[midPoint] "Valid to" field does not deactivate users
Jason Everling
jeverling at bshp.edu
Fri Jun 21 19:14:14 CEST 2019
If you want to use both, within your default user template just add a few
mappings, It will set administrativeStatus and effectiveStatus based on
validTo/From values.
see attached
On Fri, Jun 21, 2019 at 9:57 AM Oleksandr Nekriach <o.nekriach at dynatech.lv>
wrote:
> Hi Ivan,
> You absolutely right, my issue has been connected with
> administrativeStatus so it should be "Undefined" to make validTo field
> works.
>
> Best regards,
> Oleksandr
>
> On Fri, 21 Jun 2019 at 11:21, Ivan Noris <ivan.noris at evolveum.com> wrote:
>
>> Hi Oleksandr,
>>
>> please check the following:
>>
>> in user XML data, check the whole <activation> container.
>>
>> Check the values of administrativeStatus and effectiveStatus.
>>
>> The help probably means this: the effectiveStatus is computed from
>> administrativeStatus, validFrom and validTo. If
>> administrativeStatus=enabled, validFrom/validTo have no influence.
>> administrativeStatus always wins.
>>
>> If you want to use validFrom/validTo, then administrativeStatus should be
>> set to undefined.
>>
>> Please try and let us know.
>>
>> Regards,
>>
>> Ivan
>> On 21. 6. 2019 9:06, Oleksandr Nekriach wrote:
>>
>> Hi all,
>> The date in the past in "Valid to" field does not deactivate users since
>> upgrade from 3.7.2 to 3.9 version no more. I see in the user history
>> recompute event and Validity Status has been changed from IN to AFTER but
>> nothing happens and the user still remains in Enabled status.
>> I see in help "Not applied if the enabled" flag is set to any value" and
>> I can't understand what it means.
>> What I have missed, please help?
>>
>> Version 3.9.1-SNAPSHOT
>> Git describe git-v3.9support-132-gd86f841
>> ConnId framework version 1.5.0.10
>> Tomcat 8.5.23.0
>> java.version 1.8.0_151
>>
>> os.arch amd64
>> os.name Linux
>>
>>
>> --
>> Best regards,
>>
>>
>>
>> Oleksandr Nekriach | Identity and access management engineer
>>
>> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
>> <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
>>
>> +37125314685 <+371%2025%20314%20685>
>> ,
>> o.nekriach at dynatech.lv
>> |
>> www.dynatech.lv
>>
>>
>> Stay connected:
>> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
>> <https://www.linkedin.com/company-beta/17893047/>
>>
>>
>> Confidentiality Notice: This message contains confidential information
>> and is intended only for the named recipient(s). If you are not the
>> addressee you may not copy, distribute or perform any other activities with
>> this information. If you have received this transmission in error, please
>> notify us by e-mail immediately. E-mail transmission cannot be guaranteed
>> to be secure or error-free as information could be intercepted, corrupted,
>> lost, destroyed, arrive late or incomplete, or contain viruses.
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ivan Noris
>> Senior Identity Engineerevolveum.com
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> Best regards,
>
>
>
> Oleksandr Nekriach | Identity and access management engineer
>
> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
> <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
>
> +37125314685 <+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv
> |
> www.dynatech.lv
>
>
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
>
>
> Confidentiality Notice: This message contains confidential information and
> is intended only for the named recipient(s). If you are not the addressee
> you may not copy, distribute or perform any other activities with this
> information. If you have received this transmission in error, please notify
> us by e-mail immediately. E-mail transmission cannot be guaranteed to be
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190621/3cb160fa/attachment-0005.png>
-------------- next part --------------
<mapping>
<name>Set status from validity</name>
<strength>strong</strength>
<source>
<c:path>activation/validFrom</c:path>
</source>
<source>
<c:path>activation/validTo</c:path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
now = new java.util.Date();
if (validFrom != null && now.before(validFrom.toGregorianCalendar().getTime())) {
return ActivationStatusType.DISABLED;
}
if (validTo != null && now.after(validTo.toGregorianCalendar().getTime())) {
return ActivationStatusType.DISABLED;
}
</code>
</script>
</expression>
<target>
<c:path>activation/administrativeStatus</c:path>
</target>
</mapping>
<mapping>
<name>Set effective status from validity</name>
<strength>strong</strength>
<source>
<c:path>activation/validFrom</c:path>
</source>
<source>
<c:path>activation/validTo</c:path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
now = new java.util.Date();
if (validFrom != null && now.before(validFrom.toGregorianCalendar().getTime())) {
return ActivationStatusType.DISABLED;
}
if (validTo != null && now.after(validTo.toGregorianCalendar().getTime())) {
return ActivationStatusType.DISABLED;
}
</code>
</script>
</expression>
<target>
<c:path>activation/effectiveStatus</c:path>
</target>
</mapping>
More information about the midPoint
mailing list