<div dir="ltr">Thank you Pavol!<br>
</div><div dir="ltr"><br>
</div><div dir="ltr">This made the tricks!<br>
</div><div dir="ltr"><br>
</div><div dir="ltr">Bye,<br>
</div><div dir="ltr">Marco<br>
</div><div dir="ltr"><br>
</div><div dir="ltr"><br>
</div><div dir="ltr"><br>
</div><div class="wps_signature">Inviato tramite dispositivo Xiaomi</div><div class="wps_quotion">Il Pavol Mederly <mederly@evolveum.com>, 08 set 2017 11:32 PM ha scritto:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p></p><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I'd try this one:</p>
<p><a href="https://pastebin.com/MUYd9xBz">https://pastebin.com/MUYd9xBz</a></p>
<div class="de1"><span class="sc3"><span class="re1">
<outbound<span class="re2">><br>
<b><strength>strong</strength></b><br>
</span></span></span> <span class="sc3"><span class="re1"><expression<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"><associationFromLink<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"><projectionDiscriminator<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"><kind<span class="re2">></span></span></span>entitlement<span class="sc3"><span class="re1"></kind<span class="re2">></span></span></span></div>
<div class="de2"> <span class="sc3"><span class="re1"><intent<span class="re2">></span></span></span>group<span class="sc3"><span class="re1"></intent<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"></projectionDiscriminator<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"></associationFromLink<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"></expression<span class="re2">></span></span></span></div>
<div class="de1"> <span class="sc3"><span class="re1"></outbound<span class="re2">><br>
<br>
But it's a bit of guess.<br>
<br>
</span></span></span></div>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 08.09.2017 23:15, Marco Benucci
wrote:<br>
</div>
<blockquote type="cite" cite="mid:20170908211535.3BF3EC02@minerva.evolveum.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Roboto;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:windowtext;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Preformattato HTML Carattere";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.PreformattatoHTMLCarattere
{mso-style-name:"Preformattato HTML Carattere";
mso-style-priority:99;
mso-style-link:"Preformattato HTML";
font-family:"Courier New";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">Hi,</p>
<p class="MsoNormal">I have created my entitlements using this
schema object in my resource</p>
<p class="MsoNormal"><a href="https://pastebin.com/zkJkwS73">https://pastebin.com/zkJkwS73</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">and an object synchronization like this</p>
<p class="MsoNormal"><a href="https://pastebin.com/axrzXbc2">https://pastebin.com/axrzXbc2</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">the template used in sync is the following</p>
<p class="MsoNormal"><a href="https://pastebin.com/MUYd9xBz">https://pastebin.com/MUYd9xBz</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Moreover, I have an association in the
account schemaHandling</p>
<p class="MsoNormal"><a class="moz-txt-link-freetext" href="https://pastebin.com/bDsHu38V">https://pastebin.com/bDsHu38V</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This is basically what is described in <a href="https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO">https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Where should I put the mapping’s strenght?<br>
<br>
Thank you,<br>
Marco</p>
<p class="MsoNormal"> </p>
<div style="mso-element:para-border-div;border:none;border-top:solid
#E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><b>Da: </b><a href="mailto:mederly@evolveum.com">Pavol
Mederly</a><br>
<b>Inviato: </b>venerdì 8 settembre 2017 22:50<br>
<b>A: </b><a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<b>Oggetto: </b>Re: [midPoint] R: Re: Reevaluate
entitlement association</p>
</div>
<p class="MsoNormal"> </p>
<p>Hello Marco,</p>
<p>I assume your entitlements are created using account
constructions containing mappings. The behavior on
recompute/reconcile depends on the strength of those mappings
and on the tolerance level set on target associations (and
attributes).</p>
<p>Generally, strength=normal (read "relative") means the
mappings are put into action on a value change.
