[midPoint] Manual connector questions

Alexandre Zia alexandre.zia at ifood.com.br
Tue Sep 4 04:16:31 CEST 2018 

Hi all,

   I'm Having a hard time trying to understand how manual connector
actually works.
   I've tried several approaches, but always end up with some
 "collateral effects"
   I've read all I could find about manual resources, MP Confluence,
mailing list,
   provisioned all the examples, tried several different configs, but the
fact
   is that there is no comprehensive explanation on how manual resources
works
   So I'm asking for help here at least to check if I'm doing something
terrible wrong

1. Pure manual connector:

   - Created Role to induce account creation works fine,

   - Upon role assignment the resulting operation it creates a shadow for
the
   account in the connector, however the assignment operation never
completes,
   stays in IN_PROGRESS forever and the shadows keeps pendingOperations and
   there is no way to get rid of them.

   - Upon role unassignment the role is unassigned but the projection in
the
   resource (shadow) is not removed, stays there forever until we manually
   delete the shadow and run a reconciliation

2. Semi manual with CSV connector as additionalConnector:

   - Same as above, except:

      -  I can see the accounts appearing in resource
         (Accounts tab in resource, searching in the resource side)
         when the accounts appears in the CSV, but seems to do nothing
         regarding the shadow.

      - when unassigning the role, same thing, when the account vanishes
from CSV
        nothing happens to the shadow and the projection remains

I have also created a Shadow Refresh Task, and it even reports that is
processing the shadows, but nothing changes actually.

  Other thing we are trying to do here is how to notify operator when he
needs
  to manually create or delete the accounts?
  We have created an extra approval named something like: "Wait for the
  operator to create the account" but again there is room for improvement
here:
    - We have approvers assigned to the role and an approval stage
    - So we have added operators as "owners" and filtering the "wait for
the
    operator" approval by the "owner" but this is not working properly.

  Can someone share a bit about the subject?
  What is the best approach to work with manual connectors?

  If we setup an ITSM plugin (we use Jira here) will it work as expected?
  By expected I mean will the assignments and unassignments work properly?
  The projections will be deleted upon unassignments?
  ITSM plugin is the right way to notify operators?


 Thanks for reading the entire email, I know it's huge ;)

 Regards,
 Alexandre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180903/8220da36/attachment.htm>

More information about the midPoint mailing list