<div dir="ltr">Maybe this could help to the midPoint developers: we added some logs to the ActivationComputer class. We have a disabled user and when we change the validTo value from the User Template, the <b>getEffectiveStatus() returns ENABLED</b><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline"> but the user is still disabled.</div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline"><br></div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline">Current value:</div></div><div><div><font color="#444444" face="monospace, monospace"> <activation></font></div><div><font color="#444444" face="monospace, monospace" style="background-color:rgb(182,215,168)"> <effectiveStatus>disabled</<wbr>effectiveStatus></font></div><div><font color="#444444" face="monospace, monospace" style="background-color:rgb(182,215,168)"> <validTo>2016-04-30T00:00:00.<wbr>000-03:00</validTo></font></div><div><font color="#444444" face="monospace, monospace" style="background-color:rgb(182,215,168)"> <validityStatus>after</<wbr>validityStatus></font></div><div><font color="#444444" face="monospace, monospace"> <disableTimestamp>2017-01-<wbr>23T16:49:49.776-03:00</<wbr>disableTimestamp></font></div><div><font color="#444444" face="monospace, monospace"> <enableTimestamp>2017-01-<wbr>23T16:49:09.338-03:00</<wbr>enableTimestamp></font></div><div><font color="#444444" face="monospace, monospace"> <validityChangeTimestamp>2017-<wbr>01-23T16:49:49.776-03:00</<wbr>validityChangeTimestamp></font></div><div><font color="#444444" face="monospace, monospace"> </activation></font></div></div><div><font color="#444444" face="arial, helvetica, sans-serif"><br></font></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline">After modification</div></div><div><font color="#444444" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#444444" face="monospace, monospace"><div> <activation></div><div><span style="background-color:rgb(234,153,153)"> <effectiveStatus>disabled</<wbr>effectiveStatus></span></div><div><span style="background-color:rgb(234,153,153)"> <validTo>2017-02-01T00:00:00.<wbr>000-03:00</validTo></span></div><div><span style="background-color:rgb(234,153,153)"> <validityStatus>after</<wbr>validityStatus></span></div><div> <disableTimestamp>2017-01-<wbr>23T16:49:49.776-03:00</<wbr>disableTimestamp></div><div> <enableTimestamp>2017-01-<wbr>23T16:49:09.338-03:00</<wbr>enableTimestamp></div><div> <validityChangeTimestamp>2017-<wbr>01-23T16:49:49.776-03:00</<wbr>validityChangeTimestamp></div><div> </activation></div></font></div><div><font color="#444444" face="arial, helvetica, sans-serif"><br></font></div><div><font color="#444444" face="arial, helvetica, sans-serif"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline">It sounds like a bug. Should I open it on JIRA ?</div></font></div><div><font color="#444444" face="arial, helvetica, sans-serif"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline"></div><br></font><div class="gmail_extra"><div><div class="m_-8017328280684359661gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br><font color="#444444">Ing Nicolás Rossi</font><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br><font color="#999999">Tel: +54 (11) 4552-3050</font><br><font color="#999999"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Jan 23, 2017 at 4:46 PM, Rodrigo Yanis <span dir="ltr"><<a href="mailto:ryanis@identicum.com" target="_blank">ryanis@identicum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hello everyone,</div><div><br></div><div>Extending the case exposed by Nicolás, we also added a mapping on the User Template to target on the administrativeStatus attribute the following way (simplified): </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font size="1"><mapping><br></font><font size="1"> ...<br></font><font size="1"> <expression><br></font><font size="1"> <script><br></font><font size="1"> <language><a href="http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy" target="_blank">http://midpoint.evol<wbr>veum.com/xml/ns/public/express<wbr>ion/language#Groovy</a></language><br></font><font size="1"> <code><br></font><font size="1"> import com.evolveum.midpoint.xml.ns._<wbr>public.common.common_3.Activat<wbr>ionStatusType;<br></font><font size="1"> <br> </font><font size="1"> ...<br></font><font size="1"> return ActivationStatusType.DISABLED;<br></font><font size="1"> </code><br></font><font size="1"> </script><br></font><font size="1"> </expression><br></font><font size="1"> <target><br></font><font size="1"> <b> <c:path>$user/activation/admi<wbr>nistrativeStatus</c:path></b><br></font><font size="1"> </target><br></font><font size="1"> </mapping></font></blockquote><div><br></div><div>When the user is imported disabled from HR, effectiveStatus remains enabled even though validTo is expired and administrativeStatus is set to disabled on UserTemplates' account. </div><span style="color:rgb(38,50,56);font-size:13px"><div><span style="color:rgb(38,50,56);font-size:13px"><br></span></div></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font size="1"><activation><br></font><font size="1"><b> <administrativeStatus>disable<wbr>d</administrativeStatus><br></b></font><font size="1"><b> <effectiveStatus>enabled</eff<wbr>ectiveStatus></b><br></font><font size="1"> <validFrom>2013-07-20T00:00:0<wbr>0.000-03:00</validFrom><br></font><font size="1"> <b> <validTo>2015-07-20T00:00:00.<wbr>000-03:00</validTo><br></b></font><font size="1"><b> <validityStatus>in</validityS<wbr>tatus></b><br></font><font size="1"> <enableTimestamp>2017-01-23T1<wbr>6:17:36.013-03:00</enableTimes<wbr>tamp><br></font><font size="1"> <validityChangeTimestamp>2017<wbr>-01-23T16:17:36.013-03:00</<wbr>validityChangeTimestamp><br></font><font size="1"> </activation></font></blockquote><div><br></div><div>Thankful for any advise,<br></div></div><div class="gmail_extra"><br clear="all"><div><div class="m_-8017328280684359661gmail-m_9176653237689097091gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><b>Rodrigo Yanis.