<div dir="ltr">Correct! Now when this is actually in production it should change to about 1000 from 20, we normally have about 1000 active students/faculty/staff every semester. The initial deployment I do not plan on importing all accounts, some are from many many years ago. That what all the sync conditions were for,<div><br></div><div><table class="" style="width:auto" id="totals2d21"><tbody><tr><td>Linked</td>
<td>19</td>
<td>Unmatched</td>
<td>14266</td></tr></tbody></table><table class="" style="width:auto" id="totals2d21"><tbody><tr><td>Disputed</td>
<td>0</td>
<td>Unlinked</td>
<td>0</td>
<td>Nothing</td>
<td>0</td></tr></tbody></table></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 8, 2014 at 3:44 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Jason,<br>
<br>
what actions took place for the reconciliation? I.e. what situations
were configured to to apply what reaction?<br>
<br>
If you were only linking (unlinked->linkAccount), not creating
new users in midPoint, I guess only about 20 users were linked and
the rest of the accounts were just searched and skipped after
correlation expression has been applied.<br>
<br>
The recon results can be displayed by clicking Configuration -
Shadow Details and selecting the resource, kind and intent. In your
case, kind="account" and intent is almost for sure "default". You
will see the numbers/statistics of the accounts there.<br>
<br>
I'd expect about 20 linked and the rest unmatched.<br>
<br>
Regards,<br>
I.<div><div class="h5"><br>
<br>
<div>On 12/08/2014 10:32 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Yeah, I just did another database, our
collaboration application, this one had almost 15000 records,
now I am not sure if when Midpoint also has a lot of accounts,
my testing environment only has about 20 users. Took about 9
minutes, I am pretty sure it is a full recon, I am clicking new
task, selecting the resource and then running it,
<div><br>
</div>
<div>
<table>
<tbody>
<tr>
<td>Task run last started</td>
<td>Monday, 8. Dec 2014 14:53:57</td>
</tr>
<tr>
<td>Task run last finished</td>
<td>Monday, 8. Dec 2014 15:02:58</td>
</tr>
</tbody>
</table>
<br>
</div>
<div>
<table style="padding-top:0px">
<tbody>
<tr>
<td>
<div>1000000000000042505</div>
</td>
<td>
<div>com.evolveum.midpoint.common.operation.reconciliation.ResourceReconciliation</div>
</td>
<td>
<div>SUCCESS</div>
</td>
<td>
<div>Processed 14283 account(s), got 0 error(s)</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 8, 2014 at 2:55 PM, Pavol
Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Jason,<br>
<br>
are you sure it was really a full recon? :-) E.g. wasn't
that a dry run in your case?<br>
<br>
In my case, I have a testing OpenDJ LDAP server, a local
PostgreSQL database, and a full recon takes
approximately 80 milliseconds per user:<br>
<br>
Finished resource part of object:...(Localhost OpenDJ)
reconciliation: Processed 1004 account(s), got 0
error(s) Average time for one object: 66.80677 ms (<b>wall
clock time average: 77.61056 ms</b>).<br>
<br>
Yours 27 minutes = 40,5 milliseconds per user seems to
be quite impressive :)<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">I did a reconcile already from that
last time I figured out how to do it from one of
the previous discussions. I just didn't know if it
were a standard to do a daily recon on a resource.
<div><br>
</div>
<div>It took 27 minutes to do a full Recon, I only
have 6 attributes which 3 are outbound and 3 is
both in/out. Name, Last, Phone, Email,
Department, Profile (extension). This is a
VMware VM on my workstation also, so
surprisingly fast because the virtual disk is on
the same disk as 10 other running VMs.</div>
<div><br>
</div>
<div>I have almost 6 different resources now,
various types, 2 of which are this type where
the resource already has the accounts.</div>
<div><br>
</div>
<div>I also upgraded to 3.1 Snapshot, just so I am
creating all the objects on the latest version.</div>
<div><br>
</div>
<div> </div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 8, 2014 at
1:27 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi
Jason,<br>
<br>
40.000 accounts is not an issue itself. Just
be adwised that performance strongly depends
not only the number of users, but also on
configuration of mappings, logging, tracing
etc. In other words, linking the account is
one thing, provisioning changes during the
recon takes more time.<br>
<br>
Anyway we appreciate any information about
the performance in your case when it's
finished.<br>
<br>
And don't forget to run the dry-run recon
first to be sure about your correlation
rules.<br>
<br>
Thanks,<br>
Ivan
<div>
<div><br>
<br>
<div>On 12/08/2014 06:45 PM, Jason
Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Ok thanks, that is what
I figured so I just wanted to make
sure that was the case. I am going
to remove that configuration, it
should never create anyways, users
will always be listed on that
resource first way before midpoint
would ever even create the midpoint
user account.
<div><br>
</div>
<div>I could also just leave that
and run Reconcile on the resource
nightly, it has 40,000 objects,
that should not be an issue right?<br>
<div><br>
</div>
<div>JASON</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec
8, 2014 at 11:42 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
<br>
as the error states, and based
on what you've written earlier
about disabling creates, it's
because the create capability
is disabled (deliberately).
midPoint tries to create (add)
account and the decision that
it should be converted to an
update comes just after the
collision is detected.<span><font color="#888888"><br>
<br>
I.</font></span>
<div>
<div><br>
<br>
<div>On 12/08/2014 06:26
PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I figured
that this was the case
and I read on the
wiki..
