[midPoint] Delayed Disable after Deleted from Resource
Pavol Mederly
mederly at evolveum.com
Thu Jan 15 16:47:52 CET 2015
Hello Jason,
I would suggest this:
<mapping>
<expression>
<script>
<code>
validTo = basic.currentDateTime()
validTo.add(javax.xml.datatype.DatatypeFactory.newInstance().newDuration("P30D"))
validTo
</code>
</script>
</expression>
<target>
<path>activation/validTo</path>
</target>
</mapping>
Note that *P30D* is ISO 8601 representation for a duration of 30 days,
see e.g. http://www.w3.org/TR/xmlschema-2/#duration
*basic.currentDateTime()* is a method from midPoint's basic functions
library (
com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions)
Best regards,
Pavol
On 15. 1. 2015 16:12, Jason Everling wrote:
> I wanted to update you on this, on current master I am able to use
> objectTemplate in the deleted actions without it changing anything.
>
> I have a simple mapping to set expiration and the action under the CSV
> is to unlink followed by the template which works and I double-checked
> the user account and no other attributes are changed. I also tested
> changing orgs and updating other attributes and had same success.
>
> I am not fluent in Java code so I had to test with a hardcoded date
> and time,
>
> How can I grab the current date/time and add lets say add 30 days to
> the value and use that for validTo instead of hardcoded value ?
>
> <name>Deleted User Template</name>
>
> <description>
> This object is used to set expiration date when accounts are
> removed from CSV.
> </description>
> <mapping>
> <source>
> <path>$user/activation/validTo</path>
> </source>
> <expression>
> <script>
> <code>
> '2015-12-31T22:59:00.000+01:00'
> </code>
> </script>
> </expression>
> <target>
> <path>activation/validTo</path>
> </target>
> </mapping>
>
> </objectTemplate>
>
> JASON
>
> On Tue, Jan 13, 2015 at 7:53 PM, Jason Everling <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>> wrote:
>
> Thanks for the quick reply,
>
> I have been thinking of different ways, the easiest way I think
> that would work is to just remove inactivateFocus from the deleted
> situation and reference to a objectTemplate that sets the
> activation/validTo date which I see you created an issue already
> for a previous question of mine a while back
>
> https://jira.evolveum.com/browse/MID-2100
>
> Anyways, let me know what you find out, no rush. I am looking
> forward to the next release and I am patiently waiting while
> tinkering with all kinds of other useful things midpoint can do
> for us!
>
> JASON
>
> On Tue, Jan 13, 2015 at 3:28 PM, Ivan Noris
> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi,
>
> as this seems to be quite the opposite case to what I am
> normally doing, I'm discussing it with the developers and will
> post a feedback to the list once I get it.
>
>
> The opposite case I'm referring to is like this: when all
> roles providing some account are unassigned from the user,
> midPoint will normally delete the resource account. This can
> be reconfigured to disable the account, or if you wish, to
> disable and then delete the account later. This is just for
> reference, maybe someone on the list will need this:
> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>
> We use this commonly.
>
> So for your case I will try to get an answer from the
> developers and see if it can be configured or if it needs to
> be implemented.
> Thank you for understanding. Anyway it seems to be pretty
> nice/usable feature.
>
> Regards,
> Ivan
>
>
> On 01/12/2015 04:03 PM, Jason Everling wrote:
>> I know you all are busy getting work done on the next release
>> so if this requires a lot then it can wait.
>>
>> I have a situation that I am unsure of how to go about it, I
>> have seen examples of delayed delete after disabled so this
>> would be something like that.
>>
>> Within the main resource, a CSV file, it will contain only
>> active students/faculty/staff. When a student graduates they
>> will no longer be in the CSV resource thus I have under
>> situations to inactivateFocus, works great, disables their
>> accounts.
>>
>> Now what I would like to do and where I am lost and do not
>> know where to begin,
>>
>> Instead of disabling their account immediately, How can I
>> changed it so that I can add maybe a valid-to date 30 days
>> after being deleted from the resource instead of disabling
>> their accounts right a way.
>>
>> Reason being, graduated students can use their accounts up to
>> 30 days after graduating then we disable them.
>>
>> JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above
>> and may contain information that is privileged. You should
>> not retain, copy or use this e-mail or any attachments for
>> any purpose, or disclose all or any part of the contents to
>> any person. Any views or opinions expressed in this e-mail
>> are those of the author and do not represent those of the
>> Baptist School of Health Professions. If you have received
>> this e-mail in error, or are not the named recipient(s), you
>> are hereby notified that any review, dissemination,
>> distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of
>> the Electronic Communications Privacy Act, 18 U.S.C. section
>> 2510-2521. Please immediately notify the sender and delete
>> this e-mail and any attachments from your computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
> _____________________________________________
> "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150115/8d80197b/attachment.htm>
More information about the midPoint
mailing list