[midPoint] Enforce full on entitlement / groups membership
Wojciech Staszewski
wojciech.staszewski at diagnostyka.pl
Wed Dec 20 20:06:17 CET 2017
Just one more:
Do you have
<tolerant>false</tolerant>
in association definition?
The assignment policy enforcement if I understand correctly removes
unassigned accounts from resource.
W dniu 20.12.2017 o 19:45, Wojciech Staszewski pisze:
>
> Hello!
>
> If I understand this example:
> https://wiki.evolveum.com/display/midPoint/Projection+Policy
> the enforcement policy should be outside "schemaHandling" as a
> separate section:
>
> <projection>
> <assignmentPolicyEnforcement>full</assignmentPolicyEnforcement>
> </projection>
>
> I have it configured this way and it works - it removes not assigned
> entitlements.
>
> Good luck!
> WS
>
> W dniu 20.12.2017 o 18:52, Alcides Carlos de Moraes Neto pisze:
>> Hello list,
>>
>> I have a working Org. Unit -> AD group mapping, with an
>> AssociationFromLink inducement for members.
>>
>> However, I would like Midpoint to also remove members of the AD group
>> that are added manually, that don't match members of the Org. Unit.
>> I tried using
>> <assignmentPolicyEnforcement>full</assignmentPolicyEnforcement>
>> inside the Schema Handling for the entitlement, but it didn't work.
>>
>> Any leads?
>> Thanks in advance.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.
Pomyśl o środowisku zanim wydrukujesz ten e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171220/e52fb2e3/attachment.htm>
More information about the midPoint
mailing list