[midPoint] Reconcile Task disabled users in GUI
Ivan Noris
ivan.noris at evolveum.com
Thu Oct 1 12:31:36 CEST 2015
Hi Jason,
I have encountered similar behaviour - reconciliation or recompute task
(or reconcile checkbox) disabled accounts that were not provided by roles.
This happened after migration from 3.0.x -> 3.3-snapshot and with the
following configuration in resource (see bold text):
<activation>
<existence>
<outbound>
<strength>weak</strength>
<expression>
<path>$focusExists</path>
</expression>
</outbound>
</existence>
<administrativeStatus>
<outbound>
<strength>strong</strength>
<!-- XXX to allow to disable when removing roles by recomputing users; but
enforcement MUST be set to FULL for this to work -->
<expression>
<script>
<code>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
* if (legal && assigned) { //
previously only "legal" was used**
* input;
} else {
ActivationStatusType.DISABLED;
}
</code>
</script>
</expression>
</outbound>
</administrativeStatus>
</activation>
Are you using this config too?
Regard,
I.
On 09/25/2015 05:58 PM, Jason Everling wrote:
> I found out why!
>
> So if these users did not have any role assigned then their GUI
> accounts were being disabled.
>
> Strange though, this did not happen in 3.1.1, so maybe there was a bug
> in 3.1.1 related to that?
>
> JASON
>
> On Fri, Sep 25, 2015 at 10:08 AM, Jason Everling <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>> wrote:
>
> I have a recon task that runs every night and after I updated us
> to 3.2 the task last night disabled about 30 accounts, only their
> GUI account and not all their other resource accounts.
>
> It should have never disabled their accounts, I cannot figure out
> why that happened and even within the resource there is nothing
> stated to inactivate or anything, this same task/resource has been
> running every night for about 3 weeks now and this is the first
> time this happened,
>
> Thanks!
>
> --
> JASON
>
>
>
>
> --
> JASON
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151001/9ea06616/attachment.htm>
More information about the midPoint
mailing list