[midPoint] validityStatus changing validTo date
Radovan Semancik
radovan.semancik at evolveum.com
Wed Jan 25 20:45:23 CET 2017
Hi,
I've fixed that today in master. So in 3.6 no workaround will be needed.
--
Radovan Semancik
Software Architect
evolveum.com
On 01/24/2017 03:12 PM, Nicolas Rossi wrote:
> Hi Martin, thank you for the example. I have reported the issue on
> JIRA and I will wait a couple of days to get it resolved. In the
> meantime we moved the business logic to the resources mappings (we
> have 2 resources to populate midPoint) and it's working now.
>
> Regards,
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> www.identicum.com <http://www.identicum.com>
>
> On Tue, Jan 24, 2017 at 10:17 AM, Martin Lízner - AMI Praha a.s.
> <martin.lizner at ami.cz <mailto:martin.lizner at ami.cz>> wrote:
>
> This is our code to workaround the problem:
>
> <mapping>
> <name>Effective Status management</name>
> <strength>strong</strength>
> <source>
> <c:path>$focus/activation/administrativeStatus</c:path>
> </source>
> <source>
> <c:path>$focus/activation/validFrom</c:path>
> </source>
> <expression>
> <script>
> <code>
> import com.evolveum.midpoint.common.Clock;
> import javax.xml.datatype.DatatypeConstants;
> import javax.xml.datatype.XMLGregorianCalendar;
> import
> com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
> if (validFrom==null || administrativeStatus ==null ||
> administrativeStatus==ActivationStatusType.DISABLED){
> //log.info <http://log.info>("XXXX Effective Status code res.
> "+ActivationStatusType.DISABLED);
> return ActivationStatusType.DISABLED;
> }
> //log.info <http://log.info>("XXXX Effective Status code -
> validFrom: ["+validFrom+"] adminStatus: ["+administrativeStatus+"]");
> boolean isDisabled = ActivationStatusType.ENABLED
> != administrativeStatus;
> XMLGregorianCalendar now = (new
> Clock()).currentTimeXMLGregorianCalendar();
> boolean isFuture = DatatypeConstants.LESSER ==
> now.compare(validFrom)
> //log.info <http://log.info>("XXXX Effective
> Status code res. "+((isDisabled ||
> isFuture)?ActivationStatusType.DISABLED:ActivationStatusType.ENABLED));
>
> return (isDisabled ||
> isFuture)?ActivationStatusType.DISABLED:ActivationStatusType.ENABLED;
> </code>
> </script>
> </expression>
> <target>
> <c:path>$focus/activation/effectiveStatus</c:path>
> </target>
> <evaluationPhase>beforeAssignments</evaluationPhase>
> </mapping>
>
> Martin Lízner
> solution architect
>
> gsm: [+420] 737 745 571
> e-mail: martin.lizner at ami.cz <mailto:martin.lizner at ami.cz>
>
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
>
>
>
>
> AMI Praha a.s. <http://www.skyidentity.com/>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
> 2017-01-24 13:52 GMT+01:00 Nicolas Rossi <nrossi at identicum.com
> <mailto:nrossi at identicum.com>>:
>
> Ok, I opened it on JIRA:
> https://jira.evolveum.com/projects/MID/issues/MID-3695
> <https://jira.evolveum.com/projects/MID/issues/MID-3695>
>
> Regards,
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050 <tel:+54%2011%204552-3050>
> www.identicum.com <http://www.identicum.com>
>
> On Tue, Jan 24, 2017 at 6:23 AM, Radovan Semancik
> <radovan.semancik at evolveum.com
> <mailto:radovan.semancik at evolveum.com>> wrote:
>
> Hi,
>
> You are right. You should not change validityStatus or
> effectiveStatus. MidPoint should recompute that
> automatically. I haven't had chance to have a closer look
> at the issue. But it looks like a bug. Could you create a
> jira for that please? Please compile the information in
> the jira description or just point to the relevant mailing
> list messages. I will look at that issue as soon as I can
> find a bit of time.
>
> --
> Radovan Semancik
> Software Architect
> evolveum.com <http://evolveum.com>
>
>
>
> On 01/23/2017 10:31 PM, Nicolas Rossi wrote:
>> Maybe this could help to the midPoint developers: we
>> added some logs to the ActivationComputer class. We have
>> a disabled user and when we change the validTo value from
>> the User Template, the *getEffectiveStatus() returns
>> ENABLED*
>> but the user is still disabled.
>>
>> Current value:
>> <activation>
>> <effectiveStatus>disabled</effectiveStatus>
>> <validTo>2016-04-30T00:00:00.000-03:00</validTo>
>> <validityStatus>after</validityStatus>
>> <disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
>> <enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</validityChangeTimestamp>
>> </activation>
>>
>> After modification
>>
>> <activation>
>> <effectiveStatus>disabled</effectiveStatus>
>> <validTo>2017-02-01T00:00:00.000-03:00</validTo>
>> <validityStatus>after</validityStatus>
>> <disableTimestamp>2017-01-23T16:49:49.776-03:00</disableTimestamp>
>> <enableTimestamp>2017-01-23T16:49:09.338-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-23T16:49:49.776-03:00</validityChangeTimestamp>
>> </activation>
>>
>> It sounds like a bug. Should I open it on JIRA ?
