<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi Pavol,<div class=""><br class=""></div><div class="">I’ve applied your suggestions and it works!</div><div class=""><br class=""></div><div class="">Thanks a lot.</div><div class=""><br class=""></div><div class=""> Fabio</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">Il giorno 13 ott 2015, alle ore 09:35, Pavol Mederly <<a href="mailto:mederly@evolveum.com" class="">mederly@evolveum.com</a>> ha scritto:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<div class="moz-cite-prefix">Hello Fabio,<br class="">
<br class="">
I have to correct myself with a clear head in the morning.<br class="">
<br class="">
<c:path> assignment </c:path> is wrong, as the default
input for activation mappings is not the focal object (as it is
for standard attribute mappings).<br class="">
<br class="">
So the working solution is:<br class="">
<br class="">
<tt class=""> <outbound></tt><tt class=""><br class="">
</tt><tt class=""> <strength>strong</strength></tt><tt class=""><br class="">
</tt><tt class=""> <source></tt><tt class=""><br class="">
</tt><tt class="">
<c:path>$user/assignment</c:path></tt><tt class=""><br class="">
</tt><tt class=""> </source></tt><tt class=""><br class="">
</tt><tt class=""> <expression></tt><tt class=""><br class="">
</tt><tt class=""> <value>enabled</value></tt><tt class=""><br class="">
</tt><tt class=""> </expression></tt><tt class=""><br class="">
</tt><tt class=""> <condition></tt><tt class=""><br class="">
</tt><tt class=""> <script></tt><tt class=""><br class="">
</tt><tt class="">
<relativityMode>absolute</relativityMode></tt><tt class=""><br class="">
</tt><tt class=""> <code></tt><tt class=""><br class="">
</tt><tt class="">
!midpoint.isDirectlyAssigned(user,
'a4ce0d72-ebf5-4214-9d76-65f1a98a6ea3')</tt><tt class=""><br class="">
</tt><tt class=""> </code></tt><tt class=""><br class="">
</tt><tt class=""> </script></tt><tt class=""><br class="">
</tt><tt class=""> </condition></tt><tt class=""><br class="">
</tt><tt class=""> </outbound></tt><tt class=""><br class="">
</tt><tt class=""> <outbound></tt><tt class=""><br class="">
</tt><tt class=""> <strength>strong</strength></tt><tt class=""><br class="">
</tt><tt class=""> <source></tt><tt class=""><br class="">
</tt><tt class="">
<c:path>$user/assignment</c:path></tt><tt class=""><br class="">
</tt><tt class=""> </source></tt><tt class=""><br class="">
</tt><tt class=""> <expression></tt><tt class=""><br class="">
</tt><tt class=""> <value>disabled</value></tt><tt class=""><br class="">
</tt><tt class=""> </expression></tt><tt class=""><br class="">
</tt><tt class=""> <condition></tt><tt class=""><br class="">
</tt><tt class=""> <script></tt><tt class=""><br class="">
</tt><tt class="">
<relativityMode>absolute</relativityMode></tt><tt class=""><br class="">
</tt><tt class=""> <code></tt><tt class=""><br class="">
</tt><tt class="">
midpoint.isDirectlyAssigned(user,
'a4ce0d72-ebf5-4214-9d76-65f1a98a6ea3')</tt><tt class=""><br class="">
</tt><tt class=""> </code></tt><tt class=""><br class="">
</tt><tt class=""> </script></tt><tt class=""><br class="">
</tt><tt class=""> </condition></tt><tt class=""><br class="">
</tt><tt class=""> </outbound></tt><tt class=""><br class="">
</tt><br class="">
At least this works for me in 3.3-snapshot. Note the change from
"assignment" to "$user/assignment" and added
"<relativityMode>absolute</relativityMode>" to work
around a subtle problem in providing assignment values to the
expression.<br class="">
<br class="">
Best regards,<br class="">
Pavol<br class="">
<br class="">
</div>
<blockquote cite="mid:561C3018.5050205@evolveum.com" type="cite" class="">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" class="">
<div class="moz-cite-prefix">Hello Fabio,<br class="">
<br class="">
problem of your code is in that activation/administrativeStatus
is not a real attribute. It is a property of the shadow, not an
attribute of the resource object.<br class="">
<br class="">
