[midPoint] Delayed Disable after Deleted from Resource

Jason Everling jeverling at bshp.edu
Tue Feb 24 15:25:10 CET 2015


Thanks for the official update, I have it setup right now for almost every
situation on my CSV resource and it is working as expected, I thought I had
relayed this info to you all so you could close it out but I am guessing I
did not,

This is what I am using an it works wonderfully!

                <reaction>
<!-- Users will be DISABLED and moved into the OU=DISABLED Org/OU -->
                    <situation>deleted</situation>
<objectTemplateRef oid="10000000-0000-0000-1234-000000000301"/>
<action ref="
http://midpoint.evolveum.com/xml/ns/public/model/action-3#inactivateFocus"/>
                </reaction>
                <reaction>
<!-- Users will be ENABLED and moved into the correct Org/OU -->
                    <situation>unlinked</situation>
<objectTemplateRef oid="10000000-0000-0000-1234-000000000302"/>
                    <action ref="
http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount"/>
                </reaction>
                <reaction>
                    <!-- Users will be CREATED and moved into the correct
Org/OU -->
                    <situation>unmatched</situation>
                    <objectTemplateRef
oid="10000000-0000-0000-1234-000000000203"/>
                    <action ref="
http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser"/>
                </reaction>

JASON

On Tue, Feb 24, 2015 at 8:13 AM, Ivan Noris <ivan.noris at evolveum.com> wrote:

>  Hi Jason,
>
> I have just re-tested the
>
> https://jira.evolveum.com/browse/MID-2100 "Can't use object template in
> deleted synchronization action - causes removing of user attribute values"
>
> issue and it seems to work with the current master with the setup
> described in the issue. It should work also with the 3.1 release as it was
> fixed by Pavol a month ago. If you can test it in your environment, please
> let me know.
>
> Thanks & regards,
> Ivan
>
>
> On 01/14/2015 02:53 AM, Jason Everling wrote:
>
> Thanks for the quick reply,
>
>  I have been thinking of different ways, the easiest way I think that
> would work is to just remove inactivateFocus from the deleted situation and
> reference to a objectTemplate that sets the activation/validTo date which I
> see you created an issue already for a previous question of mine a while
> back
>
>  https://jira.evolveum.com/browse/MID-2100
>
>  Anyways, let me know what you find out, no rush. I am looking forward to
> the next release and I am patiently waiting while tinkering with all kinds
> of other useful things midpoint can do for us!
>
>  JASON
>
> On Tue, Jan 13, 2015 at 3:28 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>>  Hi,
>>
>> as this seems to be quite the opposite case to what I am normally doing,
>> I'm discussing it with the developers and will post a feedback to the list
>> once I get it.
>>
>>
>> The opposite case I'm referring to is like this: when all roles providing
>> some account are unassigned from the user, midPoint will normally delete
>> the resource account. This can be reconfigured to disable the account, or
>> if you wish, to disable and then delete the account later. This is just for
>> reference, maybe someone on the list will need this:
>> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>>
>> We use this commonly.
>>
>> So for your case I will try to get an answer from the developers and see
>> if it can be configured or if it needs to be implemented.
>> Thank you for understanding. Anyway it seems to be pretty nice/usable
>> feature.
>>
>> Regards,
>> Ivan
>>
>>
>> On 01/12/2015 04:03 PM, Jason Everling wrote:
>>
>>   I know you all are busy getting work done on the next release so if
>> this requires a lot then it can wait.
>>
>>  I have a situation that I am unsure of how to go about it, I have seen
>> examples of delayed delete after disabled so this would be something like
>> that.
>>
>>  Within the main resource, a CSV file, it will contain only active
>> students/faculty/staff. When a student graduates they will no longer be in
>> the CSV resource thus I have under situations to inactivateFocus, works
>> great, disables their accounts.
>>
>>  Now what I would like to do and where I am lost and do not know where
>> to begin,
>>
>>  Instead of disabling their account immediately, How can I changed it so
>> that I can add maybe a valid-to date 30 days after being deleted from the
>> resource instead of disabling their accounts right a way.
>>
>>  Reason being, graduated students can use their accounts up to 30 days
>> after graduating then we disable them.
>>
>>  JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer
>>   evolveum.com     evolveum.com/blog/
>>   _____________________________________________
>>   "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150224/b453d395/attachment.htm>


More information about the midPoint mailing list