<span style=" font-size:10pt;font-family:sans-serif">I only want to sync
data from our HR DB if the user already exists in midPoint.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">Here's why:</span><br><span style=" font-size:10pt;font-family:sans-serif">My company has
about 350,000-400,000 employees globally (give or take).</span><br><span style=" font-size:10pt;font-family:sans-serif">Resources I deal
with have about 4,000+ users (or about 1 to 1.5% of the total population).</span><br><br><span style=" font-size:10pt;font-family:sans-serif">I really don't
want to have shadow objects for 400,000 accounts when I only need 4000.</span><br><span style=" font-size:10pt;font-family:sans-serif">Furthermore, our
HR DB will block you if you attempt to read the entire DB. So LDAP searches
like (uid=*) will fail.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">However, I do
need to validate employment.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">So what kind of
filter should I use so I only sync with HR for users who already exist
in midPoint?  Feel like I'm missing something simple here.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">Where would I
handle this use case?</span><br><span style=" font-size:10pt;font-family:sans-serif">Correlation? Reactions?
Conditions?</span><br><br><br><span style=" font-size:10pt;font-family:sans-serif">Thanks!</span><br><br><br><span style=" font-size:10pt;color:#808080;font-family:Arial">------------------</span><br><span style=" font-size:12pt;font-family:Arial"><b>Sean Penndorf</b></span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">SaaS
Operational Services (SOS) - ID Management</span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">IBM Cloud</span><br><span style=" font-size:10pt;color:#000080;font-family:Arial">srpenn@us.ibm.com</span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">Office:
248-552-4791   TL  623-9966</span><br><br><BR>