[midPoint] Refreshing uuids in ldap shadow objects

Ivan Noris ivan.noris at evolveum.com
Fri Dec 1 11:16:24 CET 2017


Hi Pertti,


if I understand that correctly, the groups are not linked to any focus
objects (Orgs or Roles) in midPoint. (The Shadows Details page should
display no owners for that shadows).


So reconciliation of the groups should fix it (with unmatched->no
reaction). But this requires you to have at least simple objectType and
objectSynchronization defined for the groups (without mappings) in that
resource.


I'm thinking... As an alternative you may also just delete all shadows
corresponding to the groups where entryuuid changed, and then going to
Resource->your resource->Entitlements - selecting object class and
clicking Resource tab should display groups from the resource and
re-create shadow objects for them...


Also getting rid of that incorrect shadow objects and then editing some
user-projections-associations should display correctly (and it will
recreate the group shadow).


No other ideas now.


Best regards,

Ivan


On 01.12.2017 11:00, Pertti Kellomäki wrote:
>
> Hi,
>
>
> The groups are managed externally, though with hindsight it would have
> been better to let midPoint create them. Association is done using
> associationTargetSearch with a bit of groovy code that constructs the
> name of the appropriate ldap group.
>
>
> Pertti
>
> ------------------------------------------------------------------------
> *Lähettäjä:* midPoint <midpoint-bounces at lists.evolveum.com> käyttäjän
> puolestaIvan Noris <ivan.noris at evolveum.com>
> *Lähetetty:* 30. marraskuuta 2017 16:25
> *Vastaanottaja:* midpoint at lists.evolveum.com
> *Aihe:* Re: [midPoint] Refreshing uuids in ldap shadow objects
>  
>
> Hi Pertti,
>
>
> are the groups actually created by midPoint, or they are managed
> externally?
> How are you assiociating the LDAP accounts with the groups? Using
> associationTargetSearch or associationFromLink?
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171201/b5d2861a/attachment.htm>


More information about the midPoint mailing list