[midPoint] User reconcile after applying user template

Jason Everling jeverling at bshp.edu
Mon Jan 23 22:51:19 CET 2017


http://lists.evolveum.com/pipermail/midpoint/2015-February/000883.html

JASON

On Mon, Jan 23, 2017 at 3:44 PM, Jason Everling <jeverling at bshp.edu> wrote:

> Yes, that is what the wording says BUT... in our case, we would assign the
> role automatically from template and the user would never be created on the
> resource until a recon was run. After changing to 'Positive' it pushes to
> the resource once the role is assigned.
>
> JASON
>
> On Mon, Jan 23, 2017 at 3:38 PM, Nicolas Rossi <nrossi at identicum.com>
> wrote:
>
>> Hi Jason, it seems that the difference between the 'relative' and
>> 'positive' applies only when deleting accounts. On our example we are
>> assigning new roles to users not removing. On the user's xml we can see the
>> assignments but it doesn't have the roleMemebershipRef until we run a
>> reconcile on the user.
>>
>> Is that the expected behaviour ?
>>
>> Regards,
>>
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>> www.identicum.com
>>
>> On Mon, Jan 23, 2017 at 2:09 PM, Jason Everling <jeverling at bshp.edu>
>> wrote:
>>
>>> You can also check the 'Assignment Policy Enforcement' , The default is
>>> 'relative' and that was our issue, changing it to 'Positive' fixed it,
>>>
>>> https://wiki.evolveum.com/display/midPoint/Projection+Policy
>>>
>>> JASON
>>>
>>> On Mon, Jan 23, 2017 at 10:26 AM, Martin Lízner - AMI Praha a.s. <
>>> martin.lizner at ami.cz> wrote:
>>>
>>>> Try to adjust:
>>>>
>>>> <evaluationPhase>beforeAssignments</evaluationPhase>
>>>>
>>>> Martin Lízner
>>>> solution architect
>>>>
>>>> gsm: [+420] 737 745 571 <+420%20737%20745%20571>
>>>> e-mail: martin.lizner at ami.cz
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Pláničkova 11
>>>> 162 00 Praha 6
>>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>>> web: www.ami.cz
>>>>
>>>>
>>>>
>>>> [image: AMI Praha a.s.] <http://www.skyidentity.com/>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>> společnost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>> výhradně písemnou formu.
>>>>
>>>>
>>>> 2017-01-23 17:06 GMT+01:00 Nicolas Rossi <nrossi at identicum.com>:
>>>>
>>>>> Hi guys, we have a User Template with few mappings that assigns Roles
>>>>> to Users based on their attributes. It's a simple model copied from
>>>>> here
>>>>> <https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-user.xml>
>>>>> .
>>>>>
>>>>> The User Template is applied and the user receives the assignments but
>>>>> it is not propagated to the resources until  I run a reconcile process on
>>>>> it.
>>>>>
>>>>> Is there any way to configure the User Template to force a reconcile
>>>>> after running all mappings ? Or that's the expected behavior ?
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>> Ing Nicolás Rossi
>>>>> Identicum S.A.
>>>>> Jorge Newbery 3226
>>>>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>>>>> www.identicum.com
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170123/f08603d5/attachment.htm>


More information about the midPoint mailing list