Recompute/reconcile does <b>not</b> trigger them.</p>
<p>If you want to be sure your mapping is employed on
recompute/reconcile, you have to mark it as strength=strong.</p>
<p>See <a href="https://wiki.evolveum.com/display/midPoint/Mapping#Mapping-MappingStrength">https://wiki.evolveum.com/display/midPoint/Mapping#Mapping-MappingStrength</a>.</p>
<p>Also you can enable logging and see what mappings are
triggered, and, generally, what's going on when you run
recompute.</p>
<p>See <a href="https://wiki.evolveum.com/display/midPoint/Troubleshooting+Mappings">https://wiki.evolveum.com/display/midPoint/Troubleshooting+Mappings</a>.</p>
<p>Best regards,</p>
<pre>Pavol Mederly</pre>
<pre>Software developer</pre>
<pre>evolveum.com</pre>
<div>
<p class="MsoNormal">On 08.09.2017 19:56, Marco Benucci wrote:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Sorry for not have specified this
before, but recompute seems not to work. Neither the
checkbox on the user page neither a bulk with the
recompute action...</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">No errors are showed by the way.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">We have planned the update asap, but
before doing that we have a bunch of more urgent
requests...</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Anyway, should be this the expected
behavior?</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">If an account on AD is not in a given
group, but his/her virtual identity have the
role/entitlement associated (and the account is correctly
linked), should a recomputation fix this?</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Maybe we have a wrong resource
configuration? </p>
</div>
<div>
<p class="MsoNormal">Il 08 set 2017 7:44 PM, Martin Lízner -
AMI Praha a.s. <a href="mailto:martin.lizner@ami.cz"><martin.lizner@ami.cz></a>
ha scritto:</p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal">Hi, simple user recompute should do
it. E.g. open user in GUI, check the reconcile checbox
and hit save. Anyway I also recommend upgrading to the
latest (3.6, soon 3.6.1) mp version. M.</p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
</p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<table class="MsoNormalTable" style="border-collapse:collapse;border-width:0px!important;border-style:solid!important;width:482px!important" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr style="border:gray!important">
<td style="padding:0cm 0cm 0cm
0cm;border:gray!important" valign="bottom">
<p><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif">Martin
Lízner</span></b><span style="font-size:8.5pt;font-family:"Arial",sans-serif"><br>
solution architect<br>
<br>
gsm: [+420] 737 745 571<br>
e-mail: <a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a></span></p>
</td>
<td style="border:none;border-right:solid
#CCCCCC 1.0pt;padding:0cm
0cm 0cm
0cm;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"> </span><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm;border:gray!important">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"> </span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm;border:gray!important" valign="bottom">
<p><span style="font-size:8.5pt;font-family:"Arial",sans-serif">AMI
Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: [+420] 274 783 239<br>
web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></span></p>
</td>
<td style="border:none;border-right:solid
#CCCCCC 1.0pt;padding:0cm
0cm 0cm
0cm;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"> </span><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm;border:gray!important">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"> </span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm;border:gray!important">
<p style="mso-margin-top-alt:5.0pt;margin-right:6.0pt;margin-bottom:5.0pt;margin-left:6.0pt"><span style="font-size:8.5pt;font-family:"Arial",sans-serif"><img style="width:1.0833in;height:.4166in" id="_x0000_i1026" src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="http://www.ami.cz/images/podpis/ami_logo.gif" height="40" width="104" border="0"></span><span style="font-size:8.5pt;font-family:"Arial",sans-serif"></span></p>
</td>
</tr>
<tr style="border:gray!important">
<td colspan="7" style="padding:0cm 0cm 0cm
0cm;border:gray!important"><br>
</td>
</tr>
<tr style="border:gray!important">
<td colspan="7" style="padding:0cm 0cm 0cm
0cm;border:gray!important">
<table class="MsoNormalTable" style="border-collapse:collapse;border-width:0px!important;border-style:solid!important;width:482px!important" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr style="border:gray!important">
<td style="width:360.0pt;padding:0cm
0cm 0cm
0cm;border-width:0px!important;border-style:solid!important;width:482px!important" width="480">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"><br>
</span><a href="http://www.skyidentity.com/" target="_blank"><span style="font-size:7.5pt;font-family:"Verdana",sans-serif;text-decoration:none"><img style="width:5.0in;height:.8541in" id="_x0000_i1025" src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI
Praha
a.s." height="82" width="480" border="0"></span></a><span style="font-size:7.5pt;font-family:"Verdana",sans-serif"></span></p>
</td>
</tr>
<tr style="border:gray!important">
<td style="padding:0cm
0cm 0cm
0cm;border:gray!important"><br>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial",sans-serif;color:gray">Textem
tohoto e-mailu
podepisující neslibuje
uzavřít ani neuzavírá za
společnost AMI Praha
a.s.<br>
jakoukoliv smlouvu.
Každá smlouva, pokud
bude uzavřena, musí mít
výhradně písemnou formu.</span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span style="color:black"> </span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">2017-09-08 18:43 GMT+02:00 Marco
Benucci <<a href="mailto:m.benucci@nsr.it" target="_blank">m.benucci@nsr.it</a>>:</p>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p><span style="font-family:"Roboto",serif">Hi,</span></p>
<p><span style="font-family:"Roboto",serif">we
have midpoint 3.4 and an AD resource with
configured entitlements.<br>
<br>
Now, I still do not know why, but on AD many
users have lost their membership of a role.
Fortunately in midPoint we still have the
role/entitlement associated to all the right
users.<br>
<br>
Is there a way to force midPoint to reevaluate
the entitlement association to add again users
to theri group?<br>
<br>
Thank you.</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></p>
</blockquote>
</div>
<p class="MsoNormal"> </p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>_______________________________________________</pre>
<pre>midPoint mailing list</pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="color:black"> </span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>
</blockquote></div>