<div dir="ltr"><div>Hi Martin,<br></div>I have already tried this approach but had not success in my case.<br><br>   <mapping><br>      <description>Assigment Agents to Agents Role</description><br>      <authoritative>true</authoritative><br>      <strength>strong</strength><br>      <source><br>         <c:path>$user/employeeType</c:path><br>      </source><br>      <source><br>         <name>formerEmployee</name><br>         <c:path>$user/extension/formerEmployee</c:path><br>      </source><br>      <expression><br>         <value><br>            <targetRef oid="cdbe899a-527b-4774-accc-8d1a7f000000" type="c:RoleType"/><br>         </value><br>      </expression><br>      <target><br>         <c:path>assignment</c:path><br>      </target><br>      <condition><br>         <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"<br>                 xsi:type="c:ScriptExpressionEvaluatorType"><br>            <code>employeeType =='Agent' &amp;&amp; formerEmployee == 'false'</code><br>         </script><br>      </condition><br>   </mapping><br></div><div class="gmail_extra"><br><div class="gmail_quote">On 10 January 2018 at 16:33, Martin Lízner - AMI Praha a.s. <span dir="ltr"><<a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, try using strength=strong for your object template mappings. Should do for most cases. Default is strength=normal, which triggers mapping only when mapping sources are changed. M.</div><div class="gmail_extra"><br clear="all"><div><div class="m_8666095771526512850gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="2" style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Martin Lízner</span><br>solution architect<br><br>gsm: <a href="tel:+420%20737%20745%20571" value="+420737745571" target="_blank">[+420] 737 745 571</a><br>e-mail: <a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: <a href="tel:+420%20274%20783%20239" value="+420274783239" target="_blank">[+420] 274 783 239</a><br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="" style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.skyidentity.com/" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="font-family:Arial,sans-serif;padding:0px;border:0px solid gray!important"><br></td></tr></tbody></table>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote"><div><div class="h5">2018-01-08 15:49 GMT+01:00 Oleksandr Nekriach <span dir="ltr"><<a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">Hi guys,<br>
Please answer me whether there is a way to recalculate all the<br>
attributes and assignments that are assigned to users according to its<br>
ObjectTemplate. Or the principle of Relativity can not be bypassed.<br>
Example:<br>
We have ObjectTemplate wich is applied during reconciliation. This<br>
ObjectTemplate  assigns roles to the users. But after some time I have<br>
found that the IDM administrators (Help Desk guys)  made some changes.<br>
And I'm not sure whether all users have those assignments that were<br>
automatically calculated according to ObjectTemplates or there is<br>
something superfluous. And I would like to remove this unnecessary<br>
assignments automatically.<br>
<br>
--<br>
Best regards,<br>
<br>
Oleksandr Nekriach | Identity and access management engineer<br>
<br>
Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia<br>
<br>
<a href="tel:%2B37125314685" value="+37125314685" target="_blank">+37125314685</a><br>
,<br>
<a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a><br>
|<br>
<a href="http://www.dynatech.lv" rel="noreferrer" target="_blank">www.dynatech.lv</a><br>
<br>
<br>
<br>
<br>
Stay connected:<br>
<br>
<br>
Confidentiality Notice: This message contains confidential information<br>
and is intended only for the named recipient(s). If you are not the<br>
addressee you may not copy, distribute or perform any other activities<br>
with this information. If you have received this transmission in<br>
error, please notify us by e-mail immediately. E-mail transmission<br>
cannot be guaranteed to be secure or error-free as information could<br>
be intercepted, corrupted, lost, destroyed, arrive late or incomplete,<br>
or contain viruses.<br></div></div>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
</blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="color:#4c4c4c">Best regards, <br><br>Oleksandr Nekriach | Identity and access management engineer <br><br>Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia <br><br><div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>, <div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div> | <div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div> <br><br><img src="cid:o.nekriach@dynatech.lv1502777022855-7770"> <br><br>Stay connected: <br><div style="display:inline-block;margin:5px 5px 0 0"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:o.nekriach@dynatech.lv1502777022855-7771"></a></div><div style="display:inline-block;margin:5px 0 0 0"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:o.nekriach@dynatech.lv1502777022855-7772"></a></div><br><br><span style="font-size:11px;color:#a1a1a1">Confidentiality
 Notice: This message contains confidential information and is intended 
only for the named recipient(s). If you are not the addressee you may 
not copy, distribute or perform any other activities with this 
information. If you have received this transmission in error, please 
notify us by e-mail immediately. E-mail transmission cannot be 
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or 
contain viruses.</span></span></div></div></div></div>
</div>