[midPoint] auto disabled user not in resource

Sylvaire kevin TIPA sylvaire-kevin.tipa at mythalesgroup.io
Tue Apr 9 02:03:10 CEST 2019 

Hey all,

Some question about live sync and reconciliation, if someone can help ☺

Like say bellow, I have a CSV resource which some account. I have in other part some User un MP. Following Oleksandr advise, I have used the « Inactivate focus » channel on my resource, and it work great when user and account are correctly link.

My problem, I say to my resource synchronization 2 reaction :

-          Deleted -> inactive focus

-          Unlinked -> link

I have tried many option on this reaction (Opportuniste, reconcile…) but the unlinked situation never work … I can see in recourse that my account flag as unlinked (so shadow are correctly import) but synchronization do not link it to my user …

As the documentation say : A resource object is found on the resource (it exists), midPoint determines exactly one owner for that resource object and that owner does not have the resource object linked (yet).
E.g. New account is found on the resource, an owner (midPoint user) is found by using a correlation expression.

If I create a new reconciliation task, it work, but why the simple synchronization didn’t reply ?

Nota :

-          My resource have live sync activated, but I need to create a livesync task run in loop,  right ? The synchronization is not “automatic” ?

Mp version :  3.7.2


Thx, br,


Cordialement,


[cid:8e2f30c3-f5eb-4f4e-aefb-9d083f8a3b45]

Sylvaire-Kevin TIPA
Thales Services / OIC / DevOps Automatisation Infrastructures
…………………………………………………………………………………………
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06
…………………………………………………………………………………………
www.thalesgroup.com<http://www.thalesgroup.com/>




De : Sylvaire kevin TIPA
Envoyé : lundi 1 avril 2019 15:32
À : midPoint General Discussion <midpoint at lists.evolveum.com>
Objet : RE: [midPoint] auto disabled user not in resource

\o/ ! It’s the good way, thanks for may work time gain.


Cordialement,


[cid:8e2f30c3-f5eb-4f4e-aefb-9d083f8a3b45]

Sylvaire-Kevin TIPA
Thales Services / OIC / DevOps Automatisation Infrastructures
…………………………………………………………………………………………
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
6946 Lyon Cedex 06
…………………………………………………………………………………………
www.thalesgroup.com<http://www.thalesgroup.com/>




De : midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> De la part de Oleksandr Nekriach
Envoyé : lundi 1 avril 2019 11:01
À : midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Objet : Re: [midPoint] auto disabled user not in resource

Hi,
Try to play around
Inactivate focus on deleted situation in CSV resource reconciliation synchronization policy

Best regards, Oleksandr


On Mon, 1 Apr 2019 at 11:42, Sylvaire kevin TIPA <sylvaire-kevin.tipa at mythalesgroup.io<mailto:sylvaire-kevin.tipa at mythalesgroup.io>> wrote:
Hey guy,

I want to disabled user that are not in specific resource. Have you any idea of how I  can do it ?

I explain my setup :

I have a CSV resource which is a RH export. When new client signup, I use a Hook for check if this user is present in my CSV resource, but user get no projection in this resource, I only use it as valid reference of users.

Now, I want to add an « auto-disabled » for user that are no more present un this CSV resource. I start to thinks about task run each night and check that all user name are present in this resource. I seems to be a little hard (and bad way) for doing that (big java block code for loop into my resource, for each user…).

So my, question, have you any suggestion of how I can manage users that are not already present in this resource ? (I only want to disabled her for X month, and another task will deleted account that are disabled for X month)

Thx, br,


Cordialement,


[cid:8e2f30c3-f5eb-4f4e-aefb-9d083f8a3b45]

Sylvaire-Kevin TIPA
Thales Services / OIC / DevOps Automatisation Infrastructures
…………………………………………………………………………………………
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06
…………………………………………………………………………………………
www.thalesgroup.com<http://www.thalesgroup.com/>





This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--
Best regards,

[cid:image002.png at 01D4EE76.EFEBD9F0]

Oleksandr Nekriach | Identity and access management engineer

Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia<https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
+37125314685<tel:+371%2025%20314%20685>
,
o.nekriach at dynatech.lv<mailto:o.nekriach at dynatech.lv>
|
www.dynatech.lv<http://www.dynatech.lv>


Stay connected:
[cid:image003.png at 01D4EE76.EFEBD9F0]<https://www.facebook.com/DynatechLatvia/?ref=br_rs>
[cid:image004.png at 01D4EE76.EFEBD9F0]<https://www.linkedin.com/company-beta/17893047/>


Confidentiality Notice: This message contains confidential information and is intended only for the named recipient(s). If you are not the addressee you may not copy, distribute or perform any other activities with this information. If you have received this transmission in error, please notify us by e-mail immediately. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.

This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190409/6a8093de/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6112 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190409/6a8093de/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 4265 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190409/6a8093de/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 790 bytes
Desc: image003.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190409/6a8093de/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 786 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190409/6a8093de/attachment-0003.png>

More information about the midPoint mailing list