[midPoint] limiting livesync AD work

Matus Macik matus.macik at evolveum.com
Wed Feb 26 16:04:01 CET 2025 

Hello,

This behavior can be achieved as mentioned, via the Synchronization > Reaction configuration of the object class you wish to limit.
In the reaction to a synchronization situation, you can specify the channel to which this reaction is limited. In your case, we can use the "objectImport" channel in reaction to the "linked" situation.

The configuration snipped could look somewhat like this:

            <synchronization>
                <reaction>
                    <situation>unmatched</situation>
                    <actions>
                        <addFocus/>
                    </actions>
                </reaction>
                <reaction>
                    <situation>unlinked</situation>
                    <actions>
                        <link/>
                    </actions>
                </reaction>
                <reaction>
                    <situation>linked</situation>
                    <channel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</channel>
                    <actions>
                        <synchronize/>
                    </actions>
                </reaction>
            </synchronization>

With this configuration present, the execution of a reconciliation or LiveSync task should end up with the requested result.

Please have a look in our documentation regarding channels: https://docs.evolveum.com/midpoint/reference/support-4.9/resources/resource-configuration/schema-handling/synchronization/

Additionally, could you provide a more specific example of the use case you have in mind? Maybe there is an alternative solution or approach.

Best Regards, 

Matúš Macík | Identity and Access Management Engineer 

[ https://evolveum.com/ ] 
[ mailto:matus.macik at evolveum.com | matus.macik at evolveum.com ] | [ http://www.evolveum.com/ | www.evolveum.com ] 
[ https://evolveum.com/upcoming-events/ |   ] 

[ https://www.linkedin.com/company/evolveum ] [ https://twitter.com/evolveum ] [ https://www.facebook.com/evolveum ] 


Disclaimer: The contents of this e-mail and attachment(s) thereto are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.

----- Original Message -----
From: "midPoint General Discussion" <midpoint at lists.evolveum.com>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Cc: "mikhail.nikolaenko" <mikhail.nikolaenko at proton.me>
Sent: Tuesday, February 25, 2025 10:29:32 AM
Subject: Re: [midPoint] limiting livesync AD work

Hello,

I am very new to the midPoint and only reading the book and playing with local test instance, but I guess it should be possible using just synchronization configuration in the object type (Resource -> Schema handling -> your object type -> synchronization).
You need situations:
Unmatched - means there is a new account so you define action: link
Deleted - unlink

Hope I am right and it helps :-)

With best regards,
Mike


Sent with Proton Mail secure email.

On Friday, 21 February 2025 at 4:48 PM, Ashwill, Steven L via midPoint <midpoint at lists.evolveum.com> wrote:

> Hello,
> Is there a way that we can limit the livesync task in 4.8.x to simply pick up create events? Once a user is created and we have them linked, we no longer want to react to changes in the AD. Midpoint has authority on the mappings we control and we ignore everything else in the AD and therefore we don't want to process the 1000s of updates that occur daily. We just want to react to a create or delete of a user in the AD and link or unlink the user we have in midpoint
> 
> 
> STEVEN L ASHWILL
> Software Engineer Coordinator
> 
> 
> 
> Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure.
> 
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list