[midPoint] Refreshing uuids in ldap shadow objects

Ivan Noris ivan.noris at evolveum.com
Thu Nov 30 14:59:22 CET 2017


Hi Pertti,

have you tried reconciliation? It should detect the old account as
DELETED, delete the shadow and linkRef, and also detect the new account
as UNLINKED, and link it using the correlation expression...


(If you have the common synchronization definition, where DELETED has
unlink reaction and UNLINKED has link reaction.)


Running reconciliation with dryRun=true should show you approximately
the same number of UNLINKED and DELETED accounts... running without
dryrun should fix it then.

Best regards,
Ivan

On 30.11.2017 14:43, Pertti Kellomäki wrote:
>
> Hi all,
>
>
> I have  a situation where midPoint does not find some entries in an
> openldap resource because the uuid's of the entries have changed
> (don't ask...). I know how to fix them manually by editing the shadow
> object xml, but it is not very practical.
>
>
> Is there a way to refresh the shadow objects from the resource? The
> dn's of the ldap entries are valid and present in the ldap database,
> but some entries have been deleted and recreated, so uuids in the
> shadow objects are not valid any more. Consequently the ldap connector
> complains about missing entries.
>
> -- 
>
> Pertti
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171130/0ebbcd20/attachment.htm>


More information about the midPoint mailing list