[midPoint] validityStatus changing validTo date

Nicolas Rossi nrossi at identicum.com
Tue Jan 24 13:52:13 CET 2017 

Ok, I opened it on JIRA:
https://jira.evolveum.com/projects/MID/issues/MID-3695

Regards,



Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com

On Tue, Jan 24, 2017 at 6:23 AM, Radovan Semancik <
radovan.semancik at evolveum.com> wrote:

> Hi,
>
> You are right. You should not change validityStatus or effectiveStatus.
> MidPoint should recompute that automatically. I haven't had chance to have
> a closer look at the issue. But it looks like a bug. Could you create a
> jira for that please? Please compile the information in the jira
> description or just point to the relevant mailing list messages. I will
> look at that issue as soon as I can find a bit of time.
>
> --
> Radovan Semancik
> Software Architectevolveum.com
>
>
>
> On 01/23/2017 10:31 PM, Nicolas Rossi wrote:
>
> Maybe this could help to the midPoint developers: we added some logs to
> the ActivationComputer class. We have a disabled user and when we change
> the validTo value from the User Template, the *getEffectiveStatus()
> returns ENABLED*
> ​ but the user is still disabled.
>
> Current value:
>    <activation>
>       <effectiveStatus>disabled</effectiveStatus>
>       <validTo>2016-04-30T00:00:00.000-03:00</validTo>
>       <validityStatus>after</validityStatus>
>       <disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
>       <enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
>       <validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</vali
> dityChangeTimestamp>
>    </activation>
>
> After modification​
>
>    <activation>
>       <effectiveStatus>disabled</effectiveStatus>
>       <validTo>2017-02-01T00:00:00.000-03:00</validTo>
>       <validityStatus>after</validityStatus>
>       <disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
>       <enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
>       <validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</vali
> dityChangeTimestamp>
>    </activation>
>
> ​It sounds like a bug. Should I open it on JIRA ?
>>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> <http://www.identicum.com>www.identicum.com
>
> On Mon, Jan 23, 2017 at 4:46 PM, Rodrigo Yanis < <ryanis at identicum.com>
> ryanis at identicum.com> wrote:
>
>> Hello everyone,
>>
>> Extending the case exposed by Nicolás, we also added a mapping on the
>> User Template to target on the administrativeStatus attribute the following
>> way (simplified):
>>
>> <mapping>
>>>         ...
>>>         <expression>
>>>            <script>
>>>               <language>
>>> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy>
>>> http://midpoint.evolveum.com/xml/ns/public/express
>>> ion/language#Groovy</language>
>>>               <code>
>>>               import com.evolveum.midpoint.xml.ns._
>>> public.common.common_3.ActivationStatusType;
>>>
>>>           ...
>>>           return ActivationStatusType.DISABLED;
>>>  </code>
>>>            </script>
>>>         </expression>
>>>         <target>
>>>           * <c:path>$user/activation/administrativeStatus</c:path>*
>>>         </target>
>>>      </mapping>
>>
>>
>> When the user is imported disabled from HR, effectiveStatus remains
>> enabled even though validTo is expired and administrativeStatus is set to
>> disabled on UserTemplates' account.
>>
>> <activation>
>>>
>>> *     <administrativeStatus>disabled</administrativeStatus> **
>>>  <effectiveStatus>enabled</effectiveStatus>*
>>>      <validFrom>2013-07-20T00:00:00.000-03:00</validFrom>
>>>
>>> *   <validTo>2015-07-20T00:00:00.000-03:00</validTo> **
>>>  <validityStatus>in</validityStatus>*
>>>      <enableTimestamp>2017-01-23T16:17:36.013-03:00</enableTimestamp>
>>>      <validityChangeTimestamp>2017-01-23T16:17:36.013-03:00</val
>>> idityChangeTimestamp>
>>>   </activation>
>>
>>
>> Thankful for any advise,
>>
>>
>> *Rodrigo Yanis.*
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4824-9971
>> ryanis at identicum.com
>> www.identicum.com
>>
>> 2017-01-23 10:21 GMT-03:00 Nicolas Rossi < <nrossi at identicum.com>
>> nrossi at identicum.com>:
>>
>>> Hi guys, we have reproduced this issue on a fresh install of midPoint
>>> 3.5. These are the steps to reproduce it:
>>>
>>>    1. Extended the schema with 2 attributes (a flag and a date) →
>>>    user.xsd
>>>    2. Created a UserTemplate mapping the custom date to the validTo if
>>>    the flag is active. → user_template.xml
>>>    3. Assigned the UserTemplate as the default template for users.
>>>    4. Create a user
>>>    5. Modify the user setting the flag and a date before today
>>>
>>> Result:
>>>
>>>    - The validTo date is mapped correctly
>>>    - The user is still enabled
>>>
>>> Regards,
>>>
>>>
>>>
>>> Ing Nicolás Rossi
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Tel: +54 (11) 4552-3050
>>> <http://www.identicum.com>www.identicum.com
>>>
>>> On Sun, Jan 22, 2017 at 8:30 AM, Nicolas Rossi < <nrossi at identicum.com>
>>> nrossi at identicum.com> wrote:
>>>
>>>> Hi guys, we have a User Template that defines the validTo date
>>>> evaluating 2 different dates. When a user is active and the calculated
>>>> validTo date is before today the user is not being disabled by midpoint as
>>>> we expected. I found a little difference between this user and other one
>>>> not handled by the user template, on the activation node it has
>>>> validityStatus=in instead of validityStatus=after:
>>>>
>>>> User disabled OK (changed from GUI, not from the UserTemplate):
>>>>
>>>> <activation>
>>>>       *<effectiveStatus>disabled</effectiveStatus>*
>>>>       *<validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>>>>       *<validityStatus>after</validityStatus>*
>>>>       <disableTimestamp>2017-01-22T08:24:48.970-03:00</disableTime
>>>> stamp>
>>>>       <enableTimestamp>2017-01-22T08:24:31.529-03:00</enableTimestamp>
>>>>       <validityChangeTimestamp>2017-01-22T08:24:48.970-03:00</vali
>>>> dityChangeTimestamp>
>>>>    </activation>
>>>>
>>>> User not being disabled (changed from UserTemplate):
>>>>
>>>> <activation>
>>>>      * <effectiveStatus>enabled</effectiveStatus>*
>>>> *      <validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>>>> *      <validityStatus>in</validityStatus>*
>>>>       <disableTimestamp>2017-01-22T08:13:40.530-03:00</disableTime
>>>> stamp>
>>>>       <enableTimestamp>2017-01-22T08:13:58.962-03:00</enableTimestamp>
>>>>       <validityChangeTimestamp>2017-01-22T08:13:58.962-03:00</vali
>>>> dityChangeTimestamp>
>>>>  </activation>
>>>>
>>>> ​Should I set the validityStatus on the UserTemplate?
>>>>
>>>> Regards,
>>>>
>>>>
>>>> Ing Nicolás Rossi
>>>> Identicum S.A.
>>>> Jorge Newbery 3226
>>>> Tel: +54 (11) 4552-3050
>>>> www.identicum.com
>>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170124/448a3e0f/attachment.htm>

More information about the midPoint mailing list