[midPoint] One-way synchronization of accounts from resources.

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Wed Feb 22 09:00:17 CET 2017 

And when I create synchronization reaction and situation "Deleted" with a non-deleting action, eg. "unlink"? Woult it be ok?

W dniu 22.02.2017 o 08:46, Ivan Noris pisze:
> Hi,
> 
> if you configure your resource with inbound mappings only (remove all outbounds), midPoint will not try to push any attribute changes to that resource.
> 
> In addition you can configure capatilibies of the resource to completely disable create, update and/or delete operations:
> 
> ...
> 
>        </schemaHandling>
> 
>                 <capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
>                         <configured>
>                                 <cap:create>
>                                         <cap:enabled>false</cap:enabled>
>                                 </cap:create>
>                                 <cap:update>
>                                         <cap:enabled>false</cap:enabled>
>                                 </cap:update>
>                                 <cap:delete>
>                                         <cap:enabled>false</cap:enabled>
>                                 </cap:delete>
>                         </configured>
>                 </capabilities>
>         <synchronization>
> ...
> 
> See also: https://wiki.evolveum.com/display/midPoint/Resource+Capabilities
> 
> Please note that when midPoint user is deleted, midPoint will try to delete also that account, but as the operation is disabled, it will never delete it and show warning "Operation not supported". There is an issue https://jira.evolveum.com/browse/MID-2144 to completely ignore such operations even in GUI.
> 
> Of course with custom connectors/meta connectors (ScriptedSQL for example) you are able to do the same on the connector side - by not implementing the DeleteOp operation (or any other). What I describe here is midPoint configurable way which works for any connector.
> 
> Best regards,
> Ivan
> 
> On 02/22/2017 04:56 AM, Prabhakara Rao Doddapaneni wrote:
>> Hello,
>>
>> I have external identity stores that i configured to sync with midpoint repository.  I need to configure the synchronization so that only changes in the store to be updated in midpoint but not in reverse.  The changes to the users i make in midpoint should not be carried to the external resource.
>>
>> As of now when i use the resource configuration examples in github, when i delete a user in midpoint, the relevant account is being deleted in the external store.  I dont want to do that.
>>
>> Please help by explaining how to configure only inbound synchronization but ignore the outbound synchronization.  I am blocked in my POC because of this.
>>
>> Thanks,
>> Prabhakar.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
> 
> 
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.

More information about the midPoint mailing list