<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><span></span></div><div dir="ltr"><div dir="ltr"><div>Hi Ivan, thank you.</div><div><br></div><div>We can't have it tolerant=false, we have many associations in AD outside midpoint control. </div><div><br></div><div>Assignment and unassignment works, shouldn’t assignment activation work just like an unassignment? Why tolerant is needed to remove membership in this case?</div><div><br></div><div>Isn’t that exception related? We’re pretty sure this worked in 3.8, and it stopped now in 3.9</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter, 16 de abr de 2019 às 05:36, Ivan Noris <<a href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Alcides,</p>
<p>I think the removal of group(s) will work in this scenario if the
AD attribute/association in the resource schema handling is set to
be tolerant=false.</p>
<p>Be sure this is what you want as tolerant=false means midPoint
will remove all values not given by midPoint.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="gmail-m_1084764384954452029moz-cite-prefix">On 16. 4. 2019 0:26, Alcides Carlos de
Moraes Neto wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Hello list,</div>
<div><br>
</div>
<div>We have working user and role association to AD users
and groups. However, if we give users an assignment with
activation expiration date in midpoint, they are not
removed from the AD group when the date comes. The
assignment shows as expired, but they are not removed from
the AD group that the role projects to, even when
recomputing.</div>
<div><br>
</div>
<div>Even removing the expired assignment will not remove
the user from the list.</div>
<div><br>
</div>
<div>Also, when trying to modify any of the activation
parameters from these assignments, we're getting a NPE:</div>
<div>java.lang.NullPointerException: null<br>
com.evolveum.midpoint.prism.util.ItemDeltaItem.findIdi(ItemDeltaItem.java:218)<br>
com.evolveum.midpoint.repo.common.expression.ExpressionUtil.resolvePath(ExpressionUtil.java:232)<br>
com.evolveum.midpoint.model.common.mapping.MappingImpl.parseSource(MappingImpl.java:874)<br>
<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="gmail-m_1084764384954452029mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_1084764384954452029moz-quote-pre">_______________________________________________
midPoint mailing list
<a class="gmail-m_1084764384954452029moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="gmail-m_1084764384954452029moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="gmail-m_1084764384954452029moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
</div></body></html>