[midPoint] Deprovisioning in case of a disabled role
Michalis Siochos
msiochos at gmail.com
Tue Nov 28 12:55:15 CET 2017
Hi All,
I'm getting unexpected behaviour in the following scenario (midpoint
3.6.2-SNAPSHOT 18/10)
I have a simple role that induces LDAP
1) The role is created with lifeCycleState = Proposed / AdminStatus =
Disabled
2) The role is assigned to a user, no provisioning takes places (OK!)
3) The role is enabled (lifeCycleState = Active, AdminStatus = Enabled)
4) The user is recomputed and then an account is created (OK!)
5) The role is disabled (lifeCycle = Deprecated or other states,
AdminStatus = Disabled) user is recomputed -> Nothing happens (NOT OK).
6) The role is unassigned (in disabled state) -> Nothing happens (NOT OK)
7) The only way I can have the account deprovisioned is by enabling the
role before un-assigning it
How can I achieve deprovisioning in case a role is disabled?
Do I miss anything?
Thanks,
Michalis
More information about the midPoint
mailing list