<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi Jason,<br>
    <br>
    40.000 accounts is not an issue itself. Just be adwised that
    performance strongly depends not only the number of users, but also
    on configuration of mappings, logging, tracing etc. In other words,
    linking the account is one thing, provisioning changes during the
    recon takes more time.<br>
    <br>
    Anyway we appreciate any information about the performance in your
    case when it's finished.<br>
    <br>
    And don't forget to run the dry-run recon first to be sure about
    your correlation rules.<br>
    <br>
    Thanks,<br>
    Ivan<br>
    <br>
    <div class="moz-cite-prefix">On 12/08/2014 06:45 PM, Jason Everling
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAFkZXY4rkuMRjd1x6HBFAdme-oWrqW+cNKuHWvbRHutURp_=yA@mail.gmail.com"
      type="cite">
      <div dir="ltr">Ok thanks, that is what I figured so I just wanted
        to make sure that was the case. I am going to remove that
        configuration, it should never create anyways, users will always
        be listed on that resource first way before midpoint would ever
        even create the midpoint user account.
        <div><br>
        </div>
        <div>I could also just leave that and run Reconcile on the
          resource nightly, it has 40,000 objects, that should not be an
          issue right?<br>
          <div><br>
          </div>
          <div>JASON</div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Dec 8, 2014 at 11:42 AM, Ivan
          Noris <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
              <br>
              as the error states, and based on what you've written
              earlier about disabling creates, it's because the create
              capability is disabled (deliberately). midPoint tries to
              create (add) account and the decision that it should be
              converted to an update comes just after the collision is
              detected.<span class="HOEnZb"><font color="#888888"><br>
                  <br>
                  I.</font></span>
              <div>
                <div class="h5"><br>
                  <br>
                  <div>On 12/08/2014 06:26 PM, Jason Everling wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">I figured that this was the case and
                      I read on the wiki..
                      <div><br>
                        <div>"<span style="font-size:13px">Technically,
                            when midPoint user is assigned a role that
                            should provision account on target system
                            and the account already exists (= can be
                            correlated), it will be updated. But the
                            decision is made upon the provisioning
                            request."</span></div>
                      </div>
                      <div><span style="font-size:13px"><br>
                        </span></div>
                      <div><span style="font-size:13px">But it does not
                          work, it errors out. Maybe because my resource
                          has create and delete disabled? Midpoint will
                          never create or delete accounts in this
                          resource.</span></div>
                      <div><br>
                      </div>
                      <div>
                        <div><span style="white-space:pre-wrap"> </span><cap:create></div>
                        <div>                   
                          <cap:enabled>false</cap:enabled></div>
                        <div>                </cap:create></div>
                        <div>                <cap:delete></div>
                        <div><span style="white-space:pre-wrap"> </span><cap:enabled>false</cap:enabled></div>
                        <div>                </cap:delete></div>
                      </div>
                      <div><br>
                      </div>
                      <div>Starting error,</div>
                      <div><br>
                      </div>
                      <div>com.evolveum.midpoint.util.exception.SystemException:

                        com.evolveum.midpoint.util.exception.SystemException:

                        java.lang.UnsupportedOperationException:
                        Resource does not support 'create' operation<br>
                      </div>
                      <div><br>
                      </div>
                      <div>This is when I have a role that has an
                        inducement for this resource which I would have
                        thought would just link since it already exists,
                        the correlation is employeeNumber like all of my
                        other resources.</div>
                      <div><br>
                      </div>
                      <div>JASON</div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Dec 8, 2014 at
                        10:52 AM, Ivan Noris <span dir="ltr"><<a
                            moz-do-not-send="true"
                            href="mailto:ivan.noris@evolveum.com"
                            target="_blank">ivan.noris@evolveum.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000"> Hi
                            Jason,<br>
                            <br>
                            in general, the deployment is as follows:<br>
                            <br>
                            1. import/reconcile from source system(s) to
                            create identities (users) in midPoint. This
                            may also create additional accounts in other
                            systems (i.e. that were not provisioned
                            before).<br>
                            2. create reconciliation tasks for all other
                            systems, where the accounts already exists
                            and should be linked to midpoint identities.<br>
                            <br>
                            Based on the mappings in your resources, the
                            reconciliations may modify the data on the
                            reconciled resources (outbound mappings).<br>
                            <br>
                            Technically, when midPoint user is assigned
                            a role that should provision account on
                            target system and the account already exists
                            (= can be correlated), it will be updated.
