<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Patrik,</p>
<p>please note that even if there is validTo exceeded, role itself
will <i>not</i> be unassigned. Just the <i>assignment</i> of the
role will be <i>inactive</i>. Whatever the role does, will be
"undone".</p>
<p>... but in this case, I think you need to set tolerant=false in
the schema handling - if the role provides associations, then you
need to configure it ther. That's just the page mentioned by
Pascal.
(<a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/resources/entitlements/#entitlement-membership-removal">https://docs.evolveum.com/midpoint/reference/resources/entitlements/#entitlement-membership-removal</a>
for the reference)</p>
<p>Before you set tolerance to false, you should be sure there are
no other groups than provided by midPoint.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 7. 12. 2022 8:58, Patrik Sidler via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:GVAP278MB023166BC1DF71A0CB0223F1FEF1A9@GVAP278MB0231.CHEP278.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Verdana",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif">Hi
All,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">I am having a problem with a LDAP Role that not
gets unassigned when the validTo is reached.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">The role assignment on the particular user
changes its effectiveStatus to disabled (because validTo is
reached), but the role will not be unassigned and therefore
the user is still member of the LDAP Group.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">What do I have to configure that the Role will
be unassigned when validTo is reached?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">I am working with midPoint 4.6 by the way.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">My LDAP Role:<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"><role xmlns=<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>
xmlns:c=<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>
xmlns:icfs=<a
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>
xmlns:org=<a
href="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>
xmlns:q=<a
href="http://prism.evolveum.com/xml/ns/public/query-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://prism.evolveum.com/xml/ns/public/query-3</a>
xmlns:ri=<a
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>
xmlns:t=<a
href="http://prism.evolveum.com/xml/ns/public/types-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://prism.evolveum.com/xml/ns/public/types-3</a>
xmlns:xsi=<a
href="http://www.w3.org/2001/XMLSchema-instance"
moz-do-not-send="true" class="moz-txt-link-freetext">http://www.w3.org/2001/XMLSchema-instance</a>
oid="f2906bc1-4b33-4bf1-9233-981614e70195" version="8"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<name>cn=biouser,cn=groups,cn=accounts,dc=dsone-dev,dc=aspectra,dc=net</name><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <assignment id="1"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <createChannel><a
href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#import</createChannel"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#import</createChannel</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <originMappingName>Metarole
LDAP Group Assignment</originMappingName><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <targetRef
oid="ed3e5df8-2217-11e8-9d57-9793344c7aa6"
relation="org:default" type="c:RoleType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!-- Metarole LDAP Group
Assignment --><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </targetRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<effectiveStatus>enabled</effectiveStatus><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </assignment><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <assignment id="2"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <createChannel><a
href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#import</createChannel"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#import</createChannel</a>><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <originMappingName>Metarole
Line Manager Approval</originMappingName><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <targetRef
oid="cee649ee-8764-47e3-847b-c9f7155bcfe3"
relation="org:default" type="c:RoleType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!-- Metarole Line Manager
Approval --><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </targetRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<effectiveStatus>enabled</effectiveStatus><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </assignment><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <roleMembershipRef
oid="ed3e5df8-2217-11e8-9d57-9793344c7aa6"
relation="org:default" type="c:RoleType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!-- Metarole LDAP Group Assignment
--><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </roleMembershipRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <roleMembershipRef
oid="cee649ee-8764-47e3-847b-c9f7155bcfe3"
relation="org:default" type="c:RoleType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!-- Metarole Line Manager Approval
--><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </roleMembershipRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <linkRef
oid="a7e0ac25-cd8c-4387-9ebb-6fc961549d7a"
relation="org:default" type="c:ShadowType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!--
cn=defaultuser,cn=groups,cn=accounts,dc=env-dev,dc=customer,dc=net
--><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </linkRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<effectiveStatus>enabled</effectiveStatus><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<enableTimestamp>2022-11-23T16:26:51.664+01:00</enableTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<displayName>defaultuser</displayName><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<identifier>jira-notification</identifier><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <requestable>true</requestable><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">My LDAP Group Add MetaRole:<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"><role xmlns=<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>
xmlns:c=<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>
xmlns:icfs=<a
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>
xmlns:org=<a
href="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>
xmlns:q=<a
href="http://prism.evolveum.com/xml/ns/public/query-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://prism.evolveum.com/xml/ns/public/query-3</a>
xmlns:ri=<a
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>
xmlns:t=<a
href="http://prism.evolveum.com/xml/ns/public/types-3"
moz-do-not-send="true" class="moz-txt-link-freetext">http://prism.evolveum.com/xml/ns/public/types-3</a>
xmlns:xsi=<a
href="http://www.w3.org/2001/XMLSchema-instance"
moz-do-not-send="true" class="moz-txt-link-freetext">http://www.w3.org/2001/XMLSchema-instance</a>
oid="ed3e5df8-2217-11e8-9d57-9793344c7aa6" version="21"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <name>Metarole LDAP Group
Assignment</name><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <description>Assign this Meta Role to
all LDAP Group Roles, that can be assigned to
users.</description><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<effectiveStatus>enabled</effectiveStatus><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<enableTimestamp>2022-11-15T11:23:42.723+01:00</enableTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </activation><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <displayName>Metarole: assign Users
to LDAP Group</displayName><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <inducement id="12"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <description>Inducement to add
the User to the correct LDAP Group and to create an account
as a projection of user having assigned a LDAP Group Role
with this metarole.</description><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <description>Creates an
account for user, and associates with group created for the
Role assigned to the user.</description><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<strength>weak</strength><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <resourceRef
oid="31f3b90c-7b4d-4320-9964-3f46a3e75cf2"
relation="org:default" type="c:ResourceType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!-- LDAP --><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<intent>ldapAccount</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <association id="14"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<ref>ri:ldapGroupMember</ref><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<strength>strong</strength><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<path>$focusAssignment/targetRef</path><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<projectionDiscriminator
xsi:type="c:ShadowDiscriminatorType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<intent>ldapGroup</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
</projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
</associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<focusType>UserType</focusType><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <inducement id="11"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <description>Inducement to add
the User to the correct LDAP Group</description><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <description>Creates an
object (group) for organization</description><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <resourceRef
oid="31f3b90c-7b4d-4320-9964-3f46a3e75cf2"
relation="org:default" type="c:ResourceType"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> <!-- LDAP --><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US">
<intent>ldapGroup</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier New""
lang="EN-US"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">Thank you in advance for your help.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"
lang="EN-US">Patrik Sidler ITConcepts<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:DE-CH"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Expert Identity Engineer
evolveum.com
</pre>
</body>
</html>