[midPoint] How to actualize an account based on parentOrgRef

Fabian Noll-Dukiewicz fabian.noll-dukiewicz at fndit.de
Tue Apr 5 13:29:22 CEST 2022 

Hi Yakov,

I think you have multiple options to handle this requirement but it  depends on your configuration. In my mind you can use trigger to start a recomputation of the affected user. (take a look on linked objects: https://docs.evolveum.com/midpoint/reference/synchronization/linked-objects/)
Another possibility is to separate the two things. First setting the parentOrgRef in resource synchronization and second do the account creation (e.g. based on role assignment) in object template or by automatic role assignment.

Hope to give you some hints to make some progress.

Kind regards,
Fabian

________________________________
Von: Yakov Revyakin <yrevyakin at gmail.com>
Gesendet: Montag, 4. April 2022 16:42
An: midPoint General Discussion <midpoint at lists.evolveum.com>
Betreff: Re: [midPoint] How to actualize an account based on parentOrgRef

Can someone help with my question?
To actualize a user's AD account I run reconciliation with the user's HR source twice: first - to assign a parent org to the user, second - to create an account based on the parent org (because parentOrgRef is empty during first run).
Is it possible to configure the same effect running reconciliation only once?
Thanks,
J

On Sun, 3 Apr 2022 at 19:56, Yakov Revyakin <yrevyakin at gmail.com<mailto:yrevyakin at gmail.com>> wrote:
Hi,

AD shemaHandling recalculates user's AD account DN based on a value of parentOrgRef. If I assign another org instead of the previous recalculation doesn't happen because, as I understand, parentOrgRef gets updated value after a phase when MP calculates projections. So, I need to reconcile the user additionally to actualize the AD account.
Is this the right suggestion?
Can I manage this situation to have an actual state during a single import excluding extra recon?
Thanks,
J


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220405/cdbe0db6/attachment.htm>

More information about the midPoint mailing list