                            But the decision is made upon the
                            provisioning request.<br>
                            <br>
                            So I'd recommend to setup the reconciliation
                            tasks, and start them first with the
                            "dry-run" flag to see how many accounts can
                            be correlated to midPoint users.<br>
                            <br>
                            Regards,<br>
                            Ivan
                            <div>
                              <div><br>
                                <br>
                                <div>On 12/08/2014 04:51 PM, Jason
                                  Everling wrote:<br>
                                </div>
                              </div>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">So here is the
                                    scenario,
                                    <div><br>
                                    </div>
                                    <div>There is a DBTable resource
                                      that already has all the accounts,
                                      midpoint will not create or delete
                                      from this resource.</div>
                                    <div><br>
                                    </div>
                                    <div>The user does not exist yet in
                                      Midpoint, The users are created in
                                      midpoint using another DBTable
                                      resource.</div>
                                    <div><br>
                                    </div>
                                    <div>How can I link the newly
                                      created user in Midpoint to their
                                      account in the other resource,</div>
                                    <div><br>
                                    </div>
                                    <div>I can do this by running a
                                      reconcile task on the resource but
                                      is there any other way to link
                                      users to accounts on other
                                      resources since they already exist
                                      without having to run reconcile on
                                      the resource everytime?</div>
                                    <div><br>
                                    </div>
                                    <div>Thanks,</div>
                                    <div>JASON</div>
                                  </div>
                                  <br>
                                </div>
                              </div>
                              <font><br>
                                <br>
                                CONFIDENTIALITY NOTICE:<br>
                                This e-mail together with any
                                attachments is proprietary and
                                confidential; intended for only the
                                recipient(s) named above and may contain
                                information that is privileged. You
                                should not retain, copy or use this
                                e-mail or any attachments for any
                                purpose, or disclose all or any part of
                                the contents to any person. Any views or
                                opinions expressed in this e-mail are
                                those of the author and do not represent
                                those of the Baptist School of Health
                                Professions. If you have received this
                                e-mail in error, or are not the named
                                recipient(s), you are hereby notified
                                that any review, dissemination,
                                distribution or copying of this
                                communication is prohibited by the
                                sender and to do so might constitute a
                                violation of the Electronic
                                Communications Privacy Act, 18 U.S.C.
                                section 2510-2521. Please immediately
                                notify the sender and delete this e-mail
                                and any attachments from your computer.
                              </font><br>
                              <br>
                              <fieldset></fieldset>
                              <br>
                              <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
                              <span><font color="#888888"> </font></span></blockquote>
                            <span><font color="#888888"> <br>
                                <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
                              </font></span></div>
                          <br>
_______________________________________________<br>
                          midPoint mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:midPoint@lists.evolveum.com"
                            target="_blank">midPoint@lists.evolveum.com</a><br>
                          <a moz-do-not-send="true"
                            href="http://lists.evolveum.com/mailman/listinfo/midpoint"
                            target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <font><br>
                      <br>
                      CONFIDENTIALITY NOTICE:<br>
                      This e-mail together with any attachments is
                      proprietary and confidential; intended for only
                      the recipient(s) named above and may contain
                      information that is privileged. You should not
                      retain, copy or use this e-mail or any attachments
                      for any purpose, or disclose all or any part of
                      the contents to any person. Any views or opinions
                      expressed in this e-mail are those of the author
                      and do not represent those of the Baptist School
                      of Health Professions. If you have received this
                      e-mail in error, or are not the named
                      recipient(s), you are hereby notified that any
                      review, dissemination, distribution or copying of
                      this communication is prohibited by the sender and
                      to do so might constitute a violation of the
                      Electronic Communications Privacy Act, 18 U.S.C.
                      section 2510-2521. Please immediately notify the
                      sender and delete this e-mail and any attachments
                      from your computer. </font><br>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                  </blockquote>
                  <br>
                  <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            midPoint mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
            <a moz-do-not-send="true"
              href="http://lists.evolveum.com/mailman/listinfo/midpoint"
              target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <font size="2"><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com     evolveum.com/blog/
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
  </body>
</html>