<div><br>
<div>"<span style="font-size:13px">Technically,
when midPoint
user is assigned
a role that
should provision
account on
target system
and the account
already exists
(= can be
correlated), it
will be updated.
But the decision
is made upon the
provisioning
request."</span></div>
</div>
<div><span style="font-size:13px"><br>
</span></div>
<div><span style="font-size:13px">But
it does not work,
it errors out.
Maybe because my
resource has
create and delete
disabled? Midpoint
will never create
or delete accounts
in this resource.</span></div>
<div><br>
</div>
<div>
<div><span style="white-space:pre-wrap">
</span><cap:create></div>
<div>
<cap:enabled>false</cap:enabled></div>
<div>
</cap:create></div>
<div>
<cap:delete></div>
<div><span style="white-space:pre-wrap">
</span><cap:enabled>false</cap:enabled></div>
<div>
</cap:delete></div>
</div>
<div><br>
</div>
<div>Starting error,</div>
<div><br>
</div>
<div>com.evolveum.midpoint.util.exception.SystemException:
com.evolveum.midpoint.util.exception.SystemException:
java.lang.UnsupportedOperationException:
Resource does not
support 'create'
operation<br>
</div>
<div><br>
</div>
<div>This is when I
have a role that has
an inducement for
this resource which
I would have thought
would just link
since it already
exists, the
correlation is
employeeNumber like
all of my other
resources.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Mon, Dec 8, 2014 at
10:52 AM, Ivan Noris
<span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
in general, the
deployment is as
follows:<br>
<br>
1.
import/reconcile
from source
system(s) to
create
identities
(users) in
midPoint. This
may also create
additional
accounts in
other systems
(i.e. that were
not provisioned
before).<br>
2. create
reconciliation
tasks for all
other systems,
where the
accounts already
exists and
should be linked
to midpoint
identities.<br>
<br>
Based on the
mappings in your
resources, the
reconciliations
may modify the
data on the
reconciled
resources
(outbound
mappings).<br>
<br>
Technically,
when midPoint
user is assigned
a role that
should provision
account on
target system
and the account
already exists
(= can be
correlated), it
will be updated.
But the decision
is made upon the
provisioning
request.<br>
<br>
So I'd recommend
to setup the
reconciliation
tasks, and start
them first with
the "dry-run"
flag to see how
many accounts
can be
correlated to
midPoint users.<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On
12/08/2014
04:51 PM,
Jason Everling
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">So
here is the
scenario,
<div><br>
</div>
<div>There is
a DBTable
resource that
already has
all the
accounts,
midpoint will
not create or
delete from
this resource.</div>
<div><br>
</div>
<div>The user
does not exist
yet in
Midpoint, The
users are
created in
midpoint using
another
DBTable
resource.</div>
<div><br>
</div>
<div>How can I
link the newly
created user
in Midpoint to
their account
in the other
resource,</div>
<div><br>
</div>
<div>I can do
this by
running a
reconcile task
on the
resource but
is there any
other way to
link users to
accounts on
other
resources
since they
already exist
without having
to run
reconcile on
the resource
everytime?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY
NOTICE:<br>
This e-mail
together with
any
attachments is
proprietary
and
confidential;
intended for
only the
recipient(s)
named above
and may
contain
information
that is
privileged.
You should not
retain, copy
or use this
e-mail or any
attachments
for any
purpose, or
disclose all
or any part of
the contents
to any person.
Any views or
opinions
expressed in
this e-mail
are those of
the author and
do not
represent
those of the
Baptist School
of Health
Professions.
If you have
received this
e-mail in
error, or are
not the named
recipient(s),
you are hereby
notified that
any review,
dissemination,
distribution
or copying of
this
communication
is prohibited
by the sender
and to do so
might
constitute a
violation of
the Electronic
Communications
Privacy Act,
18 U.S.C.
section
2510-2521.
Please
immediately
notify the
sender and
delete this
e-mail and any
attachments
from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888">
</font></span></blockquote>
<span><font color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing
list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY
NOTICE:<br>
This e-mail together
with any attachments
is proprietary and
confidential; intended
for only the
recipient(s) named
above and may contain
information that is
privileged. You should
not retain, copy or
use this e-mail or any
attachments for any
purpose, or disclose
all or any part of the
contents to any
person. Any views or
opinions expressed in
this e-mail are those
of the author and do
not represent those of
the Baptist School of
Health Professions. If
you have received this
e-mail in error, or
are not the named
recipient(s), you are
hereby notified that
any review,
dissemination,
distribution or
copying of this
communication is
prohibited by the
sender and to do so
might constitute a
violation of the
Electronic
Communications Privacy
Act, 18 U.S.C. section
2510-2521. Please
immediately notify the
sender and delete this
e-mail and any
attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only the
recipient(s) named above and may
contain information that is
privileged. You should not retain,
copy or use this e-mail or any
attachments for any purpose, or
disclose all or any part of the
contents to any person. Any views or
opinions expressed in this e-mail
are those of the author and do not
represent those of the Baptist
School of Health Professions. If you
have received this e-mail in error,
or are not the named recipient(s),
you are hereby notified that any
review, dissemination, distribution
or copying of this communication is
prohibited by the sender and to do
so might constitute a violation of
the Electronic Communications
Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify
the sender and delete this e-mail
and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>