[midPoint] Enforce full on entitlement / groups membership

Alcides Carlos de Moraes Neto alcides.neto at gmail.com
Fri Dec 22 17:08:42 CET 2017 

Thank you, Wojciech.

The tolerant flag was enough.

2017-12-20 17:06 GMT-02:00 Wojciech Staszewski <
wojciech.staszewski at diagnostyka.pl>:

> Just one more:
>
> Do you have
>
> <tolerant>false</tolerant>
>
> in association definition?
>
> The assignment policy enforcement if I understand correctly removes
> unassigned accounts from resource.
>
>
> W dniu 20.12.2017 o 19:45, Wojciech Staszewski pisze:
>
> Hello!
>
> If I understand this example: https://wiki.evolveum.com/
> display/midPoint/Projection+Policy
> the enforcement policy should be outside "schemaHandling" as a separate
> section:
>
> <projection>
>    <assignmentPolicyEnforcement>full</assignmentPolicyEnforcement>
> </projection>
> I have it configured this way and it works - it removes not assigned
> entitlements.
>
> Good luck!
> WS
>
> W dniu 20.12.2017 o 18:52, Alcides Carlos de Moraes Neto pisze:
>
> Hello list,
>
> I have a working Org. Unit -> AD group mapping, with an
> AssociationFromLink inducement for members.
>
> However, I would like Midpoint to also remove members of the AD group that
> are added manually, that don't match members of the Org. Unit.
> I tried using
>          <assignmentPolicyEnforcement>full</assignmentPolicyEnforcement>
> inside the Schema Handling for the entitlement, but it didn't work.
>
> Any leads?
> Thanks in advance.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Wojciech Staszewski
> Administrator Systemów Sieciowych
> tel. kom: 663 680 236www.diagnostyka.pl
> Diagnostyka Sp. z o. o.
> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
> NIP: 675-12-65-009; REGON: 356366975
> Kapitał zakładowy: 33 756 500 zł.
>
> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171222/e80d583a/attachment.htm>

More information about the midPoint mailing list