[midPoint] Assigned AD group does not reappear when 1 of 2 groups is deleted from AD user
Aivo Kuhlberg
aivo.kuhlberg at rmit.ee
Wed Apr 27 14:49:19 CEST 2016
Hi Gusto, Ivan,
My AD sync resource is here: http://pastebin.com/4McckbmY
Imported AD groups have following metarole assignment: http://pastebin.com/z4pNS3hq
Regards,
Aivo Kuhlberg
________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelIvan Noris <ivan.noris at evolveum.com>
Saadetud: 27. aprill 2016 14:56
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] Assigned AD group does not reappear when 1 of 2 groups is deleted from AD user
Hi Aivo,
also please show us how associations for groups are configured in the roles that put users to that groups.
The mappings should be <strength>strong</strength> to apply during recon.
I
On 04/27/2016 01:45 PM, Pálos Gustáv wrote:
Hi,
please send me a resource config XML
Do you use <tolerant>false</tolerant> in group attribute in schemaHandling?
Gusto
2016-04-27 13:33 GMT+02:00 Aivo Kuhlberg <aivo.kuhlberg at rmit.ee<mailto:aivo.kuhlberg at rmit.ee>>:
I noticed today strange behavior about midPoint role reassignment. I have set up AD sync and imported users and also groups as roles. I am testing user who have AD resource assignment in midPoint and also 2 AD-group-based role assignments.
At first I remove in AD one of the assigned role-based groups from user, but not both groups. Then I run recomputation task in midPoint.
Result: previously deleted group does not appear again to AD user
If I remove both groups in AD then after recomputation both groups appear again in AD user
Is this a bug or I am missing something?
I use midPoint 3.3.1 with AD connector
Thanks,
Aivo Kuhlberg
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160427/9e138d7c/attachment.htm>
More information about the midPoint
mailing list