[midPoint] User reconcile after applying user template
Nicolas Rossi
nrossi at identicum.com
Mon Jan 23 22:38:25 CET 2017
Hi Jason, it seems that the difference between the 'relative' and
'positive' applies only when deleting accounts. On our example we are
assigning new roles to users not removing. On the user's xml we can see the
assignments but it doesn't have the roleMemebershipRef until we run a
reconcile on the user.
Is that the expected behaviour ?
Regards,
Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com
On Mon, Jan 23, 2017 at 2:09 PM, Jason Everling <jeverling at bshp.edu> wrote:
> You can also check the 'Assignment Policy Enforcement' , The default is
> 'relative' and that was our issue, changing it to 'Positive' fixed it,
>
> https://wiki.evolveum.com/display/midPoint/Projection+Policy
>
> JASON
>
> On Mon, Jan 23, 2017 at 10:26 AM, Martin Lízner - AMI Praha a.s. <
> martin.lizner at ami.cz> wrote:
>
>> Try to adjust:
>>
>> <evaluationPhase>beforeAssignments</evaluationPhase>
>>
>> Martin Lízner
>> solution architect
>>
>> gsm: [+420] 737 745 571 <+420%20737%20745%20571>
>> e-mail: martin.lizner at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>> web: www.ami.cz
>>
>>
>>
>> [image: AMI Praha a.s.] <http://www.skyidentity.com/>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>> 2017-01-23 17:06 GMT+01:00 Nicolas Rossi <nrossi at identicum.com>:
>>
>>> Hi guys, we have a User Template with few mappings that assigns Roles to
>>> Users based on their attributes. It's a simple model copied from here
>>> <https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-user.xml>
>>> .
>>>
>>> The User Template is applied and the user receives the assignments but
>>> it is not propagated to the resources until I run a reconcile process on
>>> it.
>>>
>>> Is there any way to configure the User Template to force a reconcile
>>> after running all mappings ? Or that's the expected behavior ?
>>>
>>> Regards,
>>>
>>>
>>> Ing Nicolás Rossi
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>>> www.identicum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170123/c98bc884/attachment.htm>
More information about the midPoint
mailing list