Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-2825

When deleting user with undeletable (read only) accounts on resource, the shadows will stay in linked state but without owner

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 3.4 (Heisenberg)
    • Fix Version/s: distant future
    • Component/s: Provisioning
    • Labels:
      None

      Description

      1. CSV file resource is used to import data - users are created from CSV and linked to the CSV accounts. The configuration contains:

      		<capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
      			<configured>
      				<cap:activation>
      					<cap:status>
      						<cap:attribute>ri:disabled</cap:attribute>
      						<cap:enableValue>false</cap:enableValue>
      						<cap:disableValue>true</cap:disableValue>
      					</cap:status>
      				</cap:activation>
      				<cap:delete>
      					<cap:enabled>false</cap:enabled>
      				</cap:delete>
      			</configured>
      		</capabilities>
      

      2. user is deleted from midpoint. Attempt to delete account on CSV fails, because resource does not support delete operation
      3. shadow is not deleted (which is correct as the target account was not deleted as well), but midPoint displays that it's LINKED - and there is no owner.

      <shadow xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
              xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
              xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
              xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
              xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
              xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
              oid="c4ca8d78-22e0-498c-9b3d-e98a03937ab4"
              version="3">
         <name>datahouse-admin</name>
         <metadata>
            <modifyTimestamp>2016-02-29T22:11:46.844+01:00</modifyTimestamp>
            <modifierRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                         oid="00000000-0000-0000-0000-000000000002"
                         type="tns:UserType"/>
            <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import</modifyChannel>
         </metadata>
         <resourceRef oid="b2911718-cbe3-11e5-b1ea-3c970e44b9e2" type="c:ResourceType"/>
         <synchronizationSituation>linked</synchronizationSituation>
         <synchronizationTimestamp>2016-02-29T22:11:46.966+01:00</synchronizationTimestamp>
         <fullSynchronizationTimestamp>2016-02-29T22:11:46.966+01:00</fullSynchronizationTimestamp>
         <synchronizationSituationDescription>
            <situation>unmatched</situation>
            <timestamp>2016-02-29T22:11:45.054+01:00</timestamp>
            <channel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import</channel>
            <full>true</full>
         </synchronizationSituationDescription>
         <synchronizationSituationDescription>
            <situation>linked</situation>
            <timestamp>2016-02-29T22:11:46.966+01:00</timestamp>
            <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
            <full>true</full>
         </synchronizationSituationDescription>
         <objectClass>ri:AccountObjectClass</objectClass>
         <kind>account</kind>
         <intent>default</intent>
         <iteration>0</iteration>
         <iterationToken/>
         <attributes>
            <icfs:name>datahouse-admin</icfs:name>
            <icfs:uid>datahouse-admin</icfs:uid>
         </attributes>
      </shadow>
      

      We should consider this account unmatched or maybe even null/nothing? Because we have deleted the owner... So linked without any owner is incorrect.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vix Ivan Noris
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: