<div dir="ltr">I was trying to figure this out this morning so the values have changed since it was last set since I re enabled the persons account in the gui, so it is the way it should be now , I meant to capture that before I modified it but I forgot :( I will have to capture that the next time it happens<div><br></div><div>Is there a way to narrow this filter so that it only sends if a resource object is disabled?</div><div><br></div><div><div> <handler></div><div> <expressionFilter></div><div> <script></div><div> <code></div><div> <span class="" style="white-space:pre"> </span>event.isRelatedToItem(new com.evolveum.midpoint.prism.path.ItemPath("activation", "administrativeStatus")) &&</div><div><span class="" style="white-space:pre"> </span>basic.getExtensionPropertyValue(requestee, '<a href="http://www.bshp.edu/xml/ns/public/bshp">http://www.bshp.edu/xml/ns/public/bshp</a>', 'eduPersonAffiliation') == 'student'</div><div> </code></div><div> </script></div><div> </expressionFilter></div></div><div><br></div><div>I checked the AD Connector logs, and at exactly that time, and nothing happened before that time, the persons group memberships were modified,</div><div><br></div><div><div>ConnectorServer.exe<span class="" style="white-space:pre"> </span>Information<span class="" style="white-space:pre"> </span>0<span class="" style="white-space:pre"> </span>Creating case insensitive filter<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector.Api<span class="" style="white-space:pre"> </span>Information<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>ExecuteQuery starting, query = (member=CN=User Modified,OU=DEPT,OU=Students,DC=CHANGED,DC=EDU)<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>AD.ExecuteQueryInternal: modifying query; attributesToReturn = cn, samAccountName, description, displayName, managedBy, mail, info, groupType, objectClass, member, uSNChanged, uSNCreated, whenChanged, whenCreated, ad_container, __DESCRIPTION__, __SHORT_NAME__, __NAME__, __UID__<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Setting search string to '(&(objectclass=Group)(member=CN=User Modified,OU=DEPT,OU=Students,DC=CHANGED,DC=EDU))'<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Search: Performing query<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>searcher.FindAll took 00:00:00.005<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Found object LDAP://<a href="http://dc1.changed.edu/CN=CHANGED1,OU=Students,DC=CHANGED,DC=EDU">dc1.changed.edu/CN=CHANGED1,OU=Students,DC=CHANGED,DC=EDU</a><span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Unsupported attribute type ... calling ToString (Name: 'whenChanged'(0) Type: 'System.DateTime' String Value: '8/28/2015 7:56:13 PM'<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Unsupported attribute type ... calling ToString (Name: 'whenCreated'(0) Type: 'System.DateTime' String Value: '10/6/2009 7:08:43 PM'<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector.Api<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Returning ''LDAP://<a href="http://dc1.changed.edu/CN=CHANGED1,OU=Students,DC=CHANGED,DC=EDU'">dc1.changed.edu/CN=CHANGED1,OU=Students,DC=CHANGED,DC=EDU'</a>', in 92 ms<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Found object LDAP://<a href="http://dc1.changed.edu/CN=CHANGED2,OU=Groups,OU=Exchange,DC=CHANGED,DC=EDU">dc1.changed.edu/CN=CHANGED2,OU=Groups,OU=Exchange,DC=CHANGED,DC=EDU</a><span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Unsupported attribute type ... calling ToString (Name: 'whenChanged'(0) Type: 'System.DateTime' String Value: '10/2/2015 7:15:07 AM'<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div><div>ActiveDirectoryConnector<span class="" style="white-space:pre"> </span>Verbose<span class="" style="white-space:pre"> </span>1<span class="" style="white-space:pre"> </span>Unsupported attribute type ... calling ToString (Name: 'whenCreated'(0) Type: 'System.DateTime' String Value: '1/4/2013 7:50:41 PM'<span class="" style="white-space:pre"> </span>2015-10-06 22:21:55Z</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 7, 2015 at 9:50 AM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>Hello Jason,<br></div><div><br></div><div>and what's the current content of the <activation> and <metadata> sections of that user?<br></div><div><br></div><div>Pavol<br></div><div><br></div><hr><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"Jason Everling" <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>><br><b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Sent: </b>Wednesday, October 7, 2015 4:23:02 PM<br><b>Subject: </b>[midPoint] Still disabling User's GUI accounts! I cannot figure this out..<div><div class="h5"><br><div><br></div><div dir="ltr">At 5:21pm yesterday this persons GUI account was disabled, firing off the account disabled notification, but the account should not have been disabled, I have no mappings for any resource that disables an account except for when users are removed from CSV which the user still exists.<div><br></div><div>I have NO tasks or recons that happen at that time or even close to that time, so all of a sudden at 5:21 their account was disabled? I cannot figure out why, in the audit logs it just has</div><div><br></div><div>[ObjectDeltaOperation(ObjectDelta(UserType:000010101010101010101010,MODIFY: PropertyDelta(activation / {.../common/common-3}administrativeStatus, REPLACE), PropertyDelta(activation / {.../common/common-3}effectiveStatus, REPLACE), PropertyDelta(activation / {.../common/common-3}enableTimestamp, REPLACE), PropertyDelta(metadata / {.../common/common-3}modifyChannel, REPLACE), </div><div><br></div><div>Does the admin/effective status that is in the roles and orgs have anything to do with it?<br clear="all"><div><br></div>-- <br><div><div dir="ltr">JASON</div></div></div></div><br> <span style="font-size:small" size="2"><span style="font-size:small" size="2"><br></span></span><div><br></div></div></div><span style="font-size:small" size="2">CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </span><br><div><br></div>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div><div><br></div></div></div><br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">JASON</div></div>
</div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>