<div dir="ltr">Hi everyone, <br clear="all"><div><br></div><div>I have an Active Directory resource with the activation node configured like this:</div><div><i><br></i></div><div><div><i><activation></i></div><div><i> <!--Existence mapping hardcoded to TRUE in order not to delete in the resource when deleted in MidPoint --></i></div><div><i> <existence></i></div><div><i> <outbound></i></div><div><i> <expression></i></div><div><i> <value>true</value></i></div><div><i> </expression></i></div><div><i> </outbound></i></div><div><i> </existence></i></div><div><i> <!-- If user exists and account is entitled --></i></div><div><i> <administrativeStatus></i></div><div><i> <outbound></i></div><div><i> <expression></i></div><div><i> <script></i></div><div><i> <code></i></div><div><i> import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;</i></div><div><i> if (legal && assigned)</i></div><div><i> {</i></div><div><i> input;</i></div><div><i> }</i></div><div><i> else</i></div><div><i> {</i></div><div><i> ActivationStatusType.DISABLED;</i></div><div><i> }</i></div><div><i> </code></i></div><div><i> </script></i></div><div><i> </expression></i></div><div><i> </outbound></i></div><div><i> </administrativeStatus></i></div><div><i> </activation></i></div></div><div><i><br></i></div><div>What I need is the following:</div><div><ul><li>When a user that is linked is <b>disabled</b>, the account is <b>disabled </b>in AD (Working)<br></li><li>When a user has the <b>association </b>to AD <b>removed </b>(the resource is removed from the user, or a role containing an inducement to the resource is removed from the user), the account is <b>disabled </b>in AD (Working)<br></li><li>When a user that is linked is <b>DELETED </b>from MidPoint, the account is <b>disabled </b>in AD (NOT WORKING). Currently, with this configuration, when I delete a user that is linked in AD i get the following error:</li></ul></div><div><i>Schema violation during processing shadow: shadow: CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of attribute '__NAME__' must be a single value, but it has 0values: Schema violation during processing shadow: shadow: CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of attribute '__NAME__' must be a single value, but it has 0values: Schema violation during processing shadow: shadow: CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of attribute '__NAME__' must be a single value, but it has 0values: Schema violation during processing shadow: shadow: CN=testuser_ad,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (OID:dfc8cf0c-d571-4e09-9e58-df9cf117f94d): Schema violation: Value of attribute '__NAME__' must be a single value, but it has 0values</i><br></div><div><i><br></i></div><div>Can anyone please help me with this? Thanks in advanced.</div><div><br></div><div>Regards,</div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b style="font-size:12.8px">Ana Pereyra</b><br></div><div dir="ltr"><font face="verdana, sans-serif" style="font-size:12.8px"><img src="http://www.identicum.com/img/favicon.ico"> Identicum S.A.<br><i><font color="#666666">Jorge Newbery 3226, Argentina<br>Tel: +54 (11) </font></i></font><font color="#666666" face="verdana, sans-serif" style="font-size:12.8px"><i>4552.3050</i></font><div style="font-size:12.8px"><font face="verdana, sans-serif"><i><font size="1"><a href="mailto:apereyra@identicum.com" style="color:rgb(17,85,204)" target="_blank">apereyra@identicum.com</a></font></i><br><a href="http://www.identicum.com/" style="color:rgb(17,85,204)" target="_blank"><font color="#000000">www.identicum.com</font></a></font></div></div></div></div></div></div></div></div></div></div></div>
</div>