[midPoint] recompute on OU members
Dick Muller
dick.muller at tahzoo.com
Wed Sep 14 13:37:02 CEST 2016
Strangest thing is:
When I configure the role on an OU some users aren’t projected to the group in the AD domain.
If the same user is directly added to the group as an assignment it doesn’t work eighter.
But if I unassign the role from the OU and assign the user directly to that group it works.
Very strange, especially because there are users in that OU that inherit the role successfully.
The user objects in the repository show that they inherit the role. I looked at the shadow objects, the user objects, the role objects.
I absolutely don’t understand why?
Dick Muller
Senior Systems Engineer
P: 0031 8 82682586 | M: 0031 6 46477690
E: dick.muller at tahzoo.com | W: www.tahzoo.com
A: Delftechpark 37I, 2628 XJDelft, Netherlands
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Wednesday 14 September 2016 at 08:46
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: [midPoint] recompute on OU members
Hi,
I have 700 users devided over different OU’s for ease of administration.
I now want to add all members of a OU in a new role and added the role as an inducement to the OU.
After that I did a recompute on all members in the OU.
For some reason some users are added to the role and projected to our AD environment successfully.
But most of them are not.
I enabled the projector logging and recomputed two users blokers that was added successfully and mduiker that wasn’t added.
You can find the two logs in this mail.
In the mduiker file there are errors for the NLDFTDC01 (Hinttech) resource, but I don’t mind because I only used that for provisioning.
The projection I really need is to the Tahzoo EU1 envinroment.
In the log I can see the evaluation and the assignment path for the role jira-users and don’t see any errors on that.
But still it isn’t projected to Tahzoo EU1 domain.
Is there something I can do or that I didn’t see?
Thanks in advance,
DIck
[cid:image001.png at 01D20E8D.12E5E6C0]<http://www.tahzoo.com>
Dick Muller
Senior Systems Engineer
P:
0031 8 82682586<tel:0031%208%2082682586>
|
M:
0031 6 46477690<tel:0031%206%2046477690>
E:
dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>
|
W:
www.tahzoo.com<http://www.tahzoo.com>
A:
Delftechpark 37I, 2628 XJ Delft, Netherlands<https://www.google.com/maps/place/Delftechpark+37,+2628+XJ+Delft,+Netherlands/@51.997531,4.3824845,17z/data=!3m1!4b1!4m5!3m4!1s0x47c5b589ec2c237b:0x22b6e5d15befb3d5!8m2!3d51.997531!4d4.3846732>
[cid:image002.png at 01D20E8D.12E5E6C0]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160914/ed31c13d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1294 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160914/ed31c13d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1069 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160914/ed31c13d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image822000.png
Type: image/png
Size: 1293 bytes
Desc: image822000.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160914/ed31c13d/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image590001.png
Type: image/png
Size: 1068 bytes
Desc: image590001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160914/ed31c13d/attachment-0003.png>
More information about the midPoint
mailing list