[midPoint] Resolved - Re: how to ignore metarole when tolerant false for group sync?
Jason Everling
jeverling at bshp.edu
Sat Mar 2 03:01:59 CET 2019
I found you can use a condition on the inbound sync of the association, all
is well now with tolerant = false
On Fri, Mar 1, 2019 at 9:50 AM Jason Everling <jeverling at bshp.edu> wrote:
> I am finally getting around to midpoint enforcing ad groups and group
> membership for users and roles but I have a a bug I guess I am trying to
> work around.
>
> When modifying a group with tolerant false, it tries to remove the
> metarole assignment because it is not a valid group in ad and of course the
> assignment is 'strong' so it errors and stops. If I remove the strong from
> the metarole assignment the metarole itself gets removed :(
>
>
> JASON
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190301/07bd50a4/attachment.htm>
More information about the midPoint
mailing list