<div dir="ltr">Hi Ivan,<div><br></div><div>The Account reconciliation worked for me. I actually forgot to give similar object class to user in ldap thats why it was not populating account in midpoint.</div><div><br></div><div>Thanks for the assistance.</div><div><br></div><div>Regards,</div><div>Anand</div><img width="0" height="0" class="mailtrack-img" src="https://mailtrack.io/trace/mail/4f4edf38e22fecd047c67c3cc980a26cae8678f3.png"></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 17, 2015 at 7:05 PM, Anand Kothekar <span dir="ltr"><<a href="mailto:anand.kothekar@confluxsys.com" target="_blank">anand.kothekar@confluxsys.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="font-size:12.8000001907349px">Hi Ivan,</span><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">After importing an account one task was created so can I use that same task for reconciliation or it is recommended to create new task. if so can you please provide me guidelines (or point me to appropriate document) for creating new reconciliation task.</div><span class=""><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">It is absolutely right that I don't want user to be created in midpoint if there is an account in ldap that does not match to any user in midpoint.( that's why I removed that "unmatched" situation.)</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">So basically I want to reconcile/link accounts in midpoint which are present in ldap.</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">I have attached resource with this mail. please find the attachment.</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px"><br></div></span><div style="font-size:12.8000001907349px">Thanks,</div><div style="font-size:12.8000001907349px">Anand</div><img width="0" height="0" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 17, 2015 at 6:06 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Anand,<br>
<br>
first, reconciliation and import task are similar, but not the same.
I omitted Importing from my previous mail, sorry. But no harm done,
the process is very similar, the difference is when running the
import, you just press the button in GUI. For reconciliation, you
can create the reconciliation task in Server Tasks - New task.
Reconciliation can be scheduled, import cannot.<br>
<br>
Your error seems to be related to the fact, that there is no
username (midPoint attribute user/name) generated while
synchronizing. Looking at your configuration, I'm missing
"unmatched" situation with possible addFocus reaction. This means
you will not create users in midPoint based on OpenLDAP accounts
which may be ok - depends on situations and what you want to
achieve.<br>
<br>
Could you please send the resource object, not only synchronization
part?<br>
<br>
Regards,<br>
Ivan<div><div><br>
<br>
<div>On 02/17/2015 11:22 AM, Anand Kothekar
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div><br>
</div>
<div>I want to raise a reconciliation task which will start
synchronization. For that I have modified one of my resource
(Open Ldap User) with, </div>
<div><br>
</div>
<div>
<div><synchronization></div>
<div> <objectSynchronization></div>
<div> <enabled>true</enabled></div>
<div> <correlation xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"></div>
<div> <q:description>synchronization
example.</q:description></div>
<div> <q:equal></div>
<div> <q:path>name</q:path></div>
<div> <expression></div>
<div> <c:path xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">declare
namespace ri='<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>';
$account/attributes/ri:uid</c:path></div>
<div> </expression></div>
<div> </q:equal></div>
<div> </correlation></div>
<div> <reaction></div>
<div> <situation>linked</situation></div>
<div> <synchronize>true</synchronize></div>
<div> </reaction></div>
<div> <reaction></div>
<div> <situation>deleted</situation></div>
<div> <synchronize>true</synchronize></div>
<div> <action></div>
<div> <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</a></handlerUri></div>
<div> </action></div>
<div> </reaction></div>
<div> <reaction></div>
<div> <situation>unlinked</situation></div>
<div> <synchronize>true</synchronize></div>
<div> <action></div>
<div> <handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri></div>
<div> </action></div>
<div> </reaction> </div>
<div> </objectSynchronization></div>
<div> </synchronization></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>then I selected resource--> open Ldap User -->"
import accounts" which raised a task but failed.</div>
<div><br>
</div>
<div><span>Failed
to import:
com.evolveum.midpoint.util.exception.SchemaException: No
name in new object null as produced by template null in
iteration 0, we cannot process an object without a name:
Failed to import:
com.evolveum.midpoint.util.exception.SchemaException: No
name in new object null as produced by template null in
iteration 0, we cannot process an object without a name</span></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div>can you please tell me that where I mistaken or am I
following wrong approach.<br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Anand</div>
<img height="0" width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 17, 2015 at 2:42 PM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Anand,<br>
<br>
correlation/confirmation expression tell midPoint, how to
check if the account in the resource has an owner in
midPoint.<br>
<br>
Based on result, synchronization situation is determined
(UNMATCHED, UNLINKED, LINKED etc.) and corresponding
action (link, delete, ...) can be executed.<br>
<br>
These settings are per resource e.g. LDAP resource) and
per object type. In minimum configuration, for default
account (kind=account, intent=default). Different
configuration can be specified for different account types
or other objects (e.g. groups).<br>
<br>
The configuration WHEN the synchronization should be
performed differs. It can be:<br>
- opportunistic sync: no tasks; midPoint can detect
inconsistencies while provisioning (i.e. trying to create
an account in LDAP, but the account is already there)<br>
- livesync: livesync task running; midPoint can detect
inconsistencies in real time (if the resource supports it;
i.e. OpenDJ or Oracle DSEE have changelog plugin which can
be used). Livesync task detects CHANGES in the resource
accounts.<br>
- reconciliation: reconciliation task running; midPoint
can detect inconsistencies in scheduled times.
Reconciliation task processes ALL resource objects, not
only changes.<br>
<br>
All or our resource samples with "-sync" in the filename
should be configured for livesync synchronization and they
should also include the task.<br>
<br>
Regards,<br>
I.
<div>
<div><br>
<br>
<div>On 02/17/2015 07:50 AM, Anand Kothekar wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>I was working on Synchronization where I have
a requirement to keep data in resource and
midpoint repository synchronized.</div>
<div><br>
</div>
<div>like If any account exists on ldap then it
should be linked with the user matching with the
uid of user in midpoint.</div>
<div><br>
</div>
<div>I have gone through the concept of
correlation and confirmation expression but I am
not clear with the proper approach to follow.</div>
<div><br>
</div>
<div>please le me know how to achieve this and
also mention any sample example for it.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Anand</div>
<img height="0" width="0"></div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>