[midPoint] Discovery, Object Already Exists

Yakov Revyakin yrevyakin at gmail.com
Wed Dec 7 08:37:48 CET 2022 

Unfortunately the problem hasn't gone. It has another nature.
- Midpoint tries to get shadow from Google resource right after its
creation. So, at this moment shadow exists, but Midpoint tries to check its
existence (Discovery)
- Midpoint receives ObjectNotFoundException and runs
ObjectNotFoundHandler.discoverDeletedShadow()
- At the end this results in that Midpoint tries to create the object in
resource again and gets ObjectAlreadyExistsException because the object was
actually created in the very beginning.
- In result just created projection goes to dead state
- In audit log this process reflects in a Discovery record with fatal error
as result

I think this happens because Midpoint tries to get created object too
early. Or, probably, it is not a responsibility of Midpoint but of the
connector.

Can this case be managed in resource configuration? What is the place
responsible for managing this situation?

Guys, I really need help with this.
Thanks in advance,
J



On Fri, 18 Nov 2022 at 21:26, Yakov Revyakin <yrevyakin at gmail.com> wrote:

> Graph connector has a phrase that to support discovery we must import
> Microsoft certificates.
> In case of googleapps connector when I imported Google certificates the
> problem had gone.
>
> On Fri, 21 Oct 2022 at 20:23, Yakov Revyakin <yrevyakin at gmail.com> wrote:
>
>> Any suggestions?
>>
>> On Mon, 17 Oct 2022 at 20:18, Yakov Revyakin <yrevyakin at gmail.com> wrote:
>>
>>> Hi all,
>>> I'm playing with connector-gooogleapps.
>>> I assign the resource to a user via a role assigned to an org with
>>> order=2 UserType inducement.
>>> If I use Admin UI and enable reconcile option after clicking Save I can
>>> see, in the audit log report, that right after successful creation of a new
>>> Google account Midpoint starts Sync Discovery. During this stage Midpoint
>>> tries to create the account again and this stage goes down because of
>>> exception ObjectAlreadyExists. After that successfully created projection
>>> gets Dead status.
>>> But, If I run reconciliation of a trusted CVS source, creation of an
>>> account is successful and there is no any Discovery after creation.
>>> Could you advise how to manage this case and have alive accounts instead
>>> of dead using UI?
>>>
>>> Tnx,
>>> J
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221207/a4bd15ab/attachment-0001.htm>

More information about the midPoint mailing list