[midPoint] Active Directory Role setting Attribute on AD Account, does not Cleanup Attribute whe Role is removed

Lubomir Odlevak odlevak.lubomir at gmail.com
Thu Jul 6 12:02:54 CEST 2023 

Hi Patrik,

try this:

<outbound>
            <expression>
                        <value>ImportantValue</value>
            </expression>
            <target>
                        <set>
                                   <predefined>all</predefined>
                        </set>
            </target>
</outbound
Regards
Lubo

št 6. 7. 2023 o 11:19 Patrik Sidler via midPoint <
midpoint at lists.evolveum.com> napísal(a):

> Hi Commuinity,
>
>
>
> I have created a Role, that sets a predefined Attribute Value on an users
> Active Directory Account when the role I assigned.
>
>
>
> <role xmlns=http://midpoint.evolveum.com/xml/ns/public/common/common-3
>       xmlns:c=http://midpoint.evolveum.com/xml/ns/public/common/common-3
>       xmlns:icfs=
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>       xmlns:org=http://midpoint.evolveum.com/xml/ns/public/common/org-3
>       xmlns:q=http://prism.evolveum.com/xml/ns/public/query-3
>       xmlns:ri=
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>       xmlns:t=http://prism.evolveum.com/xml/ns/public/types-3>
>     <name>SetValue</name>
>     <description>Role required to set a Value on an Attribute
> </description>
>     <indestructible>true</indestructible>
>     <requestable>true</requestable>
>     <inducement id="2">
>         <construction>
>             <resourceRef oid="fb3f7385-7a9a-4e8c-926e-8fc23de7efb5"
> relation="org:default" type="c:ResourceType"/>
>             <attribute>
>                 <ref>ri:extensionAttribute1</ref>
>                 <outbound>
>                     <expression>
>                         <value>ImportantValue</value>
>                     </expression>
>                 </outbound>
>             </attribute>
>         </construction>
>     </inducement>
> </role>
>
>
>
> The Assignment works perfect. As soon as the Role is assigned, the Value
> is available on the Users Active Directory Account.
>
>
>
> But when I remove the Role, the value stays on the Attribute. It will not
> be removed when I unassign the Role?
>
>
>
> I do not know if this is possible or not.
>
> But It would be great if anyone is having an Idea how to clean up the
> Attribute when I unassign the Role.
>
>
>
> Thank you in advance for your help.
>
>
>
> Best Regards,
>
> Patrik
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230706/ac059553/attachment.htm>

More information about the midPoint mailing list