[midPoint] Removing inducement does not remove roleMembershipRef?
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Thu Sep 13 23:58:44 CEST 2018
Thank you Pavol.
After more tests, recomputing did remove the roleMembershipRef.
However, both roles have a metarole that creates an AD group projection,
and assign members using associationFromLink, very simple stuff.
Removing the inducement and recomputing the users did remove the
roleMembershipRef but did not remove the AD association.
Unassigning role1 with the inducement intact worked correctly and removed
role2 AD group association from user AD projection.
Removing the inducement did not remove user from role2 AD group
association, and unassigning from role1 only removes role1 AD group.
Em qui, 13 de set de 2018 às 16:22, Pavol Mederly <mederly at evolveum.com>
escreveu:
> Hello,
>
> normally I would say this is a bug. Recomputation of users should
> definitely remove role2 from users' roleMembershipRef items.
>
> However, this particular functionality is quite well covered by tests. So
> it might be some misconfiguration on your side.
>
> You can try to troubleshoot
> <https://wiki.evolveum.com/display/midPoint/Usual+Troubleshooting+Steps>
> the situation yourself or post more details here. Maybe someone from the
> community would be able to help you.
>
> Best regards,
>
> Pavol Mederly
> Software developerevolveum.com
>
> On 13.09.2018 20:08, Alcides Carlos de Moraes Neto wrote:
>
> Hello list,
>
> We had a role1 that induced role2.
> Removing the inducement did not remove membership of role2 from users of
> role1.
> Recomputing either role1, role2 or the users didn't make a difference.
> Opening role2 with the GUI, the indirect members are shown if you check
> the 'indirect members' option.
> Opening the users with the GUI will not show the assignment, even in the
> Show All Assignments dialog.
> In the XML of the users we can see the roleMembershipRef pointing to
> role2.
> Unassigning role1 from the users, after removing the inducement, did not
> remove role2 roleMembershipRef.
>
> Is this by design, or a bug?
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180913/06a0b76f/attachment.htm>
More information about the midPoint
mailing list