[midPoint] User reconcile after applying user template
Jason Everling
jeverling at bshp.edu
Mon Jan 23 22:44:49 CET 2017
Yes, that is what the wording says BUT... in our case, we would assign the
role automatically from template and the user would never be created on the
resource until a recon was run. After changing to 'Positive' it pushes to
the resource once the role is assigned.
JASON
On Mon, Jan 23, 2017 at 3:38 PM, Nicolas Rossi <nrossi at identicum.com> wrote:
> Hi Jason, it seems that the difference between the 'relative' and
> 'positive' applies only when deleting accounts. On our example we are
> assigning new roles to users not removing. On the user's xml we can see the
> assignments but it doesn't have the roleMemebershipRef until we run a
> reconcile on the user.
>
> Is that the expected behaviour ?
>
> Regards,
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
> www.identicum.com
>
> On Mon, Jan 23, 2017 at 2:09 PM, Jason Everling <jeverling at bshp.edu>
> wrote:
>
>> You can also check the 'Assignment Policy Enforcement' , The default is
>> 'relative' and that was our issue, changing it to 'Positive' fixed it,
>>
>> https://wiki.evolveum.com/display/midPoint/Projection+Policy
>>
>> JASON
>>
>> On Mon, Jan 23, 2017 at 10:26 AM, Martin Lízner - AMI Praha a.s. <
>> martin.lizner at ami.cz> wrote:
>>
>>> Try to adjust:
>>>
>>> <evaluationPhase>beforeAssignments</evaluationPhase>
>>>
>>> Martin Lízner
>>> solution architect
>>>
>>> gsm: [+420] 737 745 571 <+420%20737%20745%20571>
>>> e-mail: martin.lizner at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>> web: www.ami.cz
>>>
>>>
>>>
>>> [image: AMI Praha a.s.] <http://www.skyidentity.com/>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>> 2017-01-23 17:06 GMT+01:00 Nicolas Rossi <nrossi at identicum.com>:
>>>
>>>> Hi guys, we have a User Template with few mappings that assigns Roles
>>>> to Users based on their attributes. It's a simple model copied from
>>>> here
>>>> <https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-user.xml>
>>>> .
>>>>
>>>> The User Template is applied and the user receives the assignments but
>>>> it is not propagated to the resources until I run a reconcile process on
>>>> it.
>>>>
>>>> Is there any way to configure the User Template to force a reconcile
>>>> after running all mappings ? Or that's the expected behavior ?
>>>>
>>>> Regards,
>>>>
>>>>
>>>> Ing Nicolás Rossi
>>>> Identicum S.A.
>>>> Jorge Newbery 3226
>>>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>>>> www.identicum.com
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170123/17d31710/attachment.htm>
More information about the midPoint
mailing list