[midPoint] How to link unmatched accounts?

Ivan Noris ivan.noris at evolveum.com
Thu Nov 23 15:14:34 CET 2017


Hi,

first you need to answer the question:

Is the resource authoritative for the account->user creation or not?

If the resource is authoritative, you probably want to have UNMATCHED
situation with addFocus reaction.

If the resource is not authoritative, you probably don't want to have
UNMATCHED situation with addFocus reaction. But this effectively means,
that the resource contains accounts and midPoint cannot correlate them
to any of the users in midPoint. If another resource is authoritative
for owners of that accounts, you should first reconcile/synchronize with
that resource and then reconcile this one.

Or there is a chance that your correlation expression is just incorrect
and cannot find the owners even if you know that it should. If you want
to link them, you (midPoint) first needs to know to what users (owners)
should the accounts be linked. That is decided by the correlation
expression. (Or you can define owners manually if there if no
possibility to do it automatically as Gustav said few emails ago).

UNMATCHED means that midPoint does not know to which user should be the
account linked. So either the correlation expression is incorrect, or
there is really no owner of that account.

Best regards,

Ivan


On 23.11.2017 14:20, Alcides Carlos de Moraes Neto wrote:
> Thank you Ivan.
>
> But what if I don't want to create users from this resource? I just
> want to link them, my users are being created from another resource.
>
> 2017-11-23 9:14 GMT-02:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
>     Hi,
>
>     for Unmatched, the reaction should be addFocus to create users
>     from the accounts.
>
>     You also need to have inbound mappings to construct the user
>     attribute values.
>
>     Ivan
>
>
>     On 22.11.2017 18:28, Alcides Carlos de Moraes Neto wrote:
>>     Hello List,
>>
>>     I have a resource that correlates to Users, but does not create
>>     them. After the first time import, users were correctly
>>     correlated and linked, so the correlation expression is correct.
>>
>>     However, some accounts were left as Unmatched. That was expected,
>>     since I did not import all users yet. But after importing the
>>     remaining users, I'm not able to link the remaining accounts. I
>>     tried both Import and Reconcile Tasks of the Resource, and both
>>     of them numbers all accounts as "Not applicable for task".
>>
>>     I thought I had to add a "Unmatched" reaction to the
>>     Synchronization object. I had only Unlinked -> Link reaction. So
>>     I added Unmatched -> Link, but that did not change anything.
>>
>>     What am I doing wrong?
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>     <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>     -- 
>     Ivan Noris
>     Senior Identity Engineer
>     evolveum.com <http://evolveum.com>
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>     <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171123/37862808/attachment.htm>


More information about the midPoint mailing list