[midPoint] Deleting orphaned accounts

[Arnošt Starosta - AMI Praha a.s.]

Hi all,

is there a nice way to delete identity accounts on resources that were down
when the identity itself was deleted? Without deleting all 'unmatched'
accounts?

The test case that is failing for me is
1) setup an identity with account on resource X
2) shutdown end system behind X
3) delete identity
4) start X again
5) reconcile X

The shadow of the account after 3) "delete identity" is still 'linked' with
the delete operation status 'fatal_error', the identity is already deleted.

After 5) "reconcile X" shadow goes to 'unmatched', the delete operation is
not retried, account on X still exists.

Deleting unmatched accounts is not an option, all existing unmatched have
to stay. Can't make them protected either, there are too many with no clear
discriminator.

Is there a way to retry the pending delete operation on shadow?

thanks
arnost

-- 

Arnošt Starosta
solution architect

gsm: [+420] 603 794 932
e-mail: arnost.starosta at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171004/735fb114/attachment.htm>