[midPoint] Disable instead of delete

Richard Frovarp richard.frovarp at ndsu.edu
Tue Aug 25 17:29:10 CEST 2020


I'm copying the 
https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
without the extra "Even more" complex logic:

<activation>
  <existence>
    <outbound>
      <strength>weak</strength>
      <expression>
        <path>$focusExists</path>
      </expression>
    </outbound>
  </existence>
  <administrativeStatus>
    <outbound>
      <strength>strong</strength>
      <expression>
        <script>
          <code>
            import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusTy
pe;
            if (legal) {
              input;
            } else {
              ActivationStatusType.DISABLED;
            }
          </code>
        </script>
      </expression>
    </outbound>               
  </administrativeStatus>
</activation>

The disabled bit works. My confusion comes from the other resource
reconciling causing this one to go to enabled. Still trying to wrap my
head around legal. Guessing under that condition input become enabled.

On Tue, 2020-08-25 at 17:18 +0200, Pavol Mederly wrote:
> Hello Richard,
> 
> I have no particular experience with this disable-instead-of-delete 
> configuration but I think it should be doable.
> 
> Could you, please, share relevant parts of your configuration? I
> mean 
> mainly the activation mappings for your resources.
> 
> Best regards,
> 
> Pavol Mederly
> Software developer
> evolveum.com
> 
> On 25/08/2020 01:12, Richard Frovarp wrote:
> > I'm trying to figure out how to do disable instead of delete on a
> > single resource. I've read the wiki, and mostly, kinda, sort of
> > understand it. In fact, I have it working as I think it is intended
> > to
> > work. Which isn't how I need it to work and I'm getting stuck on
> > terms
> > I think.
> > 
> > I have a test resource that is an inducement on an org that is
> > populated by Grouper. The resource is a CSV file with a simulated
> > disable capability. I add someone to the Grouper group, the async
> > handler adds them to the org, and they are added to the CSV. Life
> > is
> > good. I remove them from the Grouper group, they are removed from
> > the
> > org, and the user has a disabled administrative status on their
> > shadow
> > on the resource. The user has an undefined administrative status,
> > and
> > the other resources which don't have the disabled capability are
> > however they are.
> > 
> > However, the next morning an unrelated reconciliation on a
> > different
> > resource runs and that turns the administrative status for the CSV
> > resource back to enabled. That's not what I want. I want the
> > resource
> > to remain in the disabled state. I think this is because it is
> > setting
> > the user back to enabled, and the example makes it so that the
> > resource
> > follows the user. That's not what I want in my instance. I may be
> > disabling a resource because the person is no longer an employee
> > and is
> > only a student. Thus their employee resources are disabled for a
> > period
> > of time before we delete them.
> > 
> > What am I missing? The other key here is that if they are added
> > back to
> > the Grouper resource, they should be set back to enabled.
> > 
> > Thanks,
> > Richard
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > https://lists.evolveum.com/mailman/listinfo/midpoint
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint


More information about the midPoint mailing list