[midPoint] Dangling shadow objects

[Pertti Kellomäki]

Hi all,


I have a setup where midPoint roles induce ldap groups and memberships. The ldap resource is modeled after the openldap sample, and only has outbound mappings.


I'm having problems reconstructing the ldap state. Let's say I have an ldap group induced by a role assigned to an organization. If I manually remove the group in the ldap server, and try to re-induce it in the midPoint organization view by doing reconcile+save, I get an error in "Computing projections of the focus object", and the error message tells me that a shadow object was not found.


Checking the organization in Configuration objects shows a linkRef which does not have a comment explaining which resource object it corresponds to it. Presumably it is the shadow object corresponding to the removed ldap  group. If I remove the linkRef in xml and save, reconciliation of the organization succeeds and the group is recreated.


Is there some way to tell midPoint to ignore such dangling shadow objects? Or is this maybe a consequence of not having inbound mappings in the resource? This is with midPoint 3.5.

--

Pertti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170926/cee6f545/attachment.htm>