Skip to Content.
Sympa Menu

comanage-users - [comanage-users] Multiple Roles and COUs and LDAP

Subject: COmanage Users List

List archive

[comanage-users] Multiple Roles and COUs and LDAP

Chronological Thread 
  • From: <>
  • To:
  • Subject: [comanage-users] Multiple Roles and COUs and LDAP
  • Date: Fri, 5 Sep 2014 19:22:49 +0000 (UTC)

This is related to Jira issue CO-941, but did not what to clutter that with

This is our #1 showstopper.

The question is about scope / context of a eduPersonAffiliation values in the
presence of multiple roles in different COUs. I think this is more a bug in
the requirements, and less so the code.


A CO Person has multiple roles defined, 'Member' of COU-1 and 'Staff' of

This needs to be exported to LDAP. Not just the 'affiliations' as COmanage
calls them, but the COU to which they apply.

In LDAP, the affiliations are mapped to eduPersonAffiliation, and this is a
multi value field. Using the example above, this would result in
'member,staff'. Fine, as far as it goes.

However, unless I am missing something, the COU is not represented anywhere in
the current LDAP provisioner output. Since it does not convey the
scope/context of the affiliations, the eduPersonAffiliation value is
meaningless when COUs are used within COmanage.

(Using our example, it does not say for which COU a person is a member and
which staff.)

Therefore, even if the above Jira issue is 'fixed' (provisioning fails when
multiple roles are defined) it still does not address the real functional

Is the solution to concatenate the COU name and affiliation in
eduPersonAffiliation? E.g., 'COU-1->member,COU-2->staff'

Or restructuring the mapping to LDAP (yikes!)?


Archive powered by MHonArc 2.6.16.

Top of Page