<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
OK!<br>
<br>
If there are any other questions just ask and we try to help as soon
as we can.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 02/17/2015 03:51 PM, Anand Kothekar
wrote:<br>
</div>
<blockquote
cite="mid:CAHUT-CTHw_X-mmfFLbD_X_BGEGv-v6jwHU_hP7U_St0XMg=ASA@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Ivan,
<div><br>
</div>
<div>The Account reconciliation worked for me. I actually forgot
to give similar object class to user in ldap thats why it was
not populating account in midpoint.</div>
<div><br>
</div>
<div>Thanks for the assistance.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Anand</div>
<img moz-do-not-send="true" class="mailtrack-img"
src="https://mailtrack.io/trace/mail/4f4edf38e22fecd047c67c3cc980a26cae8678f3.png"
height="0" width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 17, 2015 at 7:05 PM, Anand
Kothekar <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:anand.kothekar@confluxsys.com"
target="_blank">anand.kothekar@confluxsys.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><span style="font-size:12.8000001907349px">Hi
Ivan,</span>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">After importing
an account one task was created so can I use that same
task for reconciliation or it is recommended to create
new task. if so can you please provide me guidelines (or
point me to appropriate document) for creating new
reconciliation task.</div>
<span class="">
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">It is
absolutely right that I don't want user to be created
in midpoint if there is an account in ldap that does
not match to any user in midpoint.( that's why I
removed that "unmatched" situation.)</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">So basically I
want to reconcile/link accounts in midpoint which are
present in ldap.</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">I have
attached resource with this mail. please find the
attachment.</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px"><br>
</div>
</span>
<div style="font-size:12.8000001907349px">Thanks,</div>
<div style="font-size:12.8000001907349px">Anand</div>
<img moz-do-not-send="true"
src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"
height="0" width="0"></div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 17, 2015 at 6:06
PM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Anand,<br>
<br>
first, reconciliation and import task are
similar, but not the same. I omitted Importing
from my previous mail, sorry. But no harm done,
the process is very similar, the difference is
when running the import, you just press the
button in GUI. For reconciliation, you can
create the reconciliation task in Server Tasks -
New task. Reconciliation can be scheduled,
import cannot.<br>
<br>
Your error seems to be related to the fact, that
there is no username (midPoint attribute
user/name) generated while synchronizing.
Looking at your configuration, I'm missing
"unmatched" situation with possible addFocus
reaction. This means you will not create users
in midPoint based on OpenLDAP accounts which may
be ok - depends on situations and what you want
to achieve.<br>
<br>
Could you please send the resource object, not
only synchronization part?<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 02/17/2015 11:22 AM, Anand Kothekar
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div><br>
</div>
<div>I want to raise a reconciliation
task which will start synchronization.
For that I have modified one of my
resource (Open Ldap User) with, </div>
<div><br>
</div>
<div>
<div><synchronization></div>
<div>
<objectSynchronization></div>
<div>
<enabled>true</enabled></div>
<div> <correlation
xmlns:q="<a moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/query-3"
target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"></div>
<div>
<q:description>synchronization
example.</q:description></div>
<div> <q:equal></div>
<div>
<q:path>name</q:path></div>
<div> <expression></div>
<div> <c:path
xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div>
xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">declare
namespace ri='<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>';
$account/attributes/ri:uid</c:path></div>
<div>
</expression></div>
<div> </q:equal></div>
<div> </correlation></div>
<div> <reaction></div>
<div>
<situation>linked</situation></div>
<div>
<synchronize>true</synchronize></div>
<div> </reaction></div>
<div> <reaction></div>
<div>
<situation>deleted</situation></div>
<div>
<synchronize>true</synchronize></div>
<div> <action></div>
<div> <handlerUri><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</a></handlerUri></div>
<div> </action></div>
<div> </reaction></div>
<div> <reaction></div>
<div>
<situation>unlinked</situation></div>
<div>
<synchronize>true</synchronize></div>
<div> <action></div>
<div> <handlerUri><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri></div>
<div> </action></div>
<div> </reaction>
</div>
<div>
</objectSynchronization></div>
<div> </synchronization></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>then I selected resource--> open
Ldap User -->" import accounts"
which raised a task but failed.</div>
<div><br>
</div>
<div><span>Failed to import:
com.evolveum.midpoint.util.exception.SchemaException:
No name in new object null as
produced by template null in
iteration 0, we cannot process an
object without a name: Failed to
import:
com.evolveum.midpoint.util.exception.SchemaException:
No name in new object null as
produced by template null in
iteration 0, we cannot process an
object without a name</span></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div>can you please tell me that where I
mistaken or am I following wrong
approach.<br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Anand</div>
<img moz-do-not-send="true" height="0"
width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 17,
2015 at 2:42 PM, Ivan Noris <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> Hi Anand,<br>
<br>
correlation/confirmation
expression tell midPoint, how to
check if the account in the
resource has an owner in midPoint.<br>
<br>
Based on result, synchronization
situation is determined
(UNMATCHED, UNLINKED, LINKED etc.)
and corresponding action (link,
delete, ...) can be executed.<br>
<br>
These settings are per resource
e.g. LDAP resource) and per object
type. In minimum configuration,
for default account (kind=account,
intent=default). Different
configuration can be specified for
different account types or other
objects (e.g. groups).<br>
<br>
The configuration WHEN the
synchronization should be
performed differs. It can be:<br>
- opportunistic sync: no tasks;
midPoint can detect
inconsistencies while provisioning
(i.e. trying to create an account
in LDAP, but the account is
already there)<br>
- livesync: livesync task running;
midPoint can detect
inconsistencies in real time (if
the resource supports it; i.e.
OpenDJ or Oracle DSEE have
changelog plugin which can be
used). Livesync task detects
CHANGES in the resource accounts.<br>
- reconciliation: reconciliation
task running; midPoint can detect
inconsistencies in scheduled
times. Reconciliation task
processes ALL resource objects,
not only changes.<br>
<br>
All or our resource samples with
"-sync" in the filename should be
configured for livesync
synchronization and they should
also include the task.<br>
<br>
Regards,<br>
I.
<div>
<div><br>
<br>
<div>On 02/17/2015 07:50 AM,
Anand Kothekar wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>I was working on
Synchronization where I
have a requirement to
keep data in resource
and midpoint repository
synchronized.</div>
<div><br>
</div>
<div>like If any account
exists on ldap then it
should be linked with
the user matching with
the uid of user in
midpoint.</div>
<div><br>
</div>
<div>I have gone through
the concept of
correlation and
confirmation expression
but I am not clear with
the proper approach to
follow.</div>
<div><br>
</div>
<div>please le me know how
to achieve this and also
mention any sample
example for it.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Anand</div>
<img
moz-do-not-send="true"
height="0" width="0"></div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>