Reconciliation properties

Reconciliation properties

Reconciliation properties are used to configure the reconciliation process where data retrieved from agents is synchronized in the IBM Security Identity Manager database.

Reconciliation properties

Reconciliation configuration
enrole.reconciliation.accountcachesize
Maximum size of the cache for existing accounts cache used for the reconciliation process. Setting a value larger than the default might cause processing of reconciliations to fail.
Default: enrole.reconciliation.accountcachesize=2000
Do not change this property key and value unless you are a qualified administrator.
enrole.reconciliation.threadcount
Number of threads used to handle reconciled entries. This number of threads is created for each reconciliation process.
Default: enrole.reconciliation.threadcount=8
Do not change this property key and value unless you are a qualified administrator.

enrole.reconciliation.failurethreshold
Maximum number of local accounts to delete at the end of reconciliation. If the value is exceeded, then no local account or supporting data entries are deleted. If the value is followed by a percent sign (%), specifies the maximum as percentage compared with total of (local accounts at reconciliation start plus the new accounts returned by reconciliation). A value of 100% specifies that there is no limit.

Default: #enrole.reconciliation.failurethreshold=100%
Do not change this property key and value unless you are a qualified administrator.

enrole.reconciliation.logTimeInterval
Time interval in seconds for reconciliation progress trace log messages. A value of zero disables this time interval.
Default: #enrole.reconciliation.logTimeInterval=600
Do not change this property key and value unless you are a qualified administrator.

enrole.reconciliation.logEveryNResults
Count for reconciliation progress trace log messages. A value of zero disables this count.
Default: #enrole.reconciliation.logEveryNResults=5000
Do not change this property key and value unless you are a qualified administrator.

Unsolicited notification events
account.EventProcessorFactory
Built-in Java™ class for the account event processor factory.
Default: account.EventProcessorFactory=com.ibm.itim.remoteservices.ejb.reconciliation.AccountEventProcessorFactory
Do not modify this property key and value.
person.EventProcessorFactory
Built-in Java class for the person event processor factory.
Default: person.EventProcessorFactory=com.ibm.itim.remoteservices.ejb. reconciliation.PersonEventProcessorFactory
Do not modify this property key and value.

Reconciliation processing
account.ReconEntryHandlerFactory
Built-in Java class for the account entry handler factory.
Default: account.ReconEntryHandlerFactory=com.ibm.itim.remoteservices.ejb.mediation.AccountEntryHandlerFactory
Do not modify this property key and value.
person.ReconEntryHandlerFactory
Built-in Java class for the person entry handler factory.
Default: person.ReconEntryHandlerFactory=com.ibm.itim.remoteservices.ejb.mediation.PersonEntryHandlerFactory
Do not modify this property key and value.
enrole.reconciliation.accountChangeFormatter
When specified, this property allows you to customize how local attribute changes that are detected during reconciliation are formatted and stored. The default behavior can be overridden by specifying the fully qualified Java class name of an alternative implementation.

Default: enrole.reconciliation.accountChangeFormatter=com.example.custom.AccountChangeFormatter
This assumes Java class com.example.custom.AccountChangeFormatter is a custom implementation of interface com.ibm.itim.remoteservices.ejb.mediation.IAccountChangeFormatter).
Do not change this property key and value unless you are a qualified administrator.

Deferring requests for failed remote resources
com.ibm.itim.remoteservices.ResourceProperties.DEFER_FAILED_RESOURCE
Specifies whether to defer requests to failed resources and wait for resource to restart before it sends them. Valid values are.

true – Defers requests to failed resources and waits for the resource to restart.
false – If the resource fails, requests follows the configured workflow retry mechanism before it terminates as failed. See enrole.workflow.maxretry and enrole.workflow.retrydelay.

Default: com.ibm.itim.remoteservices.ResourceProperties.DEFER_FAILED_RESOURCE=true
Do not modify this property key and value.

remoteservices.remotepending.interval
Interval in seconds (120 minimum to 3600 maximum) to check whether failed resources restart.

Default: remoteservices.remotepending.interval=600
Do not modify this property key and value.

com.ibm.itim.remoteservices.ResourceProperties.MAX_REQUEST_TIME
Maximum time in seconds that a request to a resource can be outstanding. It includes time in pending state for asynchronous requests, or deferred requests due to a service failure or request backlog. Valid values are.

-1 – Unlimited
60 + (value of remoteservices.remotepending.interval) – Minimum time interval for outstanding requests.

Default: com.ibm.itim.remoteservices.ResourceProperties.MAX_REQUEST_TIME=-1
Do not modify this property key and value.

remoteservices.remotepending.restart.retry
Time interval in minutes that pending requests generated from the restart of a failed service are given to complete. When the time interval ends, the server retries the requests.

Default: remoteservices.remotepending.restart.retry=1440
Do not modify this property key and value.
com.ibm.itim.remoteservices.DSML2ServiceProvider.modifyAsREPLACE
For remote services, specifies the DSMLv2 (deprecated) provider mode of sending a modify request for attributes.

Values include.

true – Use the REPLACE operation.
false – Use the ADD and DELETE operations.

