midPoint mailing list