<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The reconciliation task can be created in GUI:<br>
<br>
1. go to Server Tasks<br>
2. click New task<br>
3. choose a name for the task<br>
4. select Reconciliation as type<br>
5. select resource to run on<br>
6. select kind (accounts are kind "account")<br>
7. choose intent (the default intent is "default")<br>
8. if you wish to schedule the task, check "Recurring task"<br>
9. choose your Schedule interval (seconds), i.e. 3600 (one hour)<br>
10. save the task<br>
<br>
If you wish to run the reconciliation one-time only, you can leave
recurring task off. The reconciliation task will start as scheduled
or can be run manually by selecting the task and clicking "Run now".<br>
<br>
The "dry run" checkbox is especially cool for testing the
correlation expressions. The reconciliation will be executed,
accounts will be correlated, but nothing will be changed.<br>
<br>
For reconciling other-than-accounts, specify kind and intent as you
need.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 02/17/2015 02:35 PM, Anand Kothekar
wrote:<br>
</div>
<blockquote
cite="mid:CAHUT-CRcS9-LFvfY5r71RNFZtemgB5wWjUQPADsDPbb7p583EQ@mail.gmail.com"
type="cite">
<div dir="ltr"><span style="font-size:12.8000001907349px">Hi Ivan,</span>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">After importing an
account one task was created so can I use that same task for
reconciliation or it is recommended to create new task. if so
can you please provide me guidelines (or point me to
appropriate document) for creating new reconciliation task.</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">It is absolutely right
that I don't want user to be created in midpoint if there is
an account in ldap that does not match to any user in
midpoint.( that's why I removed that "unmatched" situation.)</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">So basically I want to
reconcile/link accounts in midpoint which are present in ldap.</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">I have attached
resource with this mail. please find the attachment.</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">Thanks,</div>
<div style="font-size:12.8000001907349px">Anand</div>
<img moz-do-not-send="true" class="mailtrack-img"
src="https://mailtrack.io/trace/mail/13329cb675fdb9d6cce7c87a2401898b69bc30f2.png"
height="0" width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 17, 2015 at 6:06 PM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Anand,<br>
<br>
first, reconciliation and import task are similar, but not
the same. I omitted Importing from my previous mail,
sorry. But no harm done, the process is very similar, the
difference is when running the import, you just press the
button in GUI. For reconciliation, you can create the
reconciliation task in Server Tasks - New task.
Reconciliation can be scheduled, import cannot.<br>
<br>
Your error seems to be related to the fact, that there is
no username (midPoint attribute user/name) generated while
synchronizing. Looking at your configuration, I'm missing
"unmatched" situation with possible addFocus reaction.
This means you will not create users in midPoint based on
OpenLDAP accounts which may be ok - depends on situations
and what you want to achieve.<br>
<br>
Could you please send the resource object, not only
synchronization part?<br>
<br>
Regards,<br>
Ivan
<div>
<div class="h5"><br>
<br>
<div>On 02/17/2015 11:22 AM, Anand Kothekar wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div><br>
</div>
<div>I want to raise a reconciliation task which
will start synchronization. For that I have
modified one of my resource (Open Ldap User)
with, </div>
<div><br>
</div>
<div>
<div><synchronization></div>
<div> <objectSynchronization></div>
<div>
<enabled>true</enabled></div>
<div> <correlation xmlns:q="<a
moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/query-3"
target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"></div>
<div>
<q:description>synchronization
example.</q:description></div>
<div> <q:equal></div>
<div>
<q:path>name</q:path></div>
<div> <expression></div>
<div> <c:path xmlns:c="<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:ri="<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">declare
namespace ri='<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>';
$account/attributes/ri:uid</c:path></div>
<div> </expression></div>
<div> </q:equal></div>
<div> </correlation></div>
<div> <reaction></div>
<div>
<situation>linked</situation></div>
<div>
<synchronize>true</synchronize></div>
<div> </reaction></div>
<div> <reaction></div>
<div>
<situation>deleted</situation></div>
<div>
<synchronize>true</synchronize></div>
<div> <action></div>
<div> <handlerUri><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</a></handlerUri></div>
<div> </action></div>
<div> </reaction></div>
<div> <reaction></div>
<div>
<situation>unlinked</situation></div>
<div>
<synchronize>true</synchronize></div>
<div> <action></div>
<div> <handlerUri><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri></div>
<div> </action></div>
<div> </reaction> </div>
<div> </objectSynchronization></div>
<div> </synchronization></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>then I selected resource--> open Ldap User
-->" import accounts" which raised a task
but failed.</div>
<div><br>
</div>
<div><span>Failed to import:
com.evolveum.midpoint.util.exception.SchemaException:
No name in new object null as produced by
template null in iteration 0, we cannot
process an object without a name: Failed to
import:
com.evolveum.midpoint.util.exception.SchemaException:
No name in new object null as produced by
template null in iteration 0, we cannot
process an object without a name</span></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div>can you please tell me that where I mistaken
or am I following wrong approach.<br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Anand</div>
<img moz-do-not-send="true"
src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"
height="0" width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 17, 2015 at
2:42 PM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi
Anand,<br>
<br>
correlation/confirmation expression tell
midPoint, how to check if the account in the
resource has an owner in midPoint.<br>
<br>
Based on result, synchronization situation
is determined (UNMATCHED, UNLINKED, LINKED
etc.) and corresponding action (link,
delete, ...) can be executed.<br>
<br>
These settings are per resource e.g. LDAP
resource) and per object type. In minimum
configuration, for default account
(kind=account, intent=default). Different
configuration can be specified for different
account types or other objects (e.g.
groups).<br>
<br>
The configuration WHEN the synchronization
should be performed differs. It can be:<br>
- opportunistic sync: no tasks; midPoint can
detect inconsistencies while provisioning
(i.e. trying to create an account in LDAP,
but the account is already there)<br>
- livesync: livesync task running; midPoint
can detect inconsistencies in real time (if
the resource supports it; i.e. OpenDJ or
Oracle DSEE have changelog plugin which can
be used). Livesync task detects CHANGES in
the resource accounts.<br>
- reconciliation: reconciliation task
running; midPoint can detect inconsistencies
in scheduled times. Reconciliation task
processes ALL resource objects, not only
changes.<br>
<br>
All or our resource samples with "-sync" in
the filename should be configured for
livesync synchronization and they should
also include the task.<br>
<br>
Regards,<br>
I.
<div>
<div><br>
<br>
<div>On 02/17/2015 07:50 AM, Anand
Kothekar wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>I was working on
Synchronization where I have a
requirement to keep data in
resource and midpoint repository
synchronized.</div>
<div><br>
</div>
<div>like If any account exists on
ldap then it should be linked with
the user matching with the uid of
user in midpoint.</div>
<div><br>
</div>
<div>I have gone through the concept
of correlation and confirmation
expression but I am not clear with
the proper approach to follow.</div>
<div><br>
</div>
<div>please le me know how to
achieve this and also mention any
sample example for it.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Anand</div>
<img moz-do-not-send="true"
height="0" width="0"></div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>