Default: com.ibm.itim.remoteservices.DSML2ServiceProvider.modifyAsREPLACE=true
Do not change this property key and value unless you are a qualified administrator.

Parent topic: System property configuration in enRole.properties

Reconciliation configuration
enrole.reconciliation.accountcachesize
Maximum size of the cache for existing accounts cache used for the reconciliation process. Setting a value larger than the default might cause processing of reconciliations to fail. Default: enrole.reconciliation.accountcachesize=2000 Do not change this property key and value unless you are a qualified administrator.
enrole.reconciliation.threadcount
Number of threads used to handle reconciled entries. This number of threads is created for each reconciliation process. Default: enrole.reconciliation.threadcount=8 Do not change this property key and value unless you are a qualified administrator.
enrole.reconciliation.failurethreshold
Maximum number of local accounts to delete at the end of reconciliation. If the value is exceeded, then no local account or supporting data entries are deleted. If the value is followed by a percent sign (%), specifies the maximum as percentage compared with total of (local accounts at reconciliation start plus the new accounts returned by reconciliation). A value of 100% specifies that there is no limit. Default: #enrole.reconciliation.failurethreshold=100% Do not change this property key and value unless you are a qualified administrator.
enrole.reconciliation.logTimeInterval
Time interval in seconds for reconciliation progress trace log messages. A value of zero disables this time interval. Default: #enrole.reconciliation.logTimeInterval=600 Do not change this property key and value unless you are a qualified administrator.
enrole.reconciliation.logEveryNResults
Count for reconciliation progress trace log messages. A value of zero disables this count. Default: #enrole.reconciliation.logEveryNResults=5000 Do not change this property key and value unless you are a qualified administrator.

Unsolicited notification events
account.EventProcessorFactory
Built-in Java™ class for the account event processor factory. Default: account.EventProcessorFactory=com.ibm.itim.remoteservices.ejb.reconciliation.AccountEventProcessorFactory Do not modify this property key and value.
person.EventProcessorFactory
Built-in Java class for the person event processor factory. Default: person.EventProcessorFactory=com.ibm.itim.remoteservices.ejb. reconciliation.PersonEventProcessorFactory Do not modify this property key and value.

Reconciliation processing
account.ReconEntryHandlerFactory
Built-in Java class for the account entry handler factory. Default: account.ReconEntryHandlerFactory=com.ibm.itim.remoteservices.ejb.mediation.AccountEntryHandlerFactory Do not modify this property key and value.
person.ReconEntryHandlerFactory
Built-in Java class for the person entry handler factory. Default: person.ReconEntryHandlerFactory=com.ibm.itim.remoteservices.ejb.mediation.PersonEntryHandlerFactory Do not modify this property key and value.
enrole.reconciliation.accountChangeFormatter
When specified, this property allows you to customize how local attribute changes that are detected during reconciliation are formatted and stored. The default behavior can be overridden by specifying the fully qualified Java class name of an alternative implementation. Default: enrole.reconciliation.accountChangeFormatter=com.example.custom.AccountChangeFormatter This assumes Java class com.example.custom.AccountChangeFormatter is a custom implementation of interface com.ibm.itim.remoteservices.ejb.mediation.IAccountChangeFormatter). Do not change this property key and value unless you are a qualified administrator.

Deferring requests for failed remote resources
com.ibm.itim.remoteservices.ResourceProperties.DEFER_FAILED_RESOURCE
Specifies whether to defer requests to failed resources and wait for resource to restart before it sends them. Valid values are. true – Defers requests to failed resources and waits for the resource to restart. false – If the resource fails, requests follows the configured workflow retry mechanism before it terminates as failed. See enrole.workflow.maxretry and enrole.workflow.retrydelay. Default: com.ibm.itim.remoteservices.ResourceProperties.DEFER_FAILED_RESOURCE=true Do not modify this property key and value.
remoteservices.remotepending.interval
Interval in seconds (120 minimum to 3600 maximum) to check whether failed resources restart. Default: remoteservices.remotepending.interval=600 Do not modify this property key and value.
com.ibm.itim.remoteservices.ResourceProperties.MAX_REQUEST_TIME
Maximum time in seconds that a request to a resource can be outstanding. It includes time in pending state for asynchronous requests, or deferred requests due to a service failure or request backlog. Valid values are. -1 – Unlimited 60 + (value of remoteservices.remotepending.interval) – Minimum time interval for outstanding requests. Default: com.ibm.itim.remoteservices.ResourceProperties.MAX_REQUEST_TIME=-1 Do not modify this property key and value.
remoteservices.remotepending.restart.retry
Time interval in minutes that pending requests generated from the restart of a failed service are given to complete. When the time interval ends, the server retries the requests. Default: remoteservices.remotepending.restart.retry=1440 Do not modify this property key and value.
com.ibm.itim.remoteservices.DSML2ServiceProvider.modifyAsREPLACE
For remote services, specifies the DSMLv2 (deprecated) provider mode of sending a modify request for attributes. Values include. true – Use the REPLACE operation. false – Use the ADD and DELETE operations. Default: com.ibm.itim.remoteservices.DSML2ServiceProvider.modifyAsREPLACE=true	Do not change this property key and value unless you are a qualified administrator.