[midPoint] A problem with synchronization

Konstantin Tikhonov Konstantin.Tikhonov at veeam.com
Mon Jun 29 01:20:20 CEST 2020


Hi Ivan.

Thanks for your answer.

It seems I managed to solve the issue. I created reconciliation task for the resource and after it’s completed deleted accounts marks DELETED as it should be. I attached XML of the resource to the e-mail.
It looks Synchronization task doesn’t update accounts, Reconciliation task only does it.

A weird thing again – I added two accounts to the CSV file, linked one of them to a user, left the another one unlinked. Then I removed both from CSV file. The unlinked account got UNMATCHED without running Synchronization or Reconciliation task. The linked account stayed unchanged, i. e. LINKED to a user. Then I run Reconciliation task and the unlinked (UNMATCHED) account was removed from midPoint and the LINKED account was unlinked from the user and marked DELETED.

--
Best Regards,

Konstantin.

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Ivan Noris
Sent: Friday, June 26, 2020 2:49 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] A problem with synchronization


Hi Konstantin,

well, in my situation it worked with the following notes:

- the resource was authoritative, delete -> inactivateFocus

- no multiaccounts inbound feature used

- the consistency set for deadShadowsRetentionPeriod 0

I'm using that setup in our training which is based on 4.0.1 (or 4.0.2).

One thing that disturbs me is your resource where for your <reaction> element you have <reconcile>false</reconcile> and also <tolerant>false</tolerant> for your attributes. These are not defaults.

Ivan
On 26. 6. 2020 13:06, Konstantin Tikhonov wrote:
Hi Ivan.

Thank you for your response.

I added the section:

    <consistency>
        <deadShadowRetentionPeriod>PT0H</deadShadowRetentionPeriod>
    </consistency>

to the CSV resource but unfortunately it didn’t fix synchronization. Synchronization doesn’t mark an account as deleted, it remains LINKED. But when I clicked to the account (perhaps some local sync task for one account runs in this case) the shadow is removed.

So in terms of the ticket you sent my scenario looks as follows

1.    account doesn't exist in target system.

2.    user exists in midpoint.

3.    sync configuration deleted -> unlink, unlinked -> unlink.

4.    sync DOESN’T MARK shadow as deleted, shadow stays.
And actually we don’t need to delete a shadow immediately, to mark it as deleted would be enough. I removed <deadShadowRetentionPeriod> parameter from the resource.

May be, I do something wrong? Please, let me know.

Thanks.

--
Best Regards,

Konstantin.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ivan Noris
Sent: Friday, June 26, 2020 9:14 AM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] A problem with synchronization


Hi Konstantin,

you may want to apply the fragment from https://jira.evolveum.com/browse/MID-5452

I remember I had some hard time with that, but as seen in the JIRA comments, during some time period it also worked without that workaround.

Unfortunately I can't point you to a documentation in this case. But the deadShadowRetentionPeriod should help you in this particular case.

Best regards,

Ivan
On 26. 6. 2020 3:12, Konstantin Tikhonov wrote:
Hello Colleagues.

I have a strange problem with synchronization.

I configured CSV resource (XML attached) and it works good. But when I delete account in the CSV file midPoint shows that it’s absent in the Resource tab but still present and even LINKED in the Repository one (screenshots 1, 2 also attached). I run synchronization many times but it doesn’t help.

And one more strange thing – if I click to the deleted account in Repository tab it opens with Username field filled only (screenshot 3) and after that in the Repository tab it gets marked DELETED and with Dead Shadow (screenshot 4) as it should be.

Could you please help to fix this issue?

Thank you in advance.

--
Best Regards,

Konstantin






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint

--

Ivan Noris

Senior Identity Engineer

evolveum.com



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint

--

Ivan Noris

Senior Identity Engineer

evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200628/2a1832d4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ExportedData_ResourceType_2020_06_29_02_6_31.xml
Type: application/xml
Size: 17393 bytes
Desc: ExportedData_ResourceType_2020_06_29_02_6_31.xml
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200628/2a1832d4/attachment.xml>


More information about the midPoint mailing list