<div dir="ltr">No I don't have anything like that in my recon task, no activation at all in it. This happened again a few days ago when a value in my CSV resource was modified for a user, their last name which is "weak" so it did not update in midpoint, and when I ran the audit report I saw that it replaced ENABLED with ENABLED making it look like they were "disabled" but they were not, it just replaced enabled with enabled.<div><br></div><div>I went further into my CSV resource and found the below,</div><div><br></div><div><div> <activation></div><div> <administrativeStatus></div><div> <inbound></div><div> <expression></div><div> <value>enabled</value></div><div> </expression></div><div> </inbound></div><div> </administrativeStatus></div><div> </activation></div></div><div><br></div><div>So I changed it and added the highlighted,</div><div><br></div><div><div> <activation></div><div> <administrativeStatus></div><div> <inbound></div><div> <font color="#ff0000"><strength>weak</strength></font></div><div> <expression></div><div> <value>enabled</value></div><div> </expression></div><div> </inbound></div><div> </administrativeStatus></div><div> </activation></div></div><div><br></div><div>This might have been causing the false positives as when an attribute was changed, even if the attribute was "weak" it would still replace "enabled" with "enabled" in the user object causing a notification to fire.</div><div><br></div><div>So far after the change, a few days now, I have not had the issue again,</div><div><br></div><div>Maybe this is not the cause? But I will keep an eye on it, I have notifications going to my email so I will be able to see if it happens again before I let the notifications go out to the users.</div><div><br></div><div>JASON</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 1, 2015 at 5:31 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi Jason,<br>
<br>
I have encountered similar behaviour - reconciliation or recompute
task (or reconcile checkbox) disabled accounts that were not
provided by roles.<br>
<br>
This happened after migration from 3.0.x -> 3.3-snapshot and with
the following configuration in resource (see bold text):<br>
<br>
<activation><br>
<existence><br>
<outbound><br>
<strength>weak</strength><br>
<expression><br>
<path>$focusExists</path><br>
</expression><br>
</outbound><br>
</existence><br>
<administrativeStatus><br>
<outbound><br>
<strength>strong</strength><br>
<!-- XXX to allow to disable when removing roles by recomputing
users; but<br>
enforcement MUST be set to FULL for this to work --><br>
<expression><br>
<script><br>
<code><br>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br>
<b> if (legal &&
assigned) { // previously only "legal" was used</b><b><br>
</b> input;<br>
} else {<br>
ActivationStatusType.DISABLED;<br>
}<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
</administrativeStatus><br>
</activation><br>
<br>
Are you using this config too?<br>
<br>
Regard,<br>
I.<div><div class="h5"><br>
<br>
<div>On 09/25/2015 05:58 PM, Jason Everling
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">I found out why!
<div><br>
</div>
<div>So if these users did not have any role assigned then their
GUI accounts were being disabled.</div>
<div><br>
</div>
<div>Strange though, this did not happen in 3.1.1, so maybe
there was a bug in 3.1.1 related to that?</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Sep 25, 2015 at 10:08 AM, Jason
Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I have a recon task that runs every night and
after I updated us to 3.2 the task last night disabled
about 30 accounts, only their GUI account and not all
their other resource accounts.
<div><br>
</div>
<div>It should have never disabled their accounts, I
cannot figure out why that happened and even within the
resource there is nothing stated to inactivate or
anything, this same task/resource has been running every
night for about 3 weeks now and this is the first time
this happened,</div>
<div><br>
</div>
<div>Thanks!</div>
<span><font color="#888888">
<div>
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
</div></div><font size="2"><br>
<br><span class="">
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </span></font><br><span class="">
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">JASON</div></div>
</div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>