[midPoint] Link current HR account to existing AD account

Fri Mar 15 16:16:09 CET 2019

So you imported all your AD users into midpoint already and then trying to
import/link the HR users? Or you imported the HR users and trying to
import/link the AD users? What does the resource contain for name and/or dn
?

On Fri, Mar 15, 2019 at 8:52 AM Rod Holman <rholman at oaisd.org> wrote:

> Hi All,
>
>
>
> For our initial implementation of Midpoint we want to link existing
> accounts from our HR input to their existing accounts in active directory.
> After they are synced we want to have Midpoint add/sync users from HR to
> AD.  As a test we are trying to link an existing HR account to an existing
> AD account.  When we do this an attempt is made to add the account to AD no
> matter what we try causing an AlreadyExistsException error.  Below is our
> object synchronization for the account.  Is it possible that the
> correlation is never matching the two accounts?  We tried both $account and
> $shadow in the correlation path.  We know that the “Name” attribute in the
> HR account is the same as sAMAccountName in AD.   Is there something we’re
> doing wrong here?
>
>
>
> <objectSynchronization>
>
>             <name>Account sync</name>
>
>             <objectClass>ri:user</objectClass>
>
>             <kind>account</kind>
>
>             <intent>default</intent>
>
>             <enabled>true</enabled>
>
>             <correlation>
>
>                 <q:equal>
>
>                     <q:path>c:name</q:path>
>
>                     <expression xmlns="">
>
>                         <path>$account/attributes/ri:sAMAccountName</path>
>
>                     </expression>
>
>                 </q:equal>
>
>             </correlation>
>
>             <reconcile>false</reconcile>
>
>             <reaction>
>
>                 <situation>linked</situation>
>
>                 <synchronize>true</synchronize>
>
>                 <reconcile>false</reconcile>
>
>             </reaction>
>
>             <reaction>
>
>                 <situation>deleted</situation>
>
>                 <action ref="
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"/>
>
>             </reaction>
>
>             <reaction>
>
>                 <situation>unlinked</situation>
>
>                 <reconcile>false</reconcile>
>
>                 <action>
>
>                     <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
> </handlerUri>
>
>                 </action>
>
>             </reaction>
>
>             <reaction>
>
>                 <situation>unmatched</situation>
>
>                 <reconcile>false</reconcile>
>
>                 <action>
>
>                     <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus
> </handlerUri>
>
>                 </action>
>
>             </reaction>
>
>         </objectSynchronization>
>
>
>
> Thank You,
>
> Rod Holman
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/2d4f6512/attachment.htm>