[midPoint] Extra Associations under Projections account
Florin. Stingaciu
fstingaciu at mirantis.com
Tue Jun 7 21:15:31 CEST 2016
Hello,
So I have this user which has only one assignment, to role cpe_services.
This role was created using the following metarole:
http://pastebin.com/uMtwyfCV
This metarole has five different inducements:
- the first inducement is an order one inducement that creates an LDAP
group with intent 'serviceGroup'
- the second inducement is an order two inducement that create a
'default' account if the employee type is equal to 'user'
- the third inducement is an order two inducement that create a
'service' account if the employee type is equal to 'service'
- the fourth and fifth are both second order inducements that generate a
gid and uid for the user
The assignment of cpe_services to the metarole creates the cpe_services
group in LDAP. The assignment of the user to cpe_services, creates an LDAP
'service' account, however when I look under projections, click on the
account, and look at associations, I see the following:
http://imgur.com/CUEH7uw
The only association there should be the "Service Group" association. The
posixMembership is an entitlement that the serviceAccount can have, however
it is not defined within this metarole. Also, as you can see, the dn for
the association is the same in both.
This problem is not only limited to my serviceGroups entitlement but all
entitlements. It also happens for different types of accounts as well.
Please let me know if I can provide with anything further that would help
debug this issue.
Thanks,
-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/7c605a25/attachment.htm>
More information about the midPoint
mailing list