[midPoint] validityStatus changing validTo date
Nicolas Rossi
nrossi at identicum.com
Mon Jan 23 22:31:23 CET 2017
Maybe this could help to the midPoint developers: we added some logs to the
ActivationComputer class. We have a disabled user and when we change the
validTo value from the User Template, the *getEffectiveStatus() returns
ENABLED*
but the user is still disabled.
Current value:
<activation>
<effectiveStatus>disabled</effectiveStatus>
<validTo>2016-04-30T00:00:00.000-03:00</validTo>
<validityStatus>after</validityStatus>
<disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
<enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
<validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</
validityChangeTimestamp>
</activation>
After modification
<activation>
<effectiveStatus>disabled</effectiveStatus>
<validTo>2017-02-01T00:00:00.000-03:00</validTo>
<validityStatus>after</validityStatus>
<disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
<enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
<validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</
validityChangeTimestamp>
</activation>
It sounds like a bug. Should I open it on JIRA ?
Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com
On Mon, Jan 23, 2017 at 4:46 PM, Rodrigo Yanis <ryanis at identicum.com> wrote:
> Hello everyone,
>
> Extending the case exposed by Nicolás, we also added a mapping on the User
> Template to target on the administrativeStatus attribute the following way
> (simplified):
>
> <mapping>
>> ...
>> <expression>
>> <script>
>> <language>http://midpoint.evol
>> veum.com/xml/ns/public/expression/language#Groovy</language>
>> <code>
>> import com.evolveum.midpoint.xml.ns._
>> public.common.common_3.ActivationStatusType;
>>
>> ...
>> return ActivationStatusType.DISABLED;
>> </code>
>> </script>
>> </expression>
>> <target>
>> * <c:path>$user/activation/administrativeStatus</c:path>*
>> </target>
>> </mapping>
>
>
> When the user is imported disabled from HR, effectiveStatus remains
> enabled even though validTo is expired and administrativeStatus is set to
> disabled on UserTemplates' account.
>
> <activation>
>>
>> * <administrativeStatus>disabled</administrativeStatus>**
>> <effectiveStatus>enabled</effectiveStatus>*
>> <validFrom>2013-07-20T00:00:00.000-03:00</validFrom>
>>
>> * <validTo>2015-07-20T00:00:00.000-03:00</validTo>**
>> <validityStatus>in</validityStatus>*
>> <enableTimestamp>2017-01-23T16:17:36.013-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-23T16:17:36.013-03:00</
>> validityChangeTimestamp>
>> </activation>
>
>
> Thankful for any advise,
>
>
> *Rodrigo Yanis.*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4824-9971
> ryanis at identicum.com
> www.identicum.com
>
> 2017-01-23 10:21 GMT-03:00 Nicolas Rossi <nrossi at identicum.com>:
>
>> Hi guys, we have reproduced this issue on a fresh install of midPoint
>> 3.5. These are the steps to reproduce it:
>>
>> 1. Extended the schema with 2 attributes (a flag and a date) →
>> user.xsd
>> 2. Created a UserTemplate mapping the custom date to the validTo if
>> the flag is active. → user_template.xml
>> 3. Assigned the UserTemplate as the default template for users.
>> 4. Create a user
>> 5. Modify the user setting the flag and a date before today
>>
>> Result:
>>
>> - The validTo date is mapped correctly
>> - The user is still enabled
>>
>> Regards,
>>
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050
>> www.identicum.com
>>
>> On Sun, Jan 22, 2017 at 8:30 AM, Nicolas Rossi <nrossi at identicum.com>
>> wrote:
>>
>>> Hi guys, we have a User Template that defines the validTo date
>>> evaluating 2 different dates. When a user is active and the calculated
>>> validTo date is before today the user is not being disabled by midpoint as
>>> we expected. I found a little difference between this user and other one
>>> not handled by the user template, on the activation node it has
>>> validityStatus=in instead of validityStatus=after:
>>>
>>> User disabled OK (changed from GUI, not from the UserTemplate):
>>>
>>> <activation>
>>> *<effectiveStatus>disabled</effectiveStatus>*
>>> *<validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>>> *<validityStatus>after</validityStatus>*
>>> <disableTimestamp>2017-01-22T08:24:48.970-03:00</disableTimestamp>
>>> <enableTimestamp>2017-01-22T08:24:31.529-03:00</enableTimestamp>
>>> <validityChangeTimestamp>2017-01-22T08:24:48.970-03:00</vali
>>> dityChangeTimestamp>
>>> </activation>
>>>
>>> User not being disabled (changed from UserTemplate):
>>>
>>> <activation>
>>> * <effectiveStatus>enabled</effectiveStatus>*
>>> * <validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>>> * <validityStatus>in</validityStatus>*
>>> <disableTimestamp>2017-01-22T08:13:40.530-03:00</disableTimestamp>
>>> <enableTimestamp>2017-01-22T08:13:58.962-03:00</enableTimestamp>
>>> <validityChangeTimestamp>2017-01-22T08:13:58.962-03:00</vali
>>> dityChangeTimestamp>
>>> </activation>
>>>
>>> Should I set the validityStatus on the UserTemplate?
>>>
>>> Regards,
>>>
>>>
>>> Ing Nicolás Rossi
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Tel: +54 (11) 4552-3050
>>> www.identicum.com
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170123/2b628e3a/attachment.htm>
More information about the midPoint
mailing list