[midPoint] Link current HR account to existing AD account

Rod Holman rholman at oaisd.org
Fri Mar 15 14:51:42 CET 2019 

Hi All,

For our initial implementation of Midpoint we want to link existing accounts from our HR input to their existing accounts in active directory.  After they are synced we want to have Midpoint add/sync users from HR to AD.  As a test we are trying to link an existing HR account to an existing AD account.  When we do this an attempt is made to add the account to AD no matter what we try causing an AlreadyExistsException error.  Below is our object synchronization for the account.  Is it possible that the correlation is never matching the two accounts?  We tried both $account and $shadow in the correlation path.  We know that the "Name" attribute in the HR account is the same as sAMAccountName in AD.   Is there something we're doing wrong here?

<objectSynchronization>
            <name>Account sync</name>
            <objectClass>ri:user</objectClass>
            <kind>account</kind>
            <intent>default</intent>
            <enabled>true</enabled>
            <correlation>
                <q:equal>
                    <q:path>c:name</q:path>
                    <expression xmlns="">
                        <path>$account/attributes/ri:sAMAccountName</path>
                    </expression>
                </q:equal>
            </correlation>
            <reconcile>false</reconcile>
            <reaction>
                <situation>linked</situation>
                <synchronize>true</synchronize>
                <reconcile>false</reconcile>
            </reaction>
            <reaction>
                <situation>deleted</situation>
                <action ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"/>
            </reaction>
            <reaction>
                <situation>unlinked</situation>
                <reconcile>false</reconcile>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
                </action>
            </reaction>
            <reaction>
                <situation>unmatched</situation>
                <reconcile>false</reconcile>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
                </action>
            </reaction>
        </objectSynchronization>

Thank You,
Rod Holman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/37545800/attachment.htm>

More information about the midPoint mailing list