I would solve your problem by setting administrativeStatus in
the <activation> part of the AD resource schema handling -
not in the Org inducement.<br class="">
<br class="">
The code could look like this - well, it's just one of the
possibilities:<br class="">
<br class="">
<pre class="code-java"> <activation>
<administrativeStatus>
<outbound>
<strength>strong</strength>
<source>
<c:path>assignment</c:path>
</source>
<expression>
<value>enabled</value>
</expression>
<condition>
<script>
<code>
!midpoint.isDirectlyAssigned(user, 'a4ce0d72-ebf5-4214-9d76-65f1a98a6ea3')
</code>
</script>
</condition>
</outbound>
<outbound>
<strength>strong</strength>
<source>
<c:path>assignment</c:path>
</source>
<expression>
<value>disabled</value>
</expression>
<condition>
<script>
<code>
midpoint.isDirectlyAssigned(user, 'a4ce0d72-ebf5-4214-9d76-65f1a98a6ea3')
</code>
</script>
</condition>
</outbound>
</administrativeStatus>
</activation></pre>
<br class="">
In 3.3-snapshot this does not work <a moz-do-not-send="true" href="https://jira.evolveum.com/browse/MID-2618" class="">because of a
bug</a>, but in 3.2 it could work (please try).<br class="">
<br class="">
Best regards,<br class="">
Pavol<br class="">
<br class="">
<br class="">
On 12. 10. 2015 18:59, Fabio Contessi wrote:<br class="">
</div>
<blockquote cite="mid:C555D53C-BD0C-47DF-A832-40EFEDA1BB5A@nsr.it" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div class="">
<div class="">Hi,</div>
<div class=""><br class="">
</div>
<div class="">I’m using midPoint 3.2 and I have an Active
Directory as target resource. I need to disable an Active
Directory account when the user linked to the account is
assigned to a particular midPoint Organizational Unit.</div>
<div class=""><br class="">
</div>
<div class="">In the inducement section of the OU I have this
snippet code:</div>
</div>
<div class=""><br class="">
</div>
<div class="">
<div style="font-family: HelveticaNeue;" class=""><inducement
id="1"></div>
<div style="font-family: HelveticaNeue;" class="">
<construction></div>
<div style="font-family: HelveticaNeue;" class="">
<resourceRef oid="Resource-ActiveDirectory"
type="c:ResourceType"></resourceRef></div>
<div style="font-family: HelveticaNeue;" class="">
<kind>account</kind></div>
<div style="font-family: HelveticaNeue;" class="">
<attribute></div>
<div style="font-family: HelveticaNeue;" class="">
<c:ref>activation/administrativeStatus</c:ref></div>
<div style="font-family: HelveticaNeue;" class="">
<outbound></div>
<div style="font-family: HelveticaNeue;" class="">
<expression></div>
<div style="font-family: HelveticaNeue;" class="">
<value>disabled</value></div>
<div style="font-family: HelveticaNeue;" class="">
</expression></div>
<div style="font-family: HelveticaNeue;" class="">
</outbound></div>
<div style="font-family: HelveticaNeue;" class="">
</attribute></div>
<div style="font-family: HelveticaNeue;" class="">
</construction></div>
<div style="font-family: HelveticaNeue;" class="">
</inducement></div>
</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">When I assign a midPoint user to the
Organizational Unit, I receive an error and the operation
fails. </div>
<div class=""><br class="">
</div>
<div class="">What I’m doing wrong? What is the correct way to
do that?</div>
<div class=""><br class="">
</div>
<div class="">Thanks in advance for the help.</div>
<div class=""><br class="">
</div>
<div class="">Regards.</div>
</div>
<div class=""><br class="">
</div>
<div class=""> Fabio</div>
<div class="">
<div apple-content-edited="true" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div class=""><br class="">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br class="">
</blockquote>
<br class="">
</div>
_______________________________________________<br class="">midPoint mailing list<br class=""><a href="mailto:midPoint@lists.evolveum.com" class="">midPoint@lists.evolveum.com</a><br class="">http://lists.evolveum.com/mailman/listinfo/midpoint<br class=""></div></blockquote></div><br class=""></div></body></html>