Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded [2020/03/04 07:54]
doischert 		tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded [2020/03/04 08:28]
tsunami ↷ Page moved and renamed from tutorial:adm:systems_-_ad:remove_group_membership_when_the_contract_is_excluded to tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded
Line 15: Line 15:
 {{ :tutorial:adm:systems_-_ad:02.png?direct&1000 |}} {{ :tutorial:adm:systems_-_ad:02.png?direct&1000 |}}
  
-Open the detail by clicking the magnifying glass, you will see this.+Open the detail by clicking the magnifying glass. You will see this.
  
 {{ :tutorial:adm:systems_-_ad:03.png?direct&600 |}} {{ :tutorial:adm:systems_-_ad:03.png?direct&600 |}}
  
-Open the detail of the attribute ldapGroups by clicking the magnifying glass, you will see this.+Open the detail of the attribute ldapGroups by clicking the magnifying glass. You will see this.
  
 {{ :tutorial:adm:systems_-_ad:04.png?direct&600 |}} {{ :tutorial:adm:systems_-_ad:04.png?direct&600 |}}
Line 28: Line 28:
 ===== Set this behavior on using the AD synchronization workflow ===== ===== Set this behavior on using the AD synchronization workflow =====
  
-Alternatively, you can use the regular synchronization of AD groups to set this behavior for all AD roles since this synchronization uses our [[tutorial:dev:ad_groups_sync_workflow|workflow]] to do many things related to managing AD groups.+Alternatively, you can use the regular synchronization of AD groups to set this behavior for some or all AD roles since this synchronization uses our [[tutorial:dev:ad_groups_sync_workflow|workflow]] to do many things related to managing AD groups.
  
-<note warning>Be very careful here and make sure that you really want all AD roles to be removed when the contract becomes inactive!</note>+First, I will show you how to turn this feature on for all AD roles.
  
 <note tip>This requires you to have the current workflow from the Extras module! Older versions will not support this.</note> <note tip>This requires you to have the current workflow from the Extras module! Older versions will not support this.</note>
 +<note warning>Be very careful here and make sure that you really want all AD roles to be removed from the contract when the contract becomes inactive!</note>
  
-First, in the left menu, go to Settings > Configuration.+In the left menu, go to Settings > Configuration.
  
 {{ :tutorial:adm:systems_-_ad:06.png?direct&600 |}} {{ :tutorial:adm:systems_-_ad:06.png?direct&600 |}}
Line 52: Line 53:
 <code>idm.pub.acc.syncRole.roles.nameOfRoles.doNotSentValueOnExclusion</code> <code>idm.pub.acc.syncRole.roles.nameOfRoles.doNotSentValueOnExclusion</code>
  
-and as a value, type in the names of the relevant roles separated by comma. You can only use this if your roles do not have a comma in their names!+and as a Value, type in the names of the relevant roles separated by comma. You can only use this if your roles do not have a comma in their names!
  
 {{ :tutorial:adm:systems_-_ad:08.png?direct&600 |}} {{ :tutorial:adm:systems_-_ad:08.png?direct&600 |}}
 +
 +Click save. When the next synchronization runs, all roles specified in the Value here will be set to be removed the contract becomes inactive.
  • by apeterova