<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Hello MiSo,<br>

      <br>

      your script could work. <br>

      <br>

      But please set the mapping strength to strong (or normal) and set

      script relativityMode to absolute by setting

      <relativityMode>absolute</relativityMode> as a child

      of <script> element.

      <meta http-equiv="content-type" content="text/html; charset=utf-8">

      <br>

      <br>

      Haven't tried that but it could work. The mapping would maintain

      uniqueMembers property to be either one-element set (containing

      the user if he's enabled) or an empty set otherwise.<br>

      <br>

      Best regards,<br>

      Pavol<br>

      <br>

    </div>

    <blockquote cite="mid:1442490475.3090.3.camel@steky" type="cite">

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

      <meta name="GENERATOR" content="GtkHTML/4.6.6">

      Hi,<br>

      <br>

      I have LDAP resource, where I create ldap group for user from

      midpoint. When is group in LDAP created, then is user added to

      this group in LDAP. Next users is added to LDAP groups in LDAP.<br>

      It is possible remove all uniquemenbers in LDAP when user is

      disabled in midPoint? This is example<br>

      ...<br>

      <attribute><br>

      <ref>ri:uniqueMember</ref><br>

      <matchingRule>mr:stringIgnoreCase</matchingRule><br>

      <outbound><br>

      <strength>weak</strength><br>

      <source><br>

      <path>$focus/name</path><br>

      </source><br>

      <source><br>

      <path>$user/activation/administrativeStatus</path><br>

      </source><br>

      <expression><br>

      <script><br>

      <code><br>

      import

com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br>

      <br>

      if(ActivationStatusType.DISABLED == administrativeStatus){ <br>

      return ''; // REMOVE ALL UNIQUEMEMBE<br>

      } else {<br>

      def suffix = ',ou=people,dc=bla,dc=sk'<br>

      def prefix = 'uid=';<br>

      dn =  prefix + name + suffix;<br>

      return dn;<br>

      }<br>

      </code><br>

      </script><br>

      </expression><br>

      </outbound><br>

      </attribute><br>

      ...<br>

      <br>

      Thanks & regard<br>

      MiSo<br>

      <br>

      On St, 2015-08-19 at 11:16 +0000, Steklac Michal wrote:<br>

      <blockquote type="CITE">Hi Ivan,<br>

        <br>

        Thank you, I try it.<br>

        Sorry. I wrote again, because I don't received response. In the

        period from 07/22/2015 to 08/17/2015 I don't received any emails

        in this mailing list. Now I receive mail.<br>

        <br>

        Thanks & regard<br>

        MiSo<br>

        <br>

        On St, 2015-08-19 at 12:31 +0200, Ivan Noris wrote:<br>

        <blockquote type="CITE">Hi MiSo,<br>

          <br>

          I believe we have already discussed this here <a

            moz-do-not-send="true"

href="http://lists.evolveum.com/pipermail/midpoint/2015-July/001285.html"><a class="moz-txt-link-freetext" href="http://lists.evolveum.com/pipermail/midpoint/2015-July/001285.html">http://lists.evolveum.com/pipermail/midpoint/2015-July/001285.html</a></a><br>

          <br>

          Regards,<br>

          Ivan<br>

          <br>

          On 08/18/2015 08:19 PM, Steklac Michal wrote:<br>

          <br>

          <blockquote type="CITE">Hi,<br>

            <br>

            I have configuration where AD is authoritative source for

            users. When is user create in AD then is create user in LDAP

            (in midpoint terminology account). It is possible create

            group in different ldap subtree with same name? What is best

            way?<br>

            Example:<br>

            AD - cn=Janko Hrasko,ou=midpoint,dc=sk (with

            sAMAccountName=jhrasko)<br>

            LDAP user - uid=jhrasko,ou=people,ou=midpoint,dc=sk<br>

            LDAP group - cn=jhrasko,ou=group,ou=midpoint,dc=sk<br>

            <br>

            Thanks & Best regards<br>

            MiSo<br>

            <br>

            <br>

            <br>

            <br>

            <br>

            <pre>_______________________________________________

midPoint mailing list

<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>

<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>

</pre>

          </blockquote>

          <br>

        </blockquote>

        <br>

      </blockquote>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

midPoint mailing list

<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>

<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>