[midPoint] Active Directory Role setting Attribute on AD Account, does not Cleanup Attribute whe Role is removed

Thu Jul 6 13:38:05 CEST 2023

Hi Lubo,

Thank you very much for your help, it solved my problem.

Best Regards,
Patrik

Von: Lubomir Odlevak <odlevak.lubomir at gmail.com>
Gesendet: Donnerstag, 6. Juli 2023 12:03
An: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Patrik Sidler <patrik.sidler at itconcepts.ch>
Betreff: Re: [midPoint] Active Directory Role setting Attribute on AD Account, does not Cleanup Attribute whe Role is removed

Hi Patrik,

try this:
<outbound>
            <expression>
                        <value>ImportantValue</value>
            </expression>
            <target>
                        <set>
                                   <predefined>all</predefined>
                        </set>
            </target>
</outbound
Regards
Lubo

št 6. 7. 2023 o 11:19 Patrik Sidler via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> napísal(a):
Hi Commuinity,

I have created a Role, that sets a predefined Attribute Value on an users Active Directory Account when the role I assigned.

<role xmlns=http://midpoint.evolveum.com/xml/ns/public/common/common-3
      xmlns:c=http://midpoint.evolveum.com/xml/ns/public/common/common-3
      xmlns:icfs=http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
      xmlns:org=http://midpoint.evolveum.com/xml/ns/public/common/org-3
      xmlns:q=http://prism.evolveum.com/xml/ns/public/query-3
      xmlns:ri=http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
      xmlns:t=http://prism.evolveum.com/xml/ns/public/types-3>
    <name>SetValue</name>
    <description>Role required to set a Value on an Attribute</description>
    <indestructible>true</indestructible>
    <requestable>true</requestable>
    <inducement id="2">
        <construction>
            <resourceRef oid="fb3f7385-7a9a-4e8c-926e-8fc23de7efb5" relation="org:default" type="c:ResourceType"/>
            <attribute>
                <ref>ri:extensionAttribute1</ref>
                <outbound>
                    <expression>
                        <value>ImportantValue</value>
                    </expression>
                </outbound>
            </attribute>
        </construction>
    </inducement>
</role>

The Assignment works perfect. As soon as the Role is assigned, the Value is available on the Users Active Directory Account.

But when I remove the Role, the value stays on the Attribute. It will not be removed when I unassign the Role?

I do not know if this is possible or not.
But It would be great if anyone is having an Idea how to clean up the Attribute when I unassign the Role.

Thank you in advance for your help.

Best Regards,
Patrik
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230706/d6a85dfb/attachment-0001.htm>