[midPoint] User Not Getting Deleted From LDAP Group

Ivan Noris ivan.noris at evolveum.com
Fri Jan 23 16:54:12 CET 2015


Hi,

can you please check/confirm, if the following works:

1. user has assigned role which puts him to LDAP group
2. role is unassigned from the user => this should delete the LDAP
account and remove it from the group

If you delete role from midPoint, it will *not* remove the accounts from
the corresponding LDAP group.

If you unassign resource inducement from a role, it will *not* remove
anything from LDAP. It should, however, if you *recompute* users having
this role assigned as this will re-evaluate role assignments.

If you have problems with user delete, i.e. user has account in LDAP,
and is in some group, and then you delete User in midPoint, this should
remove the LDAP account and - based on LDAP system - remove references
to the deleted account from the group as well. Some directory servers
have this referential integrity built-in or even pluggable. midPoint
should work in all cases, even if the directory system does not have the
referential integrity.

Please try to confirm the case above and please also specify what
directory server are you using.

Regards,
Ivan

On 01/23/2015 04:08 PM, Anand Kothekar wrote:
> Hi,
>
>
> I was playing around with the Role Inducement and observed following
> things.
>
> _Details_ :- 
>
>  1. Created a role having Resource as an Inducement.
>  2. And assigned that role to user.
>  3. user got stored in the LDAP Group mentioned in Resource.
>
>
> _Issue_ :- While performing various Delete operations user is not
> getting removed from the LDAP Group.  
>
>
>  _User not getting Deleted from LDAP Group while doing following things._
>
>  1. Resource inducement unassigned from Role.
>  2. Role unassigned from User.
>  3. Role deleted.
>  4. User Deleted.
>
>
>
> Please provide me assistance with the above problem.
>
>
>
> Regards,
> Anand Kothekar
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com     evolveum.com/blog/
  _____________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150123/9e9b89a6/attachment.htm>


More information about the midPoint mailing list