<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font face="DejaVu Sans Mono">Thank you Pavol,</font></p>
<p><font face="DejaVu Sans Mono">we were thinking that the reaction
to the liveSync unmatched could be "add user" and with an object
template we could disable the newly created user (and the
account too) or expire the password (or even both).</font></p>
<p><font face="DejaVu Sans Mono">The approval could be about 2
request:<br>
1) adding the role that grants access to that resource<br>
2) enabling the user and the account</font></p>
<p><font face="DejaVu Sans Mono">If the approval were rejected, it
could be possibile to delete the user and the account through an
hook, I suppose...</font></p>
<p><font face="DejaVu Sans Mono">I would like to give it a try.<br>
What about the "custom scripting hook" to create an approval?<br>
Is there something on the wiki that talk about this?</font></p>
<p><font face="DejaVu Sans Mono">Thank you, <br>
Marco</font></p>
<p><font face="DejaVu Sans Mono"><br>
</font></p>
<br>
<div class="moz-cite-prefix">On 06/11/2018 11:24 AM, Pavol Mederly
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:38078d1f-5a18-e775-7e3b-f1861e810b34@evolveum.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Marco,</p>
<p>this question have been discussed here a couple of times
already. The answer is "currently not" - at least not in a
simple way.</p>
<p>The basic reason is that it is unclear how should midPoint
react to rejection of the approval. A naive approach (i.e.
rejection means the user would not be created) means that the
same approval request would pop up on next reconciliation; or on
any other occasion where midPoint learns that there's an
unmatched account.</p>
<p>Maybe there could be a workaround like <br>
</p>
<ol>
<li>LiveSync would create user with the lifecycle state of
Proposed.</li>
<li>An approval of switching the state to Active would be
(somehow) started.</li>
<li>If the approval would be completed positively, the user
would be activated. Otherwise it would stay in Proposed state.</li>
</ol>
<p>I am not quite sure how the step 2 should be implemented. It
could be certainly done by a custom scripting hook. (Maybe a
policy rule could be used as well but I am not sure.)</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 04.06.2018 16:50, Marco Benucci
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:94e9c840-a806-6277-ef78-2a3459a4ad01@nsr.it">
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<p><font face="DejaVu Sans Mono">Hi,</font></p>
<p><font face="DejaVu Sans Mono">would it be possible to create
an approval process strarting from a LiveSync </font>"reaction"?<br>
<br>
For example:</p>
<p>I'd like to create an approval workflow about the creation of
a user created by anĀ "adduser" reaction from an "unmatched"
result discovered by liveSync looking for new accounts on a
resource.<br>
<br>
Could it be possible?<br>
<br>
Thank you,<br>
Marco</p>
<p><br>
</p>
<p><br>
</p>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>