<div dir="ltr">Ok thanks, that is what I figured so I just wanted to make sure that was the case. I am going to remove that configuration, it should never create anyways, users will always be listed on that resource first way before midpoint would ever even create the midpoint user account.<div><br></div><div>I could also just leave that and run Reconcile on the resource nightly, it has 40,000 objects, that should not be an issue right?<br><div><br></div><div>JASON</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 8, 2014 at 11:42 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
as the error states, and based on what you've written earlier about
disabling creates, it's because the create capability is disabled
(deliberately). midPoint tries to create (add) account and the
decision that it should be converted to an update comes just after
the collision is detected.<span class="HOEnZb"><font color="#888888"><br>
<br>
I.</font></span><div><div class="h5"><br>
<br>
<div>On 12/08/2014 06:26 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I figured that this was the case and I read on the
wiki..
<div><br>
<div>"<span style="font-size:13px">Technically, when midPoint
user is assigned a role that should provision account on
target system and the account already exists (= can be
correlated), it will be updated. But the decision is made
upon the provisioning request."</span></div>
</div>
<div><span style="font-size:13px"><br>
</span></div>
<div><span style="font-size:13px">But it does not work, it
errors out. Maybe because my resource has create and delete
disabled? Midpoint will never create or delete accounts in
this resource.</span></div>
<div><br>
</div>
<div>
<div><span style="white-space:pre-wrap"> </span><cap:create></div>
<div>
<cap:enabled>false</cap:enabled></div>
<div> </cap:create></div>
<div> <cap:delete></div>
<div><span style="white-space:pre-wrap"> </span><cap:enabled>false</cap:enabled></div>
<div> </cap:delete></div>
</div>
<div><br>
</div>
<div>Starting error,</div>
<div><br>
</div>
<div>com.evolveum.midpoint.util.exception.SystemException:
com.evolveum.midpoint.util.exception.SystemException:
java.lang.UnsupportedOperationException: Resource does not
support 'create' operation<br>
</div>
<div><br>
</div>
<div>This is when I have a role that has an inducement
for this resource which I would have thought would just link
since it already exists, the correlation is employeeNumber
like all of my other resources.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 8, 2014 at 10:52 AM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
<br>
in general, the deployment is as follows:<br>
<br>
1. import/reconcile from source system(s) to create
identities (users) in midPoint. This may also create
additional accounts in other systems (i.e. that were not
provisioned before).<br>
2. create reconciliation tasks for all other systems,
where the accounts already exists and should be linked to
midpoint identities.<br>
<br>
Based on the mappings in your resources, the
reconciliations may modify the data on the reconciled
resources (outbound mappings).<br>
<br>
Technically, when midPoint user is assigned a role that
should provision account on target system and the account
already exists (= can be correlated), it will be updated.
But the decision is made upon the provisioning request.<br>
<br>
So I'd recommend to setup the reconciliation tasks, and
start them first with the "dry-run" flag to see how many
accounts can be correlated to midPoint users.<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 12/08/2014 04:51 PM, Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">So here is the scenario,
<div><br>
</div>
<div>There is a DBTable resource that already has
all the accounts, midpoint will not create or
delete from this resource.</div>
<div><br>
</div>
<div>The user does not exist yet in Midpoint, The
users are created in midpoint using another
DBTable resource.</div>
<div><br>
</div>
<div>How can I link the newly created user in
Midpoint to their account in the other resource,</div>
<div><br>
</div>
<div>I can do this by running a reconcile task on
the resource but is there any other way to link
users to accounts on other resources since they
already exist without having to run reconcile on
the resource everytime?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only the
recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use
this e-mail or any attachments for any purpose, or
disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail
are those of the author and do not represent those of
the Baptist School of Health Professions. If you have
received this e-mail in error, or are not the named
recipient(s), you are hereby notified that any review,
dissemination, distribution or copying of this
communication is prohibited by the sender and to do so
might constitute a violation of the Electronic
Communications Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify the sender and
delete this e-mail and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>