[midPoint] Delayed Disable after Deleted from Resource
Pavol Mederly
mederly at evolveum.com
Thu Jan 15 17:03:32 CET 2015
Jason,
I was (positively) shocked by your effort before asking your first
question here (do you remember? it was about problems with the AD
connector) - a couple of months ago. That impressed me a lot. But you
can safely ask sooner than that. :-) At least for quite simple questions
that take perhaps a couple of minutes to answer.
Best regards,
Pavol
> Wow, really that is it, I was looking at this for a few days here and
> there reading on java code calendar and date functions trying to
> figure it out as I always do before I post to the mailing list!
>
> Thanks!
> JASON
>
> On Thu, Jan 15, 2015 at 9:47 AM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Hello Jason,
>
> I would suggest this:
>
> <mapping>
> <expression>
> <script>
> <code>
> validTo = basic.currentDateTime()
> validTo.add(javax.xml.datatype.DatatypeFactory.newInstance().newDuration("P30D"))
> validTo
> </code>
> </script>
> </expression>
> <target>
> <path>activation/validTo</path>
> </target>
> </mapping>
>
> Note that *P30D* is ISO 8601 representation for a duration of 30
> days, see e.g. http://www.w3.org/TR/xmlschema-2/#duration
> *basic.currentDateTime()* is a method from midPoint's basic
> functions library (
> com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions)
>
> Best regards,
> Pavol
>
>
> On 15. 1. 2015 16:12, Jason Everling wrote:
>> I wanted to update you on this, on current master I am able to
>> use objectTemplate in the deleted actions without it changing
>> anything.
>>
>> I have a simple mapping to set expiration and the action under
>> the CSV is to unlink followed by the template which works and I
>> double-checked the user account and no other attributes are
>> changed. I also tested changing orgs and updating other
>> attributes and had same success.
>>
>> I am not fluent in Java code so I had to test with a hardcoded
>> date and time,
>>
>> How can I grab the current date/time and add lets say add 30 days
>> to the value and use that for validTo instead of hardcoded value ?
>>
>> <name>Deleted User Template</name>
>>
>> <description>
>> This object is used to set expiration date when accounts
>> are removed from CSV.
>> </description>
>> <mapping>
>> <source>
>> <path>$user/activation/validTo</path>
>> </source>
>> <expression>
>> <script>
>> <code>
>> '2015-12-31T22:59:00.000+01:00'
>> </code>
>> </script>
>> </expression>
>> <target>
>> <path>activation/validTo</path>
>> </target>
>> </mapping>
>>
>> </objectTemplate>
>>
>> JASON
>>
>> On Tue, Jan 13, 2015 at 7:53 PM, Jason Everling
>> <jeverling at bshp.edu <mailto:jeverling at bshp.edu>> wrote:
>>
>> Thanks for the quick reply,
>>
>> I have been thinking of different ways, the easiest way I
>> think that would work is to just remove inactivateFocus from
>> the deleted situation and reference to a objectTemplate that
>> sets the activation/validTo date which I see you created an
>> issue already for a previous question of mine a while back
>>
>> https://jira.evolveum.com/browse/MID-2100
>>
>> Anyways, let me know what you find out, no rush. I am looking
>> forward to the next release and I am patiently waiting while
>> tinkering with all kinds of other useful things midpoint can
>> do for us!
>>
>> JASON
>>
>> On Tue, Jan 13, 2015 at 3:28 PM, Ivan Noris
>> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>>
>> Hi,
>>
>> as this seems to be quite the opposite case to what I am
>> normally doing, I'm discussing it with the developers and
>> will post a feedback to the list once I get it.
>>
>>
>> The opposite case I'm referring to is like this: when all
>> roles providing some account are unassigned from the
>> user, midPoint will normally delete the resource account.
>> This can be reconfigured to disable the account, or if
>> you wish, to disable and then delete the account later.
>> This is just for reference, maybe someone on the list
>> will need this:
>> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>>
>> We use this commonly.
>>
>> So for your case I will try to get an answer from the
>> developers and see if it can be configured or if it needs
>> to be implemented.
>> Thank you for understanding. Anyway it seems to be pretty
>> nice/usable feature.
>>
>> Regards,
>> Ivan
>>
>>
>> On 01/12/2015 04:03 PM, Jason Everling wrote:
>>> I know you all are busy getting work done on the next
>>> release so if this requires a lot then it can wait.
>>>
>>> I have a situation that I am unsure of how to go about
>>> it, I have seen examples of delayed delete after
>>> disabled so this would be something like that.
>>>
>>> Within the main resource, a CSV file, it will contain
>>> only active students/faculty/staff. When a student
>>> graduates they will no longer be in the CSV resource
>>> thus I have under situations to inactivateFocus, works
>>> great, disables their accounts.
>>>
>>> Now what I would like to do and where I am lost and do
>>> not know where to begin,
>>>
>>> Instead of disabling their account immediately, How can
>>> I changed it so that I can add maybe a valid-to date 30
>>> days after being deleted from the resource instead of
>>> disabling their accounts right a way.
>>>
>>> Reason being, graduated students can use their accounts
>>> up to 30 days after graduating then we disable them.
>>>
>>> JASON
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary
>>> and confidential; intended for only the recipient(s)
>>> named above and may contain information that is
>>> privileged. You should not retain, copy or use this
>>> e-mail or any attachments for any purpose, or disclose
>>> all or any part of the contents to any person. Any views
>>> or opinions expressed in this e-mail are those of the
>>> author and do not represent those of the Baptist School
>>> of Health Professions. If you have received this e-mail
>>> in error, or are not the named recipient(s), you are
>>> hereby notified that any review, dissemination,
>>> distribution or copying of this communication is
>>> prohibited by the sender and to do so might constitute a
>>> violation of the Electronic Communications Privacy Act,
>>> 18 U.S.C. section 2510-2521. Please immediately notify
>>> the sender and delete this e-mail and any attachments
>>> from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer
>> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
>> _____________________________________________
>> "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150115/328da363/attachment.htm>
More information about the midPoint
mailing list