[midPoint] Enforcing group membership not working

[Odd Arne Beck]

Hi!

I have created a test-connector where users and groups are created in a
database, and I can also add groups/membership (entitlements) and that is
also reflected in the database.

If I create a new group it is automatically created in the resource, and
when I assign a user to a group the user is created in the resource and the
membership is added in the database. When unassigning the user from the
group the user is deleted from the resource and also removed from the
mapping table for user-> group.

However, if I manually add a user to a group in the database using database
tools the Group object in midpoint does not reflect this. If I then add the
same user through the UI it is not triggering any 'update()" method in my
connector - almost as if Midpoint is aware that the user is already in the
correct group in the database. If I then remove the same user and re-add
the user to the group he is removed and then properly added and the group
reflects this and the correct update code is run in my connector.

When adding the user 'manually' It's almost as if midpoint is halfway aware
that the user is in the group but not in the group in the UI.

I also expected the group synchronization to actually trigger an "update"
or "remove" in the code in my connector to remove the user from the group
since he's not "officially" added in the group, however no such
functionality is triggered either.

Does anyone have an input as to what mechanism I seem to be missing?

Best regards,

Odd Beck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250326/649433d1/attachment.htm>