<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello!</p>
<p>If I understand this example:
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Projection+Policy">https://wiki.evolveum.com/display/midPoint/Projection+Policy</a><br>
the enforcement policy should be outside "schemaHandling" as a
separate section:</p>
<p><projection><br>
<assignmentPolicyEnforcement>full</assignmentPolicyEnforcement><br>
</projection><br>
</p>
I have it configured this way and it works - it removes not assigned
entitlements.<br>
<br>
Good luck!<br>
WS<br>
<br>
<div class="moz-cite-prefix">W dniu 20.12.2017 o 18:52, Alcides
Carlos de Moraes Neto pisze:<br>
</div>
<blockquote type="cite"
cite="mid:CAMLLNmk3CoiWGjK+6cT-aEtRXQv_PDwVsFNWTdzRA-d_W7U7oQ@mail.gmail.com">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Hello list,<br>
<br>
</div>
I have a working Org. Unit -> AD group mapping, with
an AssociationFromLink inducement for members.<br>
<br>
</div>
However, I would like Midpoint to also remove members of
the AD group that are added manually, that don't match
members of the Org. Unit. <br>
I tried using <br>
<assignmentPolicyEnforcement>full</assignmentPolicyEnforcement><br>
</div>
inside the Schema Handling for the entitlement, but it
didn't work.<br>
<br>
</div>
Any leads?<br>
</div>
Thanks in advance.<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>