Actions
Task #2788
openRetry mechanism doesn't handle unavailable systems that use target objects in provisioning context (errors in entity events instead of the provisioning queue)
Status:
New
Priority:
Normal
Assignee:
Vít Švanda
Category:
Provisioning
Target version:
-
Start date:
04/30/2021
Due date:
% Done:
0%
Estimated time:
Owner:
Description
Tested on 10.8.2 and 11.0-RC2
- A system uses provisioning context with "Add an object from the target system". E.g. AD created by the MS AD wizard
- The system is unavailable, e.g. broken connection, wrong address, ...
- Add some system role to a user, or update some of their attributes
- The error is in the failed entity event, instead of a failed operation in the provisioning queue
- => the role is not assigned at all
- => current retry mechanism doesn't handle the situation, so even if the system is available again after several minutes, the operation isn't retried
I'm not sure if this is defect/task/feature, but it's very unfortunate that provisioning context can break otherwise robust retry mechanism in IdM. And because it will be used by default for AD now, it can easily happen often. We didn't think about this when we implemented the scripts, where we load connector objects from the system.
Files
Actions