Cheers Fabio,
I have not enabled "synchronization" (by using my ldap changelog)
because I believed reconciliation took care of making ALL changes from
the target
DB (ldap) to my syncope DB. If what you say is correct. If I delete an
object directly in ldap, then after a full reconciliation task executes
subsequently the delete(d) object(s) is not deleted from the syncope DB,
but the link to the ldap account is? Hence, all ldap modifications of
type DELETE are not reflected in syncope unless you use the
synchronization method with a changelog?
I guessing the only way you can synchronize deletes at the moment, is
because the changelog is the only way syncope can know about them
explicitly and efficiently.
Another, way you could work out what was deleted (between full recons)
is the delta between the syncope entries with ldap account links (before
the full recon) and those after, the full recon, which don't show these
links anymore as valid and then remove these entries from the syncope db.
rgds,
Nik
Il 11/06/2013 17:47, Nik ha scritto:
Hi Guys,
I have recently seen a comment on this alias that reconciliation
doesn't take care of deletions.
I would like to have a clear idea of what this means.
Does it mean; if I delete an ldap object (e.g. user) from my ldap
resource by ldap delete this deletion would not be reconciled back to
syncope?
Reading such comments, confuses me, because if I delete an object in
syncope and this object is linked by an ldap connector resource to ldap.
The deletion via the ldap resource should be propagated to the ldap
backend, in such a case, reconciliation of the deletion is
meaningless, since
the syncope and ldap remain synchronized.
Hi Nik,
* reconciliation reconcile create/update/delete operation
* full reconciliation reconcile create/update (it is just a exhaustive
user search/read).
Use full reconciliation at pre-loading time or if and only if the
target resource doesn't provide changelog feature; use
sync/reconciliaion otherwise.
Best regards,
F.
