[midPoint] Active Directory Role setting Attribute on AD Account, does not Cleanup Attribute whe Role is removed
Patrik Sidler
patrik.sidler at itconcepts.ch
Thu Jul 6 11:18:59 CEST 2023
Hi Commuinity,
I have created a Role, that sets a predefined Attribute Value on an users Active Directory Account when the role I assigned.
<role xmlns=http://midpoint.evolveum.com/xml/ns/public/common/common-3
xmlns:c=http://midpoint.evolveum.com/xml/ns/public/common/common-3
xmlns:icfs=http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
xmlns:org=http://midpoint.evolveum.com/xml/ns/public/common/org-3
xmlns:q=http://prism.evolveum.com/xml/ns/public/query-3
xmlns:ri=http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
xmlns:t=http://prism.evolveum.com/xml/ns/public/types-3>
<name>SetValue</name>
<description>Role required to set a Value on an Attribute</description>
<indestructible>true</indestructible>
<requestable>true</requestable>
<inducement id="2">
<construction>
<resourceRef oid="fb3f7385-7a9a-4e8c-926e-8fc23de7efb5" relation="org:default" type="c:ResourceType"/>
<attribute>
<ref>ri:extensionAttribute1</ref>
<outbound>
<expression>
<value>ImportantValue</value>
</expression>
</outbound>
</attribute>
</construction>
</inducement>
</role>
The Assignment works perfect. As soon as the Role is assigned, the Value is available on the Users Active Directory Account.
But when I remove the Role, the value stays on the Attribute. It will not be removed when I unassign the Role?
I do not know if this is possible or not.
But It would be great if anyone is having an Idea how to clean up the Attribute when I unassign the Role.
Thank you in advance for your help.
Best Regards,
Patrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230706/7ca753c8/attachment.htm>
More information about the midPoint
mailing list