<html>Thank you everyone, it worked by replacing administrativeStatus with effectiveStatus. It is indeed computed automatically!<br /><br />Have a great day!<br /><br />Best regards,<br />Luca<br /><br />Le Jeudi, Février 24, 2022 12:56 CET, "Rainer Herbst" <rainer.herbst@aip.de> a écrit:<br /> <blockquote type="cite" cite="ximss-3134251@cgpro.aip.de">Yes, I think if you replace the administrativeStatus by efectiveStatus in<br />the activation section of your resource description, it should work.<br /><br />In my LDAP resource (DS389), I have two outbound mappings for disabled and<br />enabled users, so it looks a little bit complicated:<br /><activation><br /><administrativeStatus><br /> <outbound><br /><strength>strong</strength><br /> <name>Disable</name><br /><expression><br /><script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<br />xsi:type="c:ScriptExpressionEvaluatorType"><br /><code><br />import<br />com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br />ActivationStatusType.DISABLED;<br /></code><br /></script><br /></expression><br /><condition><br /><variable><br /><name>identityEffectiveStatus</name><br /><c:path>$focus/activation/effectiveStatus</c:path><br /></variable><br /><script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<br />xsi:type="c:ScriptExpressionEvaluatorType"><br /><code><br />import<br />com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br /><br />// disabled identity must always have all linked accounts DISABLED<br />(strong)<br />identityEffectiveStatus != ActivationStatusType.ENABLED;<br /></code><br /></script><br /></condition><br /></outbound><br /><outbound><br /><strength>strong</strength><br /> <name>Enable</name><br /><expression><br /><script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<br />xsi:type="c:ScriptExpressionEvaluatorType"><br /><code><br />import<br />com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br />ActivationStatusType.ENABLED;<br /></code><br /></script><br /></expression><br /><condition><br /><variable><br /><name>identityEffectiveStatus</name><br /><c:path>$focus/activation/effectiveStatus</c:path><br /></variable><br /><script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<br />xsi:type="c:ScriptExpressionEvaluatorType"><br /><code><br />import<br />com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br /><br />// disabled identity must always have all linked accounts DISABLED<br />(strong)<br />identityEffectiveStatus == ActivationStatusType.ENABLED;<br /></code><br /></script><br /></condition><br /></outbound><br /><br /></administrativeStatus><br /></activation><br /><br /><br />On Do, 24 Feb 2022 12:11:53 +0100<br />Luca Verardo <luca@verardo.ch> wrote:<br />> Hello!<br />><br />> Thank you for your answer.<br />><br />> Currently I use the administrativeStatus to enable or disable the<br />>user (it is synced to an LDAP backend)<br />><br />> Therefore, if I understood correctly, I should also sync<br />>effectiveStatus to the LDAP backend, is that correct ?<br />><br />><br />> Best regards,<br />> Luca Verardo<br />><br />>> Le 24 févr. 2022 à 12:06, Rainer Herbst <rainer.herbst@aip.de> a<br />>>écrit :<br />>><br />>> Hi!<br />>><br />>> In my understanding, midpoint handles the "effectiveStatus"<br />>>automatically - i. e. if a user has reached his "validTo", the<br />>>effectiveStatus is calculated.<br />>><br />>> If you set the "adminstrativeStatus", it will overcome the validTo<br />>>rule, i.e. even after validTo, the user will be valid. You should not<br />>>set this adminstrativeStatus without need.<br />>><br />>> HTH!<br />>> Rainer<br />>><br />>>> On Do, 24 Feb 2022 11:30:24 +0100<br />>>> Luca Verardo via midPoint <midpoint@lists.evolveum.com> wrote:<br />>>> Dear Evolveum community,<br />>>> I'm looking to execute a recurring task that will check the user's<br />>>>validity range (Valid To or Valid From) and disable users accordingly<br />>>>using today's date.<br />>>> I've searched for some examples, but I was unable in succeeding with<br />>>>the implementation.<br />>>> Are tasks the correct direction ? If yes, does someone have an<br />>>>example of how I could do it ?<br />>>> Thanks a lot in advance.<br />>>> Best regards,<br />>><br />>> Viele Grüße<br />>><br />>> Rainer Herbst<br />>> Leiter IT-Service<br />>> Phone: +49 331 7499-257<br />>> e-mail: rainer.herbst@aip.de<br />>> https://www.aip.de<br />>><br />>> -----------------------------------------------------------------------------------------------<br />>> Leibniz-Institut für Astrophysik Potsdam (AIP)<br />>> An der Sternwarte 16, 14482 Potsdam<br />>><br />>> Vorstand: Prof. Dr. Matthias Steinmetz, Wolfram Rosenbach<br />>> Stiftung bürgerlichen Rechts<br />>> Stiftungsverzeichnis Brandenburg: 26 742-00/7026<br />>> -----------------------------------------------------------------------------------------------<br />><br /><br />Viele Grüße<br /><br />Rainer Herbst<br />Leiter IT-Service<br />Phone: +49 331 7499-257<br />e-mail: rainer.herbst@aip.de<br />https://www.aip.de<br /><br />-----------------------------------------------------------------------------------------------<br />Leibniz-Institut für Astrophysik Potsdam (AIP)<br />An der Sternwarte 16, 14482 Potsdam<br /><br />Vorstand: Prof. Dr. Matthias Steinmetz, Wolfram Rosenbach<br />Stiftung bürgerlichen Rechts<br />Stiftungsverzeichnis Brandenburg: 26 742-00/7026<br />-----------------------------------------------------------------------------------------------</blockquote><br /><br /><br /> </html>