<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Martin,<br>
<br>
is every user that is being synced from DB and created in midPoint
expected to have existing account in LDAP?<br>
Do you have the same value of email attribute in midPoint and LDAP?<br>
I.<br>
<br>
<div class="moz-cite-prefix">On 03/31/2015 02:13 PM, Martin Lízner -
AMI Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:CALOh8eM5oORem-rX6=ZeAA_yr8vYYY_X37Qy6yJ9g5bswKbgww@mail.gmail.com"
type="cite">
<div dir="ltr">Hi guys, Im in situation that I have one really big
LDAP with no changelog, which can be full reconciled e.g. every
24 hours. I got new identities being synced from DB resource
every minute or so. Right after new DB user is created in
midPoint I need to adhoc reconcile this user with LDAP resource.
I can lookup user via email attribute, dont know LDAP DN yet.
<div><br>
</div>
<div>I guess that typical correlation logic in synchronization
wont help me here, since I need to query resource, not IdM. I
came to these two solutions, but I dont know how to implement
them in midPoint. And maybe there is better way...<br>
<div><br>
</div>
<div>1. Query resource objects in LDAP connector. Using
standard ldap filter with email=XXX and fetching DN =>
linking to midpoint User. Im not sure if midPoint can do
these queries yet.</div>
<div><br>
</div>
<div>2. Query shadow objects in midPoint repo. These would
have been loaded in last reconc. It wouldnt be 100% online,
but might work for my business case. Unfortunatelly, I
havent found how to extend shadow schema in the doc :-(</div>
<div><br>
</div>
<div>Please help, if you can :-)<br>
</div>
<div><br>
</div>
<div>Regards, Martin</div>
<div>
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<table
style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
<tbody>
<tr style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="2"
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px
solid gray!important">
<p><span
style="font-size:14px;font-weight:bold">Martin
Lízner</span><br>
solution architect<br>
<br>
gsm: [+420] 737 745 571<br>
e-mail: <a moz-do-not-send="true"
href="mailto:jmeno.prijmeni@ami.cz"
target="_blank">martin.lizner@ami.cz</a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px
solid gray!important">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: [+420] 274 783 239<br>
web: <a moz-do-not-send="true"
href="http://www.ami.cz/"
target="_blank">www.ami.cz</a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px
solid gray!important">
<p><img moz-do-not-send="true"
src="http://www.ami.cz/images/podpis/ami_logo.gif"
alt="" style="border: 0px;"></p>
</td>
</tr>
<tr style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="8"
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap"
target="_blank"><img
moz-do-not-send="true"
src="http://www.ami.cz/images/podpis/AMI-podpis-AuditSAP_1.png"
alt="" style="border: 0px; width: 480px;
height: 82px;"></a></td>
</tr>
<tr style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="8"
style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px
solid gray!important"><br>
Textem tohoto e-mailu podepisující neslibuje
uzavřít ani neuzavírá za společnost AMI
Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně písemnou
formu.</td>
</tr>
</tbody>
</table>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>