Source reconciliation
During source reconciliation and liveSync, IDM iterates through the objects in the source resource. For reconciliation, the list of objects includes all objects that are available through the connector. For liveSync, the list contains only changed objects. IDM can filter objects from the list by using the following:
-
Scripts specified in the
validSource
property -
A query specified in the
sourceCondition
property -
A query specified in the
sourceQuery
property
For each object in the list, IDM assesses the following conditions:
-
Is the source object valid?
Valid source objects are categorized
qualifies=1
. Invalid source objects are categorizedqualifies=0
. Invalid objects include objects that were filtered out by avalidSource
script orsourceCondition
. For more information, refer to Filter source and target objects with scripts. -
Does the source object have a record in the links table?
Source objects that have a corresponding link in the repository’s
links
table are categorizedlink=1
. Source objects that do not have a corresponding link are categorizedlink=0
. -
Does the source object have a corresponding valid target object?
Source objects that have a corresponding object in the target resource are categorized
target=1
. Source objects that do not have a corresponding object in the target resource are categorizedtarget=0
.
The following diagram illustrates the categorization of four sample objects during source reconciliation. In this example, the source is the managed user repository and the target is an LDAP directory:
Based on the categorizations of source objects during the source reconciliation phase, the synchronization process assesses a situation for each source object, and executes the action that is configured for each situation.
Not all situations are detected during all synchronization types (reconciliation, implicit synchronization, and liveSync). The following table describes the set of synchronization situations detected during source reconciliation, the default action taken for each situation, and valid alternative actions that can be configured for each situation:
Source Qualifies | Link Exists | Target Objects Found | Situation | Default Action | Possible Actions |
---|---|---|---|---|---|
NO |
NO |
0 |
SOURCE_IGNORED |
IGNORE source object |
EXCEPTION, REPORT, NOREPORT, ASYNC |
NO |
NO |
1 |
UNQUALIFIED |
DELETE target object |
EXCEPTION, IGNORE, REPORT, NOREPORT, ASYNC |
NO |
NO |
> 1 |
UNQUALIFIED |
DELETE target objects |
EXCEPTION, IGNORE, REPORT, NOREPORT, ASYNC |
NO |
YES |
0 |
UNQUALIFIED |
DELETE linked target object [1] |
EXCEPTION, REPORT, NOREPORT, ASYNC |
NO |
YES |
1 |
UNQUALIFIED |
DELETE linked target object |
EXCEPTION, REPORT, NOREPORT, ASYNC |
NO |
YES |
> 1 |
UNQUALIFIED |
DELETE linked target object |
EXCEPTION, REPORT, NOREPORT, ASYNC |
YES |
NO |
0 |
ABSENT |
CREATE target object |
EXCEPTION, IGNORE, REPORT, NOREPORT, ASYNC |
YES |
NO |
1 |
FOUND |
UPDATE target object |
EXCEPTION, IGNORE, REPORT, NOREPORT, ASYNC |
YES |
NO |
1 |
FOUND_ALREADY_LINKED [2] |
EXCEPTION |
IGNORE, REPORT, NOREPORT, ASYNC |
YES |
NO |
> 1 |
AMBIGUOUS [3] |
EXCEPTION |
REPORT, NOREPORT, ASYNC |
YES |
YES |
0 |
MISSING [4] |
EXCEPTION |
CREATE, UNLINK, DELETE, IGNORE, REPORT, NOREPORT, ASYNC |
YES |
YES |
1 |
CONFIRMED |
UPDATE target object |
IGNORE, REPORT, NOREPORT, ASYNC |
Based on this table, the following situations would be assigned to the previous diagram:
For more information on how to configure the situations and actions to take in the IDM admin UI, refer to Configure situations and actions using the IDM admin UI. |