[midPoint] How to make Entitlement association strong / enforced ?

Ivan Noris ivan.noris at evolveum.com
Thu Jan 25 09:29:33 CET 2018


Hi,

can you share the role (in your case probably the metarole)? I think you
might be missing strong in the outbound mapping for association for
order=2 mapping.

Ivan


On 24.01.2018 23:08, Alcides Carlos de Moraes Neto wrote:
> Hello list,
>
> I have a OrgType -> AD Group projection, with construction and
> entitlement association all done in a single Meta Role. This works,
> the groups are created and the Org Members are added to the group.
>
> However, if the AD user account already is a member of any other
> group, its not added to the Org AD Group. And if I remove a user
> account from the AD group from within Windows Server, Midpoint does
> not create the association again. It's behaving like a weak mapping.
> How do I make Midpoint enforce the group membership? The association
> definition has tolerant attribute set to FALSE . I've tried setting
> assignmentPolicyEnforcement to FULL for the resource, it does not work
> either.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180125/3cbbc9ae/attachment.htm>


More information about the midPoint mailing list