<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>this task could be a good start :<br>
</p>
<p><br>
</p>
<p> <task><br>
<name>task suppress Assignement
ETUDIANT-LICENCE</name><br>
<extension><br>
<scext:executeScript
xmlns:scext=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">"http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"</a><br>
xmlns:s=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">"http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"</a><br>
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><br>
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a><br>
xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a><br>
xmlns:api=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">"http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"</a><br>
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a><br>
xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a><br>
xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/org-3"</a>><br>
<s:search><br>
<s:type>c:UserType</s:type><br>
<s:query><br>
<q:filter><br>
<q:and><br>
<q:equal><br>
<q:path>subtype</q:path><br>
<q:value>ETUDIANT-DOCTORAT</q:value><br>
</q:equal><br>
<q:substring><br>
<q:matching>polyStringNorm</q:matching><br>
<q:path>name</q:path><br>
<q:value>a</q:value><br>
<q:anchorStart>true</q:anchorStart><br>
</q:substring><br>
<q:equal><br>
<q:path>c:assignment/targetRef/@/name</q:path><br>
<q:value>etudiants-cursus-doctorat</q:value><br>
</q:equal><br>
<!--q:org><br>
<q:orgRef><br>
<q:oid>u75-etudiants-cursus-licence</q:oid--><br>
<!--q:oid>u75-etudiants-cursus-master</q:oid--><br>
<!--q:oid>u75-etudiants-cursus-doctorat</q:oid--><br>
<!--/q:orgRef><br>
<q:maxDepth>unbounded</q:maxDepth><br>
</q:org--><br>
</q:and><br>
</q:filter><br>
</s:query><br>
<br>
<s:action><br>
<s:type>modify</s:type><br>
<s:parameter><br>
<s:name>delta</s:name><br>
<c:value
xsi:type="t:ObjectDeltaType"><br>
<t:changeType>modify</t:changeType><br>
<t:itemDelta><br>
<t:modificationType>delete</t:modificationType><br>
<t:path>c:assignment</t:path><br>
<t:value
xsi:type="c:AssignmentType"><br>
<targetRef
oid="u75-etudiants-cursus-doctorat" relation="org:default"
type="c:RoleType"/><br>
<!--targetRef
oid="u75-etudiants-cursus-doctorat" relation="org:default"
type="c:OrgType"/--><br>
</t:value><br>
</t:itemDelta><br>
</c:value><br>
</s:parameter><br>
</s:action><br>
<br>
</s:search><br>
</scext:executeScript><br>
</extension><br>
<ownerRef
oid="00000000-0000-0000-0000-000000000002"/><br>
<executionStatus>runnable</executionStatus><br>
<br>
<category>BulkActions</category><br>
<handlerUri><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3">http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</a></handlerUri><br>
<recurrence>single</recurrence><br>
</task><br>
<br>
</p>
<div class="moz-cite-prefix">Le 16/10/2020 à 12:46, Lubomir Odlevak
via midPoint a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CABppFo57eqiJynK=UpBG6CrhJpW58tFofg7MNXFg7AaUv44U2Q@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hello all, <br>
<br>
I have assigned role to MP user and set Activation valid on
this assignment. Role has been assigned in MP and AD
successfully.<br>
When valid-to-time has been exceeded,i have run user
reconcilation (or validity task) and effectiveStatus has been
set to "disable" for the assignment.<br>
Both mP role and AD role are still assigned. Now, I'm trying
unassign role assignment from MP user (manually or with hook),
but it is not removed in AD and user is still member of that AD
group. How can I achieve it ?<br>
How to unassign assignment with effectiveStatus="disabled" and
propagate this change to AD and remove user from the AD group?<br>
<br>
btw: The unassigment with effective status set to "enabled" are
unassigned properly in AD.<br>
Tested on mp 3.8 and 4.1.<br>
<br>
Regards<br>
Lubomir Odlevak<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>