[midPoint] Filtering User Sync from HR DB
Sean R Penndorf
srpenn at us.ibm.com
Fri Dec 22 19:19:33 CET 2017
I only want to sync data from our HR DB if the user already exists in
midPoint.
Here's why:
My company has about 350,000-400,000 employees globally (give or take).
Resources I deal with have about 4,000+ users (or about 1 to 1.5% of the
total population).
I really don't want to have shadow objects for 400,000 accounts when I
only need 4000.
Furthermore, our HR DB will block you if you attempt to read the entire
DB. So LDAP searches like (uid=*) will fail.
However, I do need to validate employment.
So what kind of filter should I use so I only sync with HR for users who
already exist in midPoint? Feel like I'm missing something simple here.
Where would I handle this use case?
Correlation? Reactions? Conditions?
Thanks!
------------------
Sean Penndorf
SaaS Operational Services (SOS) - ID Management
IBM Cloud
srpenn at us.ibm.com
Office: 248-552-4791 TL 623-9966
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171222/c9b8fad5/attachment.htm>
More information about the midPoint
mailing list