<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Oskar,<br>
<br>
if you wish to keep the user account in AD after he leaves, you can
utilize "disable instead of delete" - unassignin the last role (e.g.
Employee) will disable the AD account instead of delete.<br>
<br>
Would that help?<br>
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation#ResourceSchemaHandling:Activation-DisableonUnassign">https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation#ResourceSchemaHandling:Activation-DisableonUnassign</a><br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 06/30/2016 03:59 PM, Oskar Butovič -
AMI Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:CAE8MtZCCAk-Qky11nQ+ZeYaZ8YxdwiphR4q=DsQWQ4OxW2MKGQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hello Pavol,
<div><br>
</div>
<div>Employee role gives th user accounts in AD and GoogleApps.
After he leaves company it is still desired to keep him in AD.
So I made mappings which switches employee role with AD and GA
accounts for ExEmployee role with only AD account.</div>
<div><br>
</div>
<div>---</div>
<div><br>
</div>
<div>Thanks for advice. I will try it and mail my results.</div>
<div><br>
</div>
<div>Best Regards,</div>
<div><br>
</div>
<div>Oskar</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-06-30 15:27 GMT+02:00 Pavol
Mederly <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hello Oskar,</p>
<p>I don't quite understand your situation.</p>
<ol>
<li>You create a user of 'employee' type and
automatically assign him Employee role. OK.</li>
<li>Then he leaves the company.</li>
<li>You say that his account is cancelled by assigning
ExpiredEmployee role.</li>
</ol>
<p>Why don't you simply unassign the Employee role?</p>
<p>---</p>
<p>But back to your question: you can simply check all
directly assigned roles by iterating through
user.getAssignment() objects (of AssignmentType), and
selecting those with getTargetRef() != null and
getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).</p>
<p>Best regards,</p>
<p>Pavol<br>
</p>
<div>
<div class="h5"> <br>
<div>On 28.06.2016 15:15, Oskar Butovič - AMI Praha
a.s. wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hello All,
<div><br>
</div>
<div>I am trying to check in mapping in user
template wether the user has particular role.</div>
<div><br>
</div>
<div>for example following scenario</div>
<div>i create new user with identityType
(extension parameter) employee. I wan to assign
role Employee to users with this type.</div>
<div>in some time employee leaves company and his
account is cancelled by assigning
expiredEmployee role</div>
<div><br>
</div>
<div>i understand that so far it can be made by
setting
<authoritative>true</authoritative></div>
<div><br clear="all">
<div>but i also want for this role to be kept
when user is editted ad his identity Type is
no longer employee.</div>
<div><br>
</div>
<div>this could be done with
<authoritative>false</authoritative>
but it then prevent prevoius scenario. If i
would be able to check current roles of the
user i could accomplish all required behaviour
with <authoritative>true</authoritative>.</div>
<div><br>
</div>
<div>Do you have any advice or code snippet how
to resolve this problem?</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Oskar Butovič</div>
<div><br>
-- </div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<table
style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
<tbody>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px
solid gray!important">
<p><span
style="font-size:14px;font-weight:bold">Oskar
Butovič</span><br>
solution architect<br>
<br>
gsm: <a
moz-do-not-send="true"
href="tel:%5B%2B420%5D%20774%20480%20101" value="+420774480101"
target="_blank">[+420]
774 480 101</a><br>
e-mail: <a
moz-do-not-send="true"
href="mailto:oskar.butovic@ami.cz" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:oskar.butovic@ami.cz">oskar.butovic@ami.cz</a></a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px
solid gray!important">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: <a
moz-do-not-send="true"
href="tel:%5B%2B420%5D%20274%20783%20239" value="+420274783239"
target="_blank">[+420]
274 783 239</a><br>
web: <a
moz-do-not-send="true"
href="http://www.ami.cz/" target="_blank"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;width:116px;border:0px
solid gray!important">
<p><img
moz-do-not-send="true"
src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s."
style="border:0px"></p>
</td>
</tr>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="7"
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px
solid gray!important"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"
target="_blank"><img
moz-do-not-send="true"
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI
Praha a.s."
style="border:0px;width:480px!important;min-height:82px!important"></a></td>
</tr>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="7"
style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px
solid gray!important"><br>
Textem tohoto e-mailu
podepisující neslibuje
uzavřít ani neuzavírá za
společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá
smlouva, pokud bude
uzavřena, musí mít
výhradně písemnou formu.<br>
<br>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<table
style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
<tbody>
<tr style="padding:0px;margin:0px;border:0px
solid gray!important">
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px
solid gray!important">
<p><span
style="font-size:14px;font-weight:bold">Oskar
Butovič</span><br>
solution architect<br>
<br>
gsm: [+420] 774 480 101<br>
e-mail: <a moz-do-not-send="true"
href="mailto:oskar.butovic@ami.cz"
target="_blank">oskar.butovic@ami.cz</a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px
solid gray!important">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: [+420] 274 783 239<br>
web: <a moz-do-not-send="true"
href="http://www.ami.cz/"
target="_blank">www.ami.cz</a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px
solid gray!important;width:116px">
<p><img moz-do-not-send="true"
src="http://www.ami.cz/images/podpis/ami_logo.gif"
alt="AMI Praha a.s."
style="border:0px"></p>
</td>
</tr>
<tr style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="7"
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px
solid gray!important"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"
target="_blank"><img
moz-do-not-send="true"
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
alt="AMI Praha a.s."
style="border:0px;width:480px!important;height:82px!important"></a></td>
</tr>
<tr style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="7"
style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px
solid gray!important"><br>
Textem tohoto e-mailu podepisující
neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně písemnou
formu.<br>
<br>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</body>
</html>