[midPoint] A problem with synchronization
Konstantin Tikhonov
Konstantin.Tikhonov at veeam.com
Wed Jul 1 20:37:31 CEST 2020
Hi Ivan.
Unfortunately I faced a new problem: the reconciliation task works when I run it manually but doesn’t work if it runs by schedule. I set an interval to 60 seconds and as I see in Results section of the task reconciliation was completed successfully but no changes in shadows.
I attached screenshots of my current reconciliation task settings. Perhaps I need to set some other settings to make it work by schedule. Could you please advise?
Thank you in advance.
--
Best Regards,
Konstantin
From: Konstantin Tikhonov
Sent: Wednesday, July 1, 2020 1:15 AM
To: midPoint General Discussion
Subject: RE: [midPoint] A problem with synchronization
Hi Ivan.
Re-tested the issue again, the situation keeps the same. Created the ticket https://jira.evolveum.com/browse/MID-6357 in your JIRA.
--
Best Regards,
Konstantin
From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> On Behalf Of Ivan Noris
Sent: Monday, June 29, 2020 10:06 AM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] A problem with synchronization
Hi Konstantin,
hm, this looks really strange. What I suggest is to retest with midpoint master to see if this behaviour is the same.
If livesync task does not update shadows, I would consider that as a bug - please report it to our JIRA.
Thank you!
Ivan
On 29. 6. 2020 1:20, Konstantin Tikhonov wrote:
Hi Ivan.
Thanks for your answer.
It seems I managed to solve the issue. I created reconciliation task for the resource and after it’s completed deleted accounts marks DELETED as it should be. I attached XML of the resource to the e-mail.
It looks Synchronization task doesn’t update accounts, Reconciliation task only does it.
A weird thing again – I added two accounts to the CSV file, linked one of them to a user, left the another one unlinked. Then I removed both from CSV file. The unlinked account got UNMATCHED without running Synchronization or Reconciliation task. The linked account stayed unchanged, i. e. LINKED to a user. Then I run Reconciliation task and the unlinked (UNMATCHED) account was removed from midPoint and the LINKED account was unlinked from the user and marked DELETED.
--
Best Regards,
Konstantin.
From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ivan Noris
Sent: Friday, June 26, 2020 2:49 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] A problem with synchronization
Hi Konstantin,
well, in my situation it worked with the following notes:
- the resource was authoritative, delete -> inactivateFocus
- no multiaccounts inbound feature used
- the consistency set for deadShadowsRetentionPeriod 0
I'm using that setup in our training which is based on 4.0.1 (or 4.0.2).
One thing that disturbs me is your resource where for your <reaction> element you have <reconcile>false</reconcile> and also <tolerant>false</tolerant> for your attributes. These are not defaults.
Ivan
On 26. 6. 2020 13:06, Konstantin Tikhonov wrote:
Hi Ivan.
Thank you for your response.
I added the section:
<consistency>
<deadShadowRetentionPeriod>PT0H</deadShadowRetentionPeriod>
</consistency>
to the CSV resource but unfortunately it didn’t fix synchronization. Synchronization doesn’t mark an account as deleted, it remains LINKED. But when I clicked to the account (perhaps some local sync task for one account runs in this case) the shadow is removed.
So in terms of the ticket you sent my scenario looks as follows
1. account doesn't exist in target system.
2. user exists in midpoint.
3. sync configuration deleted -> unlink, unlinked -> unlink.
4. sync DOESN’T MARK shadow as deleted, shadow stays.
And actually we don’t need to delete a shadow immediately, to mark it as deleted would be enough. I removed <deadShadowRetentionPeriod> parameter from the resource.
May be, I do something wrong? Please, let me know.
Thanks.
--
Best Regards,
Konstantin.
From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ivan Noris
Sent: Friday, June 26, 2020 9:14 AM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] A problem with synchronization
Hi Konstantin,
you may want to apply the fragment from https://jira.evolveum.com/browse/MID-5452
I remember I had some hard time with that, but as seen in the JIRA comments, during some time period it also worked without that workaround.
Unfortunately I can't point you to a documentation in this case. But the deadShadowRetentionPeriod should help you in this particular case.
Best regards,
Ivan
On 26. 6. 2020 3:12, Konstantin Tikhonov wrote:
Hello Colleagues.
I have a strange problem with synchronization.
I configured CSV resource (XML attached) and it works good. But when I delete account in the CSV file midPoint shows that it’s absent in the Resource tab but still present and even LINKED in the Repository one (screenshots 1, 2 also attached). I run synchronization many times but it doesn’t help.
And one more strange thing – if I click to the deleted account in Repository tab it opens with Username field filled only (screenshot 3) and after that in the Repository tab it gets marked DELETED and with Dead Shadow (screenshot 4) as it should be.
Could you please help to fix this issue?
Thank you in advance.
--
Best Regards,
Konstantin
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200701/4f1104a3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20200701_midPoint, Test CSV Resource Reconciliation task 1.png
Type: image/png
Size: 55493 bytes
Desc: 20200701_midPoint, Test CSV Resource Reconciliation task 1.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200701/4f1104a3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20200701_midPoint, Test CSV Resource Reconciliation task 2.png
Type: image/png
Size: 12530 bytes
Desc: 20200701_midPoint, Test CSV Resource Reconciliation task 2.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200701/4f1104a3/attachment-0001.png>
More information about the midPoint
mailing list