<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Jason,<br>
<br>
are you sure it was really a full recon? :-) E.g. wasn't that a
dry run in your case?<br>
<br>
In my case, I have a testing OpenDJ LDAP server, a local
PostgreSQL database, and a full recon takes approximately 80
milliseconds per user:<br>
<br>
Finished resource part of object:...(Localhost OpenDJ)
reconciliation: Processed 1004 account(s), got 0 error(s) Average
time for one object: 66.80677 ms (<b>wall clock time average:
77.61056 ms</b>).<br>
<br>
Yours 27 minutes = 40,5 milliseconds per user seems to be quite
impressive :)<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<blockquote
cite="mid:CAFkZXY70+SLKBL-HF4aKE=HFjBYNYBoBK5nog0gGtheWhC8uYA@mail.gmail.com"
type="cite">
<div dir="ltr">I did a reconcile already from that last time I
figured out how to do it from one of the previous discussions. I
just didn't know if it were a standard to do a daily recon on a
resource.
<div><br>
</div>
<div>It took 27 minutes to do a full Recon, I only have 6
attributes which 3 are outbound and 3 is both in/out. Name,
Last, Phone, Email, Department, Profile (extension). This is a
VMware VM on my workstation also, so surprisingly fast because
the virtual disk is on the same disk as 10 other running VMs.</div>
<div><br>
</div>
<div>I have almost 6 different resources now, various types, 2
of which are this type where the resource already has the
accounts.</div>
<div><br>
</div>
<div>I also upgraded to 3.1 Snapshot, just so I am creating all
the objects on the latest version.</div>
<div><br>
</div>
<div> </div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 8, 2014 at 1:27 PM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
<br>
40.000 accounts is not an issue itself. Just be adwised
that performance strongly depends not only the number of
users, but also on configuration of mappings, logging,
tracing etc. In other words, linking the account is one
thing, provisioning changes during the recon takes more
time.<br>
<br>
Anyway we appreciate any information about the performance
in your case when it's finished.<br>
<br>
And don't forget to run the dry-run recon first to be sure
about your correlation rules.<br>
<br>
Thanks,<br>
Ivan
<div>
<div class="h5"><br>
<br>
<div>On 12/08/2014 06:45 PM, Jason Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Ok thanks, that is what I figured so
I just wanted to make sure that was the case. I am
going to remove that configuration, it should
never create anyways, users will always be listed
on that resource first way before midpoint would
ever even create the midpoint user account.
<div><br>
</div>
<div>I could also just leave that and run
Reconcile on the resource nightly, it has 40,000
objects, that should not be an issue right?<br>
<div><br>
</div>
<div>JASON</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 8, 2014 at
11:42 AM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi
Jason,<br>
<br>
as the error states, and based on what
you've written earlier about disabling
creates, it's because the create capability
is disabled (deliberately). midPoint tries
to create (add) account and the decision
that it should be converted to an update
comes just after the collision is detected.<span><font
color="#888888"><br>
<br>
I.</font></span>
<div>
<div><br>
<br>
<div>On 12/08/2014 06:26 PM, Jason
Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I figured that this was
the case and I read on the wiki..
<div><br>
<div>"<span style="font-size:13px">Technically,
when midPoint user is assigned
a role that should provision
account on target system and
the account already exists (=
can be correlated), it will be
updated. But the decision is
made upon the provisioning
request."</span></div>
</div>
<div><span style="font-size:13px"><br>
</span></div>
<div><span style="font-size:13px">But
it does not work, it errors out.
Maybe because my resource has
create and delete disabled?
Midpoint will never create or
delete accounts in this
resource.</span></div>
<div><br>
</div>
<div>
<div><span
style="white-space:pre-wrap">
</span><cap:create></div>
<div>
<cap:enabled>false</cap:enabled></div>
<div>
</cap:create></div>
<div>
<cap:delete></div>
<div><span
style="white-space:pre-wrap">
</span><cap:enabled>false</cap:enabled></div>
<div>
</cap:delete></div>
</div>
<div><br>
</div>
<div>Starting error,</div>
<div><br>
</div>
<div>com.evolveum.midpoint.util.exception.SystemException:
com.evolveum.midpoint.util.exception.SystemException:
java.lang.UnsupportedOperationException:
Resource does not support 'create'
operation<br>
</div>
<div><br>
</div>
<div>This is when I have a role that
has an inducement for this
resource which I would have
thought would just link since it
already exists, the correlation is
employeeNumber like all of my
other resources.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec
8, 2014 at 10:52 AM, Ivan Noris <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> Hi Jason,<br>
<br>
in general, the deployment is
as follows:<br>
<br>
1. import/reconcile from
source system(s) to create
identities (users) in
midPoint. This may also create
additional accounts in other
systems (i.e. that were not
provisioned before).<br>
2. create reconciliation tasks
for all other systems, where
the accounts already exists
and should be linked to
midpoint identities.<br>
<br>
Based on the mappings in your
resources, the reconciliations
may modify the data on the
reconciled resources (outbound
mappings).<br>
<br>
Technically, when midPoint
user is assigned a role that
should provision account on
target system and the account
already exists (= can be
correlated), it will be
updated. But the decision is
made upon the provisioning
request.<br>
<br>
So I'd recommend to setup the
reconciliation tasks, and
start them first with the
"dry-run" flag to see how many
accounts can be correlated to
midPoint users.<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 12/08/2014 04:51
PM, Jason Everling
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">So here
is the scenario,
<div><br>
</div>
<div>There is a
DBTable resource
that already has all
the accounts,
midpoint will not
create or delete
from this resource.</div>
<div><br>
</div>
<div>The user does not
exist yet in
Midpoint, The users
are created in
midpoint using
another DBTable
resource.</div>
<div><br>
</div>
<div>How can I link
the newly created
user in Midpoint to
their account in the
other resource,</div>
<div><br>
</div>
<div>I can do this by
running a reconcile
task on the resource
but is there any
other way to link
users to accounts on
other resources
since they already
exist without having
to run reconcile on
the resource
everytime?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with
any attachments is
proprietary and
confidential; intended for
only the recipient(s)
named above and may
contain information that
is privileged. You should
not retain, copy or use
this e-mail or any
attachments for any
purpose, or disclose all
or any part of the
contents to any person.
Any views or opinions
expressed in this e-mail
are those of the author
and do not represent those
of the Baptist School of
Health Professions. If you
have received this e-mail
in error, or are not the
named recipient(s), you
are hereby notified that
any review, dissemination,
distribution or copying of
this communication is
prohibited by the sender
and to do so might
constitute a violation of
the Electronic
Communications Privacy
Act, 18 U.S.C. section
2510-2521. Please
immediately notify the
sender and delete this
e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888">
</font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only the
recipient(s) named above and may
contain information that is
privileged. You should not retain,
copy or use this e-mail or any
attachments for any purpose, or
disclose all or any part of the
contents to any person. Any views or
opinions expressed in this e-mail
are those of the author and do not
represent those of the Baptist
School of Health Professions. If you
have received this e-mail in error,
or are not the named recipient(s),
you are hereby notified that any
review, dissemination, distribution
or copying of this communication is
prohibited by the sender and to do
so might constitute a violation of
the Electronic Communications
Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify
the sender and delete this e-mail
and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>