<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Aivo,<br>
also please show us how associations for groups are configured in
the roles that put users to that groups.<br>
The mappings should be <strength>strong</strength> to
apply during recon.<br>
<br>
I<br>
<br>
<div class="moz-cite-prefix">On 04/27/2016 01:45 PM, Pálos Gustáv
wrote:<br>
</div>
<blockquote
cite="mid:CAPXQVkcF+H2o+WrnJqYh_gvQxcDXAnDKB=4si8-sy4xJt6p-1A@mail.gmail.com"
type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>please send me a resource config XML</div>
<div>Do you use <tolerant>false</tolerant> in group
attribute in schemaHandling?</div>
<div><br>
</div>
<div>Gusto</div>
<div><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-04-27 13:33 GMT+02:00 Aivo
Kuhlberg <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:aivo.kuhlberg@rmit.ee" target="_blank">aivo.kuhlberg@rmit.ee</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr"
style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;background-color:rgb(255,255,255)">
<p>I noticed today strange behavior about midPoint
role reassignment. I have set up AD sync and
imported users and also groups as roles. I am
testing user who have AD resource assignment in
midPoint and also 2 AD-group-based role assignments.<br>
At first I remove in AD one of the assigned
role-based groups from user, but not both groups.
Then I run recomputation task in midPoint.<br>
Result: previously deleted group does not appear
again to AD user<br>
If I remove both groups in AD then after
recomputation both groups appear again in AD user<br>
Is this a bug or I am missing something?<br>
</p>
<p>I use midPoint 3.3.1 with AD connector<br>
</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Aivo Kuhlberg<br>
</p>
<br>
<hr>
<font face="Arial" color="Gray" size="2">Käesolev
e-kiri võib sisaldada asutusesiseseks kasutamiseks
tunnistatud teavet.<br>
This e-mail may contain information which is
classified for official use.</font>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</body>
</html>