[midPoint] Assigned AD group does not reappear when 1 of 2 groups is deleted from AD user

Ivan Noris ivan.noris at evolveum.com
Wed Apr 27 13:56:19 CEST 2016 

Hi Aivo,
also please show us how associations for groups are configured in the
roles that put users to that groups.
The mappings should be <strength>strong</strength> to apply during recon.

I

On 04/27/2016 01:45 PM, Pálos Gustáv wrote:
> Hi,
>
> please send me a resource config XML
> Do you use <tolerant>false</tolerant> in group attribute
> in schemaHandling?
>
> Gusto
>
>
> 2016-04-27 13:33 GMT+02:00 Aivo Kuhlberg <aivo.kuhlberg at rmit.ee
> <mailto:aivo.kuhlberg at rmit.ee>>:
>
>     I noticed today strange behavior about midPoint role reassignment.
>     I have set up AD sync and imported users and also groups as roles.
>     I am testing user who have AD resource assignment in midPoint and
>     also 2 AD-group-based role assignments.
>     At first I remove in AD one of the assigned role-based groups from
>     user, but not both groups. Then I run recomputation task in midPoint.
>     Result: previously deleted group does not appear again to AD user
>     If I remove both groups in AD then after recomputation both groups
>     appear again in AD user
>     Is this a bug or I am missing something?
>
>     I use midPoint 3.3.1 with AD connector
>
>
>     Thanks,
>
>     Aivo Kuhlberg
>
>
>     ------------------------------------------------------------------------
>     Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
>     tunnistatud teavet.
>     This e-mail may contain information which is classified for
>     official use.
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160427/46ca7954/attachment.htm>

More information about the midPoint mailing list