[Midpoint-dev] Inducement updates are not propagated to User after reconciliation

Anand Kothekar anand.kothekar at confluxsys.com
Thu Jan 22 14:03:17 CET 2015

Hi Ivan,

Thanks for your inputs.

I tried it by adding this constraint in inducement itself and it worked but
I want to do this at resource level.

I tried adding the same in resource but the thing is I do not have any
outbound mapping defined for these attributes (as I use the value entered
by user ) now if I add only strength property in outbound it gives me Error.

Can you help me with pointing to the right kind of mapping I need to do.

Here is the host attribute snippet from my resource:
            <ref xmlns:ri="
            <matchingRule xmlns:mr="

I need to know how I can map value entered by user.

Anand Kothekar

On Thu, Jan 22, 2015 at 5:52 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:

>  Hi Anand,
> can you please define the mappings for description and host attributes as
> strong?
> Something like:
>                 <attribute>
>                     <ref>ri:description</ref>
>                     <outbound>
> *                        <strength>strong</strength>*
> . . .
>                     </outbound>
>                 </attribute>
> Then run the reconciliation again please.
> If you already have this configured and it does not work, please share the
> attribute mappings here.
> Regards,
> I.
> On 01/20/2015 11:15 AM, Anand Kothekar wrote:
> Hi,
>  I have been playing around with role inducements and found some issue,
> need some quick help as inducements are quite important for our solution.
>  *Issue:* Inducement updates are not propagated properly to User after
> reconciliation.
>  *Details:* When user is a assigned a role having a resource inducement,
> User gets appropriate accounts and induced group memberships. Now Changing
> some attributes in role inducements are not propagated after reconciling
> User.
>  *Steps Followed:*
> - I added and ldap resource inducement in a new Role*. *I provided some
> attributes like LdapGroups, Host, and description.
>  - User is  assigned to this Role. User gets the ldap account,
> appropriate group memberships and other attributes specified in inducement
> (i.e. description ,host(multivalued attribute from an Auxiliary object
> class)). So all good till now.
> - Now I updated the Resource inducement for example changed the
> description, added few groups, added few host.
> - After inducement modification I reconciled the User, and following are
> the results:
> - Group membership is updated appropriately.
>  - Description is not updated
>  - host attribute is not updated
>  Can you guys please check and let me know if I am doing something wrong
> or is it a problem somewhere in my resource or some other issue with
> midpoint system.
>  Regards
> Anand Kothekar
> _______________________________________________
> midPoint-dev mailing listmidPoint-dev at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint-dev
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer
>   evolveum.com     evolveum.com/blog/
>   _____________________________________________
>   "Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150122/faa84edb/attachment.html>

More information about the midPoint-dev mailing list