5.4.2 Performing Limited Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

For this connector, you create a filter by specifying values for the Custom Recon Query attribute of the scheduled job for reconciliation of user records.

The following are sample query conditions:

  • First Name=John&Last Name=Doe

    With this query condition, records of users whose first name is John and last name is Doe are reconciled.

  • First Name=John|First Name=Jane

    With this query condition, record of Users with first name John and Jane are reconciled.

If you do not specify values for the Custom Recon Query attribute, then all the records in the target system are compared with existing Oracle Identity Manager records during reconciliation.

The following are guidelines to be followed while specifying a value for the Custom Recon Query attribute:

  • For the target system attributes, you must use the same case (uppercase or lowercase) as given in the table shown earlier in this section. This is because the attribute names are case-sensitive.

  • You must not include unnecessary blank spaces between operators and values in the query condition.

    A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators. For example, the output of the following query conditions would be different:

    First Name=John&Last Name=Doe

    First Name= John&Last Name= Doe

    In the second query condition, the reconciliation engine would look for first name and last name values that contain a space at the start.

  • You must not include special characters other than the equal sign (=), ampersand (&), and vertical bar (|) in the query condition.

    Note:

    An exception is thrown if you include special characters other than the equal sign (=), ampersand (&), and vertical bar (|).

  • The query condition must be an expression without any braces.

  • Searching users based on multiple value roles and groups are not supported. Only one value for roles and profiles can be queried at a time. For example, if the query condition is Usergroup=a,b,c, then the query generates an error.

  • Searching users based on more than three user attributes are not supported. For example, if the query condition is userid=JOHN&firstname=John&lastname=Doe&country=US, then the query generates an error.

You specify a value for the Custom Recon Query attribute while configuring the scheduled job user record reconciliation.

Sample Query Conditions

You can specify the following types of query conditions as values for the Custom Recon Query attribute and run the scheduled job for user record reconciliation:

  • Simple query with user attributes, for example:

    • Value assigned to the Custom Recon Query attribute: First Name=John

      Users with first name John is reconciled.

    • Value assigned to the Custom Recon Query attribute: Login Name=JOHN

      Users with login name JOHN are reconciled.

    • Value assigned to the Custom Recon Query attribute: First Name=John|First Name=Jane

      Users with first name John and Jane are reconciled.

    • Value assigned to the Custom Recon Query attribute: First Name=John&Last Name=Doe

      Users with the first name John and last name Doe are reconciled.

  • Query based on positions and responsibilities, for example:

    • Value assigned to the Custom Recon Query attribute: Position=Proxy Employee|Position=ERM AnonUser

      All users having positions as Proxy Employee or ERM AnonUser are reconciled.

    • Value assigned to the Custom Recon Query attribute: Responsibility=CEO&Responsibility=Consultant

      All users having responsibilities as CEO and Consultant are reconciled.

    • Value assigned to the Custom Recon Query attribute: Responsibility=CEO&Position=ERM AnonUser

      All users having responsibility CEO and position as ERM AnonUser are reconciled.

  • Complex queries, for example:

    • Value assigned to the Custom Recon Query attribute: First Name=John&Position=Proxy Employee|Position=ERM AnonUser

      All users having first name as John and position as Proxy Employee, as well as all users with position as ERM AnonUser are reconciled.

    • Value assigned to the Custom Recon Query attribute: Last Name=Doe|Position=Proxy Employee&Responsibility=CEO

      All users having last name as Doe plus all users having both Position as Proxy Employee and Responsibility as CEO are reconciled.

Note:

For queries with a combination of & and |, the name value pairs adjacent to the & operator are taken as if they are in parenthesis by Siebel.