Skip to Content.
Sympa Menu

comanage-users - [comanage-users] LDAP Provisioner - automatic provisioning of groups

Subject: COmanage Users List

List archive

[comanage-users] LDAP Provisioner - automatic provisioning of groups


Chronological Thread 
  • From: Mike Manske <>
  • To:
  • Subject: [comanage-users] LDAP Provisioner - automatic provisioning of groups
  • Date: Tue, 3 Jun 2014 15:15:01 -0500

We are running commit fdf500b229 in a production environment. We are
using the LDAP provisioner plugin, accessed at path
'.../registry/ldap_provisioner/co_ldap_provisioner_targets/edit...'.

We have both a People Base DN and a Group Base DN defined. We have
objectclass 'groupOfNames' enabled. The provisioner status is set to
'Automatic Mode.'

The provisioning to the People Base DN seems to work fine when a
person is enrolled. However, the LDAP Group DN is not updated by an
enrollment. Looking at the LDAP records after an enrollment, we see
the person record has 'isMemberOf' attributes for the correct groups,
but the records for the corresponding groups do not have the person's
identifier in the 'hasMember' attribute.

To continue, if we manually remove a person from a group via
'...registry/co_groups/edit...'
or modify membership via
'/registry/co_group_members/select/...'
the group change is automatically pushed to LDAP. Also, if we manually
provision a group via
'.../registry/co_groups/provision...'
this also pushes the change to LDAP.

Is there something I can check in my configuration to ensure the LDAP
groups are updated with new enrollments?

I have also attached screen images to avoid ambiguity.

Regards.

Attachment: EditGrp.png
Description: PNG image

Attachment: MngGrpMembers.png
Description: PNG image

Attachment: LdapProv1.png
Description: PNG image

Attachment: LdapProv2.png
Description: PNG image




Archive powered by MHonArc 2.6.16.

Top of Page