[midPoint] Prevent AD user deletion when the user is deleted on Midpoint

[Martin Besozzi]

Hi, All.
We want to prevent sending a delete operation to the AD Resource when the
user is deleted on Midpoint. We added the following code to the AD Resource
activation node:

*<activation>*
*      <existence>*
*        <outbound>*
*            <expression>*
*                <value>true</value>*
*            </expression>*
*        </outbound>*
*    </existence>*
*</activation*>

With this code we prevented the user deletion on the Resource when the user
was manualy deleted on Midpoint, but the GUI showed us the following error:

*Schema violation during processing shadow: shadow:
CN=usertest,OU=xxx,DC=xxx,DC=local
(OID:2d534333-cd76-4642-b967-350834cc6ac7): Schema violation: Value of
attribute '__NAME__' must be a single value, but it has 0 values*

Is there another way to do this?

We also found in the documentation the following code in order to prevent a
user deletion.

*<activation>*
*      <existence>*
*        <outbound>*
*            <strength>weak</strength>*
*            <expression>*
*                <path>$focusExists</path>*
*            </expression>*
*        </outbound>*
*    </existence>*
*</activation>*

In this case, the user is not deleted on the Resource if it loses the
resource account. But if we delete the user on Midpoint it doesn't prevent
the user deletion on the Resource.

Any help is appreciated. Thanks in advance

Regards.

Ing Martin Besozzi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170126/81341545/attachment.htm>