<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>if it fails with UNMATCHED, it means that the correlation filter
is incorrect. Or at least it does not allow matching.
Case-sensitivity problem?</p>
<p>In generic cases your scenario is pretty common. For one-time
synchronization (without creating users in midPoint) you can setup
different correlation expression in the resource object
synchronization. The correlation expression can even be OR so two
or more different expressions can be used.</p>
<p>Without knowing more it's hard to tell what's wrong.<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 17.08.2017 11:42, Dilek Gider wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAL797GnGYPDfnxHS3VSrWzd3ugD8aEof2T6s0sSXXXGTCeZYwA@mail.gmail.com">
<div dir="ltr">To be more descriptive, I have unique identifer as
identity number and correlation works fine, there is a record on
AD with that unique number and also midpoint user has the same
unique identifer. But it falls into unmatched situation, tries
to add new account with iterationToken as a new record. <br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Aug 17, 2017 at 12:11 PM,
Dilek Gider <span dir="ltr"><<a
href="mailto:dilek.gider@basistek.com" target="_blank"
moz-do-not-send="true">dilek.gider@basistek.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I have HR db resource to get users to midpoint, and
then create accounts on the AD, all of these
operations are working fine now. </div>
<div><br>
</div>
<div>But I have a requirement that; all of users are
also in AD now and they are correct. Customer always
used AD effectively by manual insert/update. Now with
midpoint project, we are doing automation the process
from HR to AD. But when project goes to production,
only one time, we have to syncronize midpoint users
with AD users, not create. After one time operation,
AD account will be created automatically by midpoint,
but for one time , at the beginning of production, we
won't create users on AD, only sync them with
midpoint users.</div>
<div><br>
</div>
<div>I tried to do this, but I think LDAP connector
searches AD accounts by "objectGUID". objectGUID on AD
accounts didin't generated by midpoint, they generated
by manuel create. How can I map midpoint users (comes
from HR) and old AD accounts? There is unique value in
each side that is identity number but i can't sync
them because of searching by objectGUID.</div>
<div><br>
</div>
<div>Thank you, I hope it is explanatory.</div>
<span class="HOEnZb"><font color="#888888">
<div><br>
</div>
<div>Dilek.</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>