On 06/21/2013 05:28 PM, Fabio Martelli wrote:
Il 21/06/2013 17:07, German Parente ha scritto:
Hi,
I have a question about role assign/de-assign.
When I want to deassing a role from a user, I am creating a userMod
object and setting into it:
userMod.setId(currentuser.getId());
userMod.addMemberShipToBeRemoved(membershipid)
where membership id is the id of the membership corresponding to the
role I want to de-assign.
I can de-assign roles of the user progressingly with no issue.
Propagation to ldap is taking place in the desired way.
When I de-assign the last membership of the user, the user is deleted
from ldap.
I can see the DELETE operation in ldap logs.
Is anything I am doing wrong when setting UserMod structure ?
Hi German, no you are not doing anything wrong: in case of resource
de-assignment (directly or indirectly) a de-provisioning operation
will be run.
As you have experienced yet, the user won't be de-provisioned on the
resource until the last (indirectly) assignment between the resource
and itself will exist.
If you don't want to perform any de-provisioning on the resource you
have to work with the ldap connector capabilities: to disable any
de-provisioning operation you can uncheck delete capability on your
connector configuration instance.
Thanks a lot, Fabio.
I have unchecked ONE_PHASE_DELETE and the user has not been deprovisioned.
regards,
German.
Best regards,
F.
Thanks and regards,
German.
