[midPoint] How to make Entitlement association strong / enforced ?
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Wed Jan 24 23:08:23 CET 2018
Hello list,
I have a OrgType -> AD Group projection, with construction and entitlement
association all done in a single Meta Role. This works, the groups are
created and the Org Members are added to the group.
However, if the AD user account already is a member of any other group, its
not added to the Org AD Group. And if I remove a user account from the AD
group from within Windows Server, Midpoint does not create the association
again. It's behaving like a weak mapping.
How do I make Midpoint enforce the group membership? The association
definition has tolerant attribute set to FALSE . I've tried setting
assignmentPolicyEnforcement to FULL for the resource, it does not work
either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180124/d1a2f0d4/attachment.htm>
More information about the midPoint
mailing list