[midPoint] Valid to role assignment problem
Ivan Noris
ivan.noris at evolveum.com
Fri Oct 28 21:10:52 CEST 2016
Hi Aivo,
please check this issue: https://jira.evolveum.com/browse/MID-3296
If it's what you are experiencing, please check how is you association +
tolerant configured.
Ivan
On 10/28/2016 10:14 AM, Aivo Kuhlberg wrote:
>
> Hello,
>
> I am testing role assignment valid from/to triggering and have problem
> with valid to functionality. I assigned role to midPoint user and
> before saving the assignment I specified validto value. This midPoint
> role is imported from AD group so I expect that when the valid to time
> is over then the AD group will be removed from the AD user but that
> does not happen. Even full reconciliation of AD users and groups did
> not help. Even changing the administrative status to "Disabled" did
> not help. But when I changed it to "Enabled" and then "Disabled" then
> the AD user group membership dissapeared. Can it be because I am using
> .NET AD connector and in LDAP connector this problem is fixed?
> Before that I tested "Valid From" field triggering and that worked as
> expected - after the specified time and validity scanner run the AD
> group was assigned to AD user.
> Regards,
> Aivo Kuhlberg
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161028/5160416d/attachment.htm>
More information about the midPoint
mailing list