立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Single membership provisioning

During the membership provisioning, changes made in the target system will probably be overwritten. This behavior can occur under the following conditions:

  • Memberships are saved as an object propertyClosed in list form in the target system.

    Examples: List of user accounts in the Member property of a group - OR - List of profiles in the MemberOf property of a user account

  • Memberships can be modified in either of the connected systemsClosed.

  • A provisioning workflowClosed and provisioning processes are set up.

If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.

To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. To do this, you must set the Merge mode option on the assignment tableClosed (DPRNameSpaceHasDialogTable.IsAdHocSingleMemberShip = TRUE). For more information about setting this option, see the administration guides for connecting each target systems.

Additional processing stepsClosed are run for tables with this option enabled.

  1. A task is set up in the DBQueue ProcessorClosed to update the DPRMemberShipAction table. This table contains the modified objects and operations to be run.
  2. The membership list of modified objects is compared to the DPRMemberShipAction table. Therefore, if only one membership changes, not the entire members list in the target system has to be updated. Only each modified membership is transferred to the members list. Changes to memberships of the modified object, which were made in the target system in the meantime, are therefore not overwritten.
  3. Once the change has been successfully provisioned in the target system, the entry is deleted from the DPRMemberShipAction table. If an error occurs during provisioning, the entry remains in the table.
Table 28: Handling entries in the DPRMemberShipAction table
ProvisioningClosed Process Entry in DPRMemberShipAction Comment
Success Deleted  
Fail Remains intact A new modification to the object is reprocessed by provisioning and deleted on success.
Re-enabled Reprocessed  
Failed and deleted Remains intact Deleted during daily maintenance.

All entries without a provisioning task in the Job queueClosed are deleted in the process of these maintenance jobs.

NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.

Performance and memory optimization

During synchronizationClosed, data packets are loaded in to memory to process synchronization objects in parallel. The size of these data packets can be increased to speed up synchronization but this required more memory. By default, the size of the data packet is selected such that the ratio of memory to performance is balanced out. However, memory issues can still occur during synchronization. This often depends on the configuration of the system environment, the amount of data to synchronize and the exact synchronization configuration. You can control memory usage to avoid such problems. The degree of change is determined with the performance/memory factor.

The performance/memory factor can be set for each synchronization stepClosed separately because the amount of data varies from object to object. The first thing to do if a memory problem occurs during synchronization, is to find the affected synchronization step. Reduce the performance/memory factor for this synchronization step until you find the optimal balance between memory requirements and performance.

To adjust the performance/memory factor for a synchronization step

  1. Edit the synchronization step properties.

    For more information, see How to edit synchronization steps.

  2. Select the Extended tab.
  3. Use the slider to set the performance/memory factor.
    • Move the slider to the left to reduce memory usage. This reduces performance.

      - OR -

    • To increase performance, move the slider to the right. This requires more memory.
  4. Click OK.

TIP: You can adjust the memory requirements for all the data to be processed in the start-up configuration. You can set the reload threshold, partition size, and bulk level here. These setting are only possible in expert mode. For more information, see Extended properties for start up configuration.

The performance/memory factor specifies the percentage with which the reload threshold, partition size, and bulk level are applied to an object type.

Related topics

Improving loading performance

To improve performance when loading a synchronization projectClosed, you can save the synchronization project’s configuration data as a shadow copyClosed in the One Identity Manager database. After that, the synchronization project is only loaded from the shadow copy. The project loads noticeably faster. The shadow copy is saved in the Configuration data column (DPRShell.ShadowCopy).

If you want to use this option, take note of the following:

  • The shadow copy does not contain any changes that were made directly in the database and not in the Synchronization EditorClosed.

  • If the One Identity Manager database is encrypted or decrypted with the Crypto ConfigurationClosed program, the shadow copy is deleted.

  • If changes to the synchronization project in another database are exported, the shadow copy is deleted in the other database. This ensures that the shadow copy does not contain outdated configuration data.

    Prerequisite: The transport package was created with the Transport of synchronization projects export criteria.

  • If the Enable shadow copy option is set, the daily maintenanceClosed tasks check whether a shadow copy is saved or not. If the shadow copy is missing, it is created.

To enable the shadow copy

  1. Edit the synchronization project’s properties.

  2. On the General tab, set the Enable shadow copy option.
  3. (Optional) If the shadow copy on needs to create if the synchronization project is active, set the Only if the synchronization project is active option.
  4. Click OK.
Related topics

Concurrence behavior of synchronization objects

It is possible that synchronizationClosed objects have been changed at the same time in both connected systemsClosed or are being processed automatically that processing is not yet complete. These objects are excluded by default to avoid data conflict. If possible, synchronization of these objects is repeated by the next synchronization run. Excluded objects are recorded in the synchronization log.

In rare cases, it may still be necessary to synchronize some properties of these objects immediately, to transfer safety-critical changes, for example. You can configure the behavior you require in the property mapping rules.

To force synchronization of individual schema properties

  1. Edit the property mapping rule for this schema property.

    For more information, see How to edit property mapping rules.

  2. In the Concurrence behavior field, set the value Apply rule.

    This applies the property mapping rule, overwriting any data changes in the connected system.

    IMPORTANT: Only select this option in exceptional cases. Afterward, check the data modifications that might be overwritten by this.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级