[midPoint] Disable user in AD resource on delete from MidPoint

Ana Pereyra apereyra at identicum.com
Thu Nov 10 18:07:57 CET 2016 

Hi everyone,

I have an Active Directory resource with the activation node configured
like this:

*<activation>*
*          <!--Existence mapping hardcoded to TRUE in order not to delete
in the resource when deleted in MidPoint -->*
*          <existence>*
*            <outbound>*
*              <expression>*
*                <value>true</value>*
*              </expression>*
*            </outbound>*
*          </existence>*
*          <!-- If user exists and account is entitled -->*
*          <administrativeStatus>*
*            <outbound>*
*              <expression>*
*                <script>*
*                  <code>*
*                    import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;*
*                    if (legal && assigned)*
*                    {*
*                      input;*
*                    }*
*                    else*
*                    {*
*                      ActivationStatusType.DISABLED;*
*                    }*
*                  </code>*
*                </script>*
*              </expression>*
*            </outbound>*
*          </administrativeStatus>*
*        </activation>*

What I need is the following:

   - When a user that is linked is *disabled*, the account is *disabled *in
   AD (Working)
   - When a user has the *association *to AD *removed *(the resource is
   removed from the user, or a role containing an inducement to the resource
   is removed from the user), the account is *disabled *in AD (Working)
   - When a user that is linked is *DELETED *from MidPoint, the
account is *disabled
   *in AD (NOT WORKING). Currently, with this configuration, when I delete
   a user that is linked in AD i get the following error:

*Schema violation during processing shadow: shadow:
CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of
attribute '__NAME__' must be a single value, but it has 0values: Schema
violation during processing shadow: shadow:
CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of
attribute '__NAME__' must be a single value, but it has 0values: Schema
violation during processing shadow: shadow:
CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of
attribute '__NAME__' must be a single value, but it has 0values: Schema
violation during processing shadow: shadow:
CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of
attribute '__NAME__' must be a single value, but it has 0values*

Can anyone please help me with this? Thanks in advanced.

Regards,
-- 
*Ana Pereyra*
 Identicum S.A.

*Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
*apereyra at identicum.com <apereyra at identicum.com>*
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161110/ed72a00a/attachment.htm>

More information about the midPoint mailing list