[midPoint] Disable instead of delete

Richard Frovarp richard.frovarp at ndsu.edu
Tue Aug 25 01:12:18 CEST 2020


I'm trying to figure out how to do disable instead of delete on a
single resource. I've read the wiki, and mostly, kinda, sort of
understand it. In fact, I have it working as I think it is intended to
work. Which isn't how I need it to work and I'm getting stuck on terms
I think.

I have a test resource that is an inducement on an org that is
populated by Grouper. The resource is a CSV file with a simulated
disable capability. I add someone to the Grouper group, the async
handler adds them to the org, and they are added to the CSV. Life is
good. I remove them from the Grouper group, they are removed from the
org, and the user has a disabled administrative status on their shadow
on the resource. The user has an undefined administrative status, and
the other resources which don't have the disabled capability are
however they are.

However, the next morning an unrelated reconciliation on a different
resource runs and that turns the administrative status for the CSV
resource back to enabled. That's not what I want. I want the resource
to remain in the disabled state. I think this is because it is setting
the user back to enabled, and the example makes it so that the resource
follows the user. That's not what I want in my instance. I may be
disabling a resource because the person is no longer an employee and is
only a student. Thus their employee resources are disabled for a period
of time before we delete them.

What am I missing? The other key here is that if they are added back to
the Grouper resource, they should be set back to enabled.

Thanks,
Richard


More information about the midPoint mailing list