• State Not Answered
  • Replies 2 replies
  • Subscribers 61 subscribers
  • Views 1182 views
  • Users 0 members are here
Options
Related

Issue: clearing edsva-ScheduledLink-Endtime - unintended consequence

dyannic
over 4 years ago

Hi - We leverage temporal group membership to control the length of time a user can remain password allowed before being flipped back to smartcard required.

When we need to reset the edsva-ScheduledLink-Endtime  for entries in the group, we clear that value.  That should prevent removal from the group at the scheduled time.  Instead - it removes the member the night I clear that value.

Is this a bug or a feature?  Is there a way to reset the edsva-ScheduledLink-Endtime   without triggering the removal of the account from the group?

  • 0 over 4 years ago

    if I remove/clear the edsva-ScheduledLink-Endtime variable value, the status stamped in change history is 'CANCELLED' - but still removes the user the night the value was cleared.
    I tested setting the value to a future date to over-ride the initial temporal removal value. The initial change history value for status switched to CANCELLED - and a NEW operational change was recorded showing a status of PENDING.  We'll see if the user stays put this time ...

  • 0 over 4 years ago in reply to dyannic

    my results for future time travelers -

    "re"-Setting edsva-ScheduledLink-Endtime for temporal group exit - on an account to a future date, initiates a 'Cancel' on the current Pending' removal operation, and sets the new exit date, sets the removal operation as 'Pending' (change history)  and leaves the user in the group until the new extended edsva-ScheduledLink-Endtime comes to  pass.

    If you clear edsva-ScheduledLink-Endtime - it does not not remove the temporal nature of the original add.  In my tests, It set the account to be removed from the group on the day I cleared the value in edsva-ScheduledLink-Endtime.

    Perhaps that's logical - but not clear initially to me.

    now … back to the future.