[midPoint] User reconcile after applying user template

Tue Jan 24 16:09:31 CET 2017

I wish I could help, but I just realized I have simillar problem for which
I have no immediate solution. I have some default roles induced by user's
organization membership. But when new user is created and automatically
assigned to org. (via assignmentTargetSearch and usertemplate),
provisioning is not completed fully (e.g. AD groups not assigned in the
resource.). Only after I do second reconcile, all is ok.

I guess its time to buy midPoint's subscription. But that doesnt go so fast
for us.

M.

Martin Lízner
solution architect

gsm: [+420] 737 745 571
e-mail: martin.lizner at ami.cz

AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz

[image: AMI Praha a.s.] <http://www.skyidentity.com/>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

2017-01-24 15:19 GMT+01:00 Nicolas Rossi <nrossi at identicum.com>:

> Hi Martin, we have 2 phases on the UserTemplate:
>
>    1. employeeType calculation
>    2. Role assignment based on employeeType
>
> We added the <evaluationPhase>beforeAssignments</evaluationPhase> to the
> employeeType mapping but nothing changed: the user receives the Role but
> the indirect roles are not assigned until reconcile it.
>
> Do you know were can I find more information about the evaluation phases
> on the User Template ? Have you seen the issue at JIRA
> <https://jira.evolveum.com/browse/MID-2149> commented by Jason ?
>
> Regards,
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
> www.identicum.com
>
> On Mon, Jan 23, 2017 at 1:26 PM, Martin Lízner - AMI Praha a.s. <
> martin.lizner at ami.cz> wrote:
>
>> Try to adjust:
>>
>> <evaluationPhase>beforeAssignments</evaluationPhase>
>>
>> Martin Lízner
>> solution architect
>>
>> gsm: [+420] 737 745 571 <+420%20737%20745%20571>
>> e-mail: martin.lizner at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>> web: www.ami.cz
>>
>>
>>
>> [image: AMI Praha a.s.] <http://www.skyidentity.com/>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>> 2017-01-23 17:06 GMT+01:00 Nicolas Rossi <nrossi at identicum.com>:
>>
>>> Hi guys, we have a User Template with few mappings that assigns Roles to
>>> Users based on their attributes. It's a simple model copied from here
>>> <https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-user.xml>
>>> .
>>>
>>> The User Template is applied and the user receives the assignments but
>>> it is not propagated to the resources until  I run a reconcile process on
>>> it.
>>>
>>> Is there any way to configure the User Template to force a reconcile
>>> after running all mappings ? Or that's the expected behavior ?
>>>
>>> Regards,
>>>
>>>
>>> Ing Nicolás Rossi
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Tel: +54 (11) 4552-3050 <+54%2011%204552-3050>
>>> www.identicum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170124/cd10422b/attachment.htm>