[midPoint] How to unassign assignment with effectiveStatus="disabled" and propagate this change to AD
Lubomir Odlevak
odlevak.lubomir at gmail.com
Fri Oct 16 12:46:20 CEST 2020
Hello all,
I have assigned role to MP user and set Activation valid on this
assignment. Role has been assigned in MP and AD successfully.
When valid-to-time has been exceeded,i have run user reconcilation (or
validity task) and effectiveStatus has been set to "disable" for the
assignment.
Both mP role and AD role are still assigned. Now, I'm trying unassign role
assignment from MP user (manually or with hook), but it is not removed in
AD and user is still member of that AD group. How can I achieve it ?
How to unassign assignment with effectiveStatus="disabled" and propagate
this change to AD and remove user from the AD group?
btw: The unassigment with effective status set to "enabled" are unassigned
properly in AD.
Tested on mp 3.8 and 4.1.
Regards
Lubomir Odlevak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201016/d8b95c4e/attachment.htm>
More information about the midPoint
mailing list