>>
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050 <tel:+54%2011%204552-3050>
>> www.identicum.com <http://www.identicum.com>
>>
>> On Mon, Jan 23, 2017 at 4:46 PM, Rodrigo Yanis
>> <ryanis at identicum.com <mailto:ryanis at identicum.com>> wrote:
>>
>> Hello everyone,
>>
>> Extending the case exposed by Nicolás, we also added
>> a mapping on the User Template to target on the
>> administrativeStatus attribute the following way
>> (simplified):
>>
>> <mapping>
>> ...
>> <expression>
>> <script>
>> <language>http://midpoint.evolveum.com/xml/ns/public/express
>> <http://veum.com/xml/ns/public/express>ion/language#Groovy</language>
>> <code>
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
>>
>> ...
>> return ActivationStatusType.DISABLED;
>> </code>
>> </script>
>> </expression>
>> <target>
>> * <c:path>$user/activation/administrativeStatus</c:path>*
>> </target>
>> </mapping>
>>
>>
>> When the user is imported disabled from HR,
>> effectiveStatus remains enabled even though validTo
>> is expired and administrativeStatus is set to
>> disabled on UserTemplates' account.
>>
>> <activation>
>> * <administrativeStatus>disabled</administrativeStatus>
>> ** <effectiveStatus>enabled</effectiveStatus>*
>> <validFrom>2013-07-20T00:00:00.000-03:00</validFrom>
>> * <validTo>2015-07-20T00:00:00.000-03:00</validTo>
>> ** <validityStatus>in</validityStatus>*
>> <enableTimestamp>2017-01-23T16:17:36.013-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-23T16:17:36.013-03:00</validityChangeTimestamp>
>> </activation>
>>
>>
>> Thankful for any advise,
>>
>>
>> *Rodrigo Yanis.*
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4824-9971 <tel:+54%2011%204824-9971>
>> ryanis at identicum.com <mailto:ryanis at identicum.com>
>> www.identicum.com <http://www.identicum.com/>
>>
>> 2017-01-23 10:21 GMT-03:00 Nicolas Rossi
>> <nrossi at identicum.com <mailto:nrossi at identicum.com>>:
>>
>> Hi guys, we have reproduced this issue on a fresh
>> install of midPoint 3.5. These are the steps to
>> reproduce it:
>>
>> 1. Extended the schema with 2 attributes (a flag
>> and a date) → user.xsd
>> 2. Created a UserTemplate mapping the custom
>> date to the validTo if the flag is active. →
>> user_template.xml
>> 3. Assigned the UserTemplate as the default
>> template for users.
>> 4. Create a user
>> 5. Modify the user setting the flag and a date
>> before today
>>
>> Result:
>>
>> * The validTo date is mapped correctly
>> * The user is still enabled
>>
>> Regards,
>>
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050
>> www.identicum.com <http://www.identicum.com>
>>
>> On Sun, Jan 22, 2017 at 8:30 AM, Nicolas Rossi
>> <nrossi at identicum.com
>> <mailto:nrossi at identicum.com>> wrote:
>>
>> Hi guys, we have a User Template that defines
>> the validTo date evaluating 2 different
>> dates. When a user is active and the
>> calculated validTo date is before today the
>> user is not being disabled by midpoint as we
>> expected. I found a little difference between
>> this user and other one not handled by the
>> user template, on the activation node it has
>> validityStatus=in instead of
>> validityStatus=after:
>>
>> User disabled OK (changed from GUI, not from
>> the UserTemplate):
>>
>> <activation>
>> *<effectiveStatus>disabled</effectiveStatus>*
>> *<validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>> *<validityStatus>after</validityStatus>*
>> <disableTimestamp>2017-01-22T08:24:48.970-03:00</disableTimestamp>
>> <enableTimestamp>2017-01-22T08:24:31.529-03:00</enableTimestamp>
>> <validityChangeTimestamp>2017-01-22T08:24:48.970-03:00</validityChangeTimestamp>
>> </activation>
>>
>> User not being disabled (changed from
>> UserTemplate):
>>
>> <activation>
>> *<effectiveStatus>enabled</effectiveStatus>*
>> *<validTo>2017-01-15T00:00:00.000-03:00</validTo>*
>> *<validityStatus>in</validityStatus>*
>>
>> <disableTimestamp>2017-01-22T08:13:40.530-03:00</disableTimestamp>
>>
>> <enableTimestamp>2017-01-22T08:13:58.962-03:00</enableTimestamp>
>>
>> <validityChangeTimestamp>2017-01-22T08:13:58.962-03:00</validityChangeTimestamp>
>> </activation>
>>
>> Should I set the validityStatus on the
>> UserTemplate?
>>
>> Regards,
>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050
>> <tel:+54%2011%204552-3050>
>> www.identicum.com <http://www.identicum.com>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
> _______________________________________________ midPoint
> mailing list midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________ midPoint
> mailing list midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________ midPoint mailing
> list midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170125/a54a19f7/attachment.htm>
More information about the midPoint
mailing list