<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
Manual connectors are quite an interesting functionality of
midPoint. However, it was created in small parts. It was never a
completely funded work. As mostly unfunded work we have focused on
the code. The code is solid, and in fact it recently went over a
significant consolidation and cleanup as part of Galileo
development. However, the documentation leaves much to be desired.
We have made significant investment to manual connector
functionality during last few years. And unfortunately, we do not
have any more resources to invest even more funds in the
documentation.<br>
<br>
Therefore I can only recommend the options that I'm recommending
all the time (with a little twist):<br>
<br>
1) Get midPoint subscription. Ideally platform subscription.
Income from the subscription can be used to improve documentation.<br>
<br>
2) Sponsor the work on midPoint book:<br>
<a class="moz-txt-link-freetext" href="https://evolveum.com/midpoint/midpoint-guide-about-practical-identity-management/">https://evolveum.com/midpoint/midpoint-guide-about-practical-identity-management/</a><br>
The book was praised by many people. However, Evolveum has been
the only sponsor of this effort so far. It was quite an effort
already. But there is still too many things to write down. And the
book is not going to write itself. I can do it. In fact, I would
absolutely love to do it. But further work on the book needs
funding.<br>
<br>
3) Source code is available. You can read through the code and
contribute the documentation.<br>
<br>
I know that this answer does not help much. But asking questions
without contributing anything back is not going to help the
project either.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com</pre>
<br>
<br>
On 09/04/2018 04:16 AM, Alexandre Zia wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAtL-sa0WiEJUv+sXE_5dGooWoXALS=xks0N=oAYB+wwWUpcvQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">
<div dir="ltr">Hi all,<br>
<br>
I'm Having a hard time trying to understand how manual
connector actually works.<br>
I've tried several approaches, but always end up with some
<br>
"collateral effects"<br>
I've read all I could find about manual resources, MP
Confluence, mailing list, <br>
provisioned all the examples, tried several different
configs, but the fact<br>
is that there is no comprehensive explanation on how manual
resources works <br>
So I'm asking for help here at least to check if I'm doing
something terrible wrong<br>
<br>
1. Pure manual connector:<br>
<br>
- Created Role to induce account creation works fine,<br>
<br>
- Upon role assignment the resulting operation it creates a
shadow for the <br>
account in the connector, however the assignment operation
never completes, <br>
stays in IN_PROGRESS forever and the shadows keeps
pendingOperations and <br>
there is no way to get rid of them.<br>
<br>
- Upon role unassignment the role is unassigned but the
projection in the <br>
resource (shadow) is not removed, stays there forever until
we manually <br>
delete the shadow and run a reconciliation<br>
<br>
2. Semi manual with CSV connector as additionalConnector:<br>
<br>
- Same as above, except:<br>
<br>
- I can see the accounts appearing in resource <br>
(Accounts tab in resource, searching in the resource
side)<br>
when the accounts appears in the CSV, but seems to do
nothing<br>
regarding the shadow.<br>
<br>
- when unassigning the role, same thing, when the
account vanishes from CSV<br>
nothing happens to the shadow and the projection
remains<br>
<br>
I have also created a Shadow Refresh Task, and it even reports
that is processing the shadows, but nothing changes actually.<br>
<br>
Other thing we are trying to do here is how to notify
operator when he needs <br>
to manually create or delete the accounts?<br>
We have created an extra approval named something like:
"Wait for the <br>
operator to create the account" but again there is room for
improvement here:<br>
- We have approvers assigned to the role and an approval
stage <br>
- So we have added operators as "owners" and filtering the
"wait for the <br>
operator" approval by the "owner" but this is not working
properly.<br>
<br>
Can someone share a bit about the subject?<br>
What is the best approach to work with manual connectors?<br>
<br>
If we setup an ITSM plugin (we use Jira here) will it work
as expected?<br>
By expected I mean will the assignments and unassignments
work properly?<br>
The projections will be deleted upon unassignments?<br>
ITSM plugin is the right way to notify operators?<br>
<br>
<br>
Thanks for reading the entire email, I know it's huge ;)<br>
<br>
Regards,<br>
Alexandre<br>
<br>
<br>
<br>
<br>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>