<div dir="ltr"><div>Hello everyone,</div><div><br></div><div>Extending the case exposed by Nicolás, we also added a mapping on the User Template to target on the administrativeStatus attribute the following way (simplified): </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font size="1"><mapping><br></font><font size="1"> ...<br></font><font size="1"> <expression><br></font><font size="1"> <script><br></font><font size="1"> <language><a href="http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy">http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</a></language><br></font><font size="1"> <code><br></font><font size="1"> import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br></font><font size="1"> <br> </font><font size="1"> ...<br></font><font size="1"> return ActivationStatusType.DISABLED;<br></font><font size="1"> </code><br></font><font size="1"> </script><br></font><font size="1"> </expression><br></font><font size="1"> <target><br></font><font size="1"> <b> <c:path>$user/activation/administrativeStatus</c:path></b><br></font><font size="1"> </target><br></font><font size="1"> </mapping></font></blockquote><div><br></div><div>When the user is imported disabled from HR, effectiveStatus remains enabled even though validTo is expired and administrativeStatus is set to disabled on UserTemplates' account. </div><span style="color:rgb(38,50,56);font-size:13px"><div><span style="color:rgb(38,50,56);font-size:13px"><br></span></div></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font size="1"><activation><br></font><font size="1"><b> <administrativeStatus>disabled</administrativeStatus><br></b></font><font size="1"><b> <effectiveStatus>enabled</effectiveStatus></b><br></font><font size="1"> <validFrom>2013-07-20T00:00:00.000-03:00</validFrom><br></font><font size="1"> <b> <validTo>2015-07-20T00:00:00.000-03:00</validTo><br></b></font><font size="1"><b> <validityStatus>in</validityStatus></b><br></font><font size="1"> <enableTimestamp>2017-01-23T16:17:36.013-03:00</enableTimestamp><br></font><font size="1"> <validityChangeTimestamp>2017-01-23T16:17:36.013-03:00</validityChangeTimestamp><br></font><font size="1"> </activation></font></blockquote><div><br></div><div>Thankful for any advise,<br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><b>Rodrigo Yanis.</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br></font>Jorge Newbery 3226<br>Tel: +54 (11) 4824-9971<font face="arial, helvetica, sans-serif"><br><a href="mailto:ryanis@identicum.com" target="_blank"><font color="#0b5394">ryanis@identicum.com</font></a><br><a href="http://www.identicum.com/" target="_blank"><font color="#0b5394">www.identicum.com</font></a></font></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">2017-01-23 10:21 GMT-03:00 Nicolas Rossi <span dir="ltr"><<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><div class="gmail_default">Hi guys, we have reproduced this issue on a fresh install of midPoint 3.5. These are the steps to reproduce it:</div><div class="gmail_default" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><ol style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif;font-size:small"><li style="margin-left:15px">Extended the schema with 2 attributes (a flag and a date) → user.xsd</li><li style="margin-left:15px">Created a UserTemplate mapping the custom date to the validTo if the flag is active. → user_template.xml<br></li><li style="margin-left:15px">Assigned the UserTemplate as the default template for users.</li><li style="margin-left:15px">Create a user</li><li style="margin-left:15px">Modify the user setting the flag and a date before today</li></ol><div style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif;font-size:small">Result:</div><div><ul><li style="margin-left:15px"><font color="#444444" face="arial, helvetica, sans-serif">The validTo date is mapped correctly </font></li><li style="margin-left:15px"><font color="#444444" face="arial, helvetica, sans-serif">The user is still enabled</font></li></ul><div><font color="#444444" face="arial, helvetica, sans-serif">Regards,</font></div></div></div></div></div><div class="gmail_extra"><span class=""><br clear="all"><div><div class="m_3499942527170424721gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br><br><font color="#444444">Ing Nicolás Rossi</font><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br><font color="#999999">Tel: +54 (11) 4552-3050</font><br><font color="#999999"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On Sun, Jan 22, 2017 at 8:30 AM, Nicolas Rossi <span dir="ltr"><<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi guys, we have a User Template that defines the validTo date evaluating 2 different dates. When a user is active and the calculated validTo date is before today the user is not being disabled by midpoint as we expected. I found a little difference between this user and other one not handled by the user template, on the activation node it has validityStatus=in instead of validityStatus=after:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">User disabled OK (changed from GUI, not from the UserTemplate):</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-size:small;color:rgb(68,68,68)"><div class="gmail_default"><font face="monospace, monospace"><activation></font></div><div class="gmail_default"><font face="monospace, monospace"> <b><effectiveStatus>disabled</eff<wbr>ectiveStatus></b></font></div><div class="gmail_default"><font face="monospace, monospace"> <b><validTo>2017-01-15T00:00:00.0<wbr>00-03:00</validTo></b></font></div><div class="gmail_default"><font face="monospace, monospace"> <b><validityStatus>after</validit<wbr>yStatus></b></font></div><div class="gmail_default"><font face="monospace, monospace"> <disableTimestamp>2017-01-22T0<wbr>8:24:48.970-03:00</disableTime<wbr>stamp></font></div><div class="gmail_default"><font face="monospace, monospace"> <enableTimestamp>2017-01-22T08<wbr>:24:31.529-03:00</enableTimest<wbr>amp></font></div><div class="gmail_default"><font face="monospace, monospace"> <validityChangeTimestamp>2017-<wbr>01-22T08:24:48.970-03:00</vali<wbr>dityChangeTimestamp></font></div><div class="gmail_default"><font face="monospace, monospace"> </activation></font></div></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">User not being disabled (changed from UserTemplate):</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div><div class="m_3499942527170424721m_6110592050426890084gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><font face="monospace, monospace"><activation></font></div><div dir="ltr"><font face="monospace, monospace"> <b> <effectiveStatus>enabled</effe<wbr>ctiveStatus></b></font></div><div dir="ltr"><font face="monospace, monospace"><b> <validTo>2017-01-15T00:00:00.0<wbr>00-03:00</validTo></b></font></div><div dir="ltr"><font face="monospace, monospace"><b> <validityStatus>in</validitySt<wbr>atus></b></font></div><div dir="ltr"><font face="monospace, monospace"> <disableTimestamp>2017-01-22T0<wbr>8:13:40.530-03:00</disableTime<wbr>stamp></font></div><div dir="ltr"><font face="monospace, monospace"> <enableTimestamp>2017-01-22T08<wbr>:13:58.962-03:00</enableTimest<wbr>amp></font></div><div dir="ltr"><font face="monospace, monospace"> <validityChangeTimestamp>2017-<wbr>01-22T08:13:58.962-03:00</vali<wbr>dityChangeTimestamp></font></div><div dir="ltr"><font face="monospace, monospace"> </activation></font></div><div dir="ltr" style="font-family:arial,helvetica,sans-serif"><br></div><div dir="ltr" style="font-family:arial,helvetica,sans-serif"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Should I set the validityStatus on the UserTemplate?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Regards,</div><br></div><br><font color="#444444" style="font-family:arial,helvetica,sans-serif">Ing Nicolás Rossi</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif">Identicum S.A.</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif">Jorge Newbery 3226</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif">Tel: +54 (11) 4552-3050</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
</blockquote></div><br></div></div></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>