[midPoint] Delayed Disable after Deleted from Resource

Jason Everling jeverling at bshp.edu
Thu Jan 15 16:12:49 CET 2015 

I wanted to update you on this, on current master I am able to use
objectTemplate in the deleted actions without it changing anything.

I have a simple mapping to set expiration and the action under the CSV is
to unlink followed by the template which works and I double-checked the
user account and no other attributes are changed. I also tested changing
orgs and updating other attributes and had same success.

I am not fluent in Java code so I had to test with a hardcoded date and
time,

How can I grab the current date/time and add lets say add 30 days to the
value and use that for validTo instead of hardcoded value ?

    <name>Deleted User Template</name>

    <description>
        This object is used to set expiration date when accounts are
removed from CSV.
    </description>
    <mapping>
        <source>
            <path>$user/activation/validTo</path>
        </source>
<expression>
<script>
<code>
'2015-12-31T22:59:00.000+01:00'
</code>
</script>
</expression>
        <target>
            <path>activation/validTo</path>
        </target>
    </mapping>

</objectTemplate>

JASON

On Tue, Jan 13, 2015 at 7:53 PM, Jason Everling <jeverling at bshp.edu> wrote:

> Thanks for the quick reply,
>
> I have been thinking of different ways, the easiest way I think that would
> work is to just remove inactivateFocus from the deleted situation and
> reference to a objectTemplate that sets the activation/validTo date which I
> see you created an issue already for a previous question of mine a while
> back
>
> https://jira.evolveum.com/browse/MID-2100
>
> Anyways, let me know what you find out, no rush. I am looking forward to
> the next release and I am patiently waiting while tinkering with all kinds
> of other useful things midpoint can do for us!
>
> JASON
>
> On Tue, Jan 13, 2015 at 3:28 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>>  Hi,
>>
>> as this seems to be quite the opposite case to what I am normally doing,
>> I'm discussing it with the developers and will post a feedback to the list
>> once I get it.
>>
>>
>> The opposite case I'm referring to is like this: when all roles providing
>> some account are unassigned from the user, midPoint will normally delete
>> the resource account. This can be reconfigured to disable the account, or
>> if you wish, to disable and then delete the account later. This is just for
>> reference, maybe someone on the list will need this:
>> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>>
>> We use this commonly.
>>
>> So for your case I will try to get an answer from the developers and see
>> if it can be configured or if it needs to be implemented.
>> Thank you for understanding. Anyway it seems to be pretty nice/usable
>> feature.
>>
>> Regards,
>> Ivan
>>
>>
>> On 01/12/2015 04:03 PM, Jason Everling wrote:
>>
>>  I know you all are busy getting work done on the next release so if
>> this requires a lot then it can wait.
>>
>>  I have a situation that I am unsure of how to go about it, I have seen
>> examples of delayed delete after disabled so this would be something like
>> that.
>>
>>  Within the main resource, a CSV file, it will contain only active
>> students/faculty/staff. When a student graduates they will no longer be in
>> the CSV resource thus I have under situations to inactivateFocus, works
>> great, disables their accounts.
>>
>>  Now what I would like to do and where I am lost and do not know where
>> to begin,
>>
>>  Instead of disabling their account immediately, How can I changed it so
>> that I can add maybe a valid-to date 30 days after being deleted from the
>> resource instead of disabling their accounts right a way.
>>
>>  Reason being, graduated students can use their accounts up to 30 days
>> after graduating then we disable them.
>>
>>  JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer
>>   evolveum.com     evolveum.com/blog/
>>   _____________________________________________
>>   "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150115/6c543051/attachment.htm>

More information about the midPoint mailing list