</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br></font>Jorge Newbery 3226<br>Tel: +54 (11) 4824-9971<font face="arial, helvetica, sans-serif"><br><a href="mailto:ryanis@identicum.com" target="_blank"><font color="#0b5394">ryanis@identicum.com</font></a><br><a href="http://www.identicum.com/" target="_blank"><font color="#0b5394">www.identicum.com</font></a></font></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote"><div><div class="m_-8017328280684359661gmail-h5">2017-01-23 10:21 GMT-03:00 Nicolas Rossi <span dir="ltr"><<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_-8017328280684359661gmail-h5"><div dir="ltr"><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><div>Hi guys, we have reproduced this issue on a fresh install of midPoint 3.5. These are the steps to reproduce it:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><ol style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif;font-size:small"><li style="margin-left:15px">Extended the schema with 2 attributes (a flag and a date) → user.xsd</li><li style="margin-left:15px">Created a UserTemplate mapping the custom date to the validTo if the flag is active. → user_template.xml<br></li><li style="margin-left:15px">Assigned the UserTemplate as the default template for users.</li><li style="margin-left:15px">Create a user</li><li style="margin-left:15px">Modify the user setting the flag and a date before today</li></ol><div style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif;font-size:small">Result:</div><div><ul><li style="margin-left:15px"><font color="#444444" face="arial, helvetica, sans-serif">The validTo date is mapped correctly </font></li><li style="margin-left:15px"><font color="#444444" face="arial, helvetica, sans-serif">The user is still enabled</font></li></ul><div><font color="#444444" face="arial, helvetica, sans-serif">Regards,</font></div></div></div></div></div><div class="gmail_extra"><span><br clear="all"><div><div class="m_-8017328280684359661gmail-m_9176653237689097091m_3499942527170424721gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br><br><font color="#444444">Ing Nicolás Rossi</font><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br><font color="#999999">Tel: +54 (11) 4552-3050</font><br><font color="#999999"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div><div class="m_-8017328280684359661gmail-m_9176653237689097091h5"><div class="gmail_quote">On Sun, Jan 22, 2017 at 8:30 AM, Nicolas Rossi <span dir="ltr"><<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi guys, we have a User Template that defines the validTo date evaluating 2 different dates. When a user is active and the calculated validTo date is before today the user is not being disabled by midpoint as we expected. I found a little difference between this user and other one not handled by the user template, on the activation node it has validityStatus=in instead of validityStatus=after:</div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">User disabled OK (changed from GUI, not from the UserTemplate):</div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div style="font-size:small;color:rgb(68,68,68)"><div><font face="monospace, monospace"><activation></font></div><div><font face="monospace, monospace"> <b><effectiveStatus>disabled</eff<wbr>ectiveStatus></b></font></div><div><font face="monospace, monospace"> <b><validTo>2017-01-15T00:00:00.0<wbr>00-03:00</validTo></b></font></div><div><font face="monospace, monospace"> <b><validityStatus>after</validit<wbr>yStatus></b></font></div><div><font face="monospace, monospace"> <disableTimestamp>2017-01-22T0<wbr>8:24:48.970-03:00</disableTime<wbr>stamp></font></div><div><font face="monospace, monospace"> <enableTimestamp>2017-01-22T08<wbr>:24:31.529-03:00</enableTimest<wbr>amp></font></div><div><font face="monospace, monospace"> <validityChangeTimestamp>2017-<wbr>01-22T08:24:48.970-03:00</vali<wbr>dityChangeTimestamp></font></div><div><font face="monospace, monospace"> </activation></font></div></div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">User not being disabled (changed from UserTemplate):</div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div><div class="m_-8017328280684359661gmail-m_9176653237689097091m_3499942527170424721m_6110592050426890084gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><font face="monospace, monospace"><activation></font></div><div dir="ltr"><font face="monospace, monospace"> <b> <effectiveStatus>enabled</effe<wbr>ctiveStatus></b></font></div><div dir="ltr"><font face="monospace, monospace"><b> <validTo>2017-01-15T00:00:00.0<wbr>00-03:00</validTo></b></font></div><div dir="ltr"><font face="monospace, monospace"><b> <validityStatus>in</validitySt<wbr>atus></b></font></div><div dir="ltr"><font face="monospace, monospace"> <disableTimestamp>2017-01-22T0<wbr>8:13:40.530-03:00</disableTime<wbr>stamp></font></div><div dir="ltr"><font face="monospace, monospace"> <enableTimestamp>2017-01-22T08<wbr>:13:58.962-03:00</enableTimest<wbr>amp></font></div><div dir="ltr"><font face="monospace, monospace"> <validityChangeTimestamp>2017-<wbr>01-22T08:13:58.962-03:00</vali<wbr>dityChangeTimestamp></font></div><div dir="ltr"><font face="monospace, monospace"> </activation></font></div><div dir="ltr" style="font-family:arial,helvetica,sans-serif"><br></div><div dir="ltr" style="font-family:arial,helvetica,sans-serif"><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Should I set the validityStatus on the UserTemplate?</div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Regards,</div><br></div><br><font color="#444444" style="font-family:arial,helvetica,sans-serif">Ing Nicolás Rossi</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif">Identicum S.A.</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif">Jorge Newbery 3226</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif">Tel: +54 (11) 4552-3050</font><br><font color="#999999" style="font-family:arial,helvetica,sans-serif"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
</blockquote></div><br></div></div></div>
<br></div></div>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div></div>