COmanage Users List

[<>]

This is related to Jira issue CO-941, but did not what to clutter that with
discussion.

This is our #1 showstopper. 

The question is about scope / context of a eduPersonAffiliation values in the
presence of multiple roles in different COUs. I think this is more a bug in
the requirements, and less so the code.

Example:

A CO Person has multiple roles defined, 'Member' of COU-1 and 'Staff' of
COU-2.

This needs to be exported to LDAP. Not just the 'affiliations' as COmanage
calls them, but the COU to which they apply.

In LDAP, the affiliations are mapped to eduPersonAffiliation, and this is a
multi value field. Using the example above, this would result in
'member,staff'. Fine, as far as it goes.

However, unless I am missing something, the COU is not represented anywhere in
the current LDAP provisioner output. Since it does not convey the
scope/context of the affiliations, the eduPersonAffiliation value is
meaningless when COUs are used within COmanage.

(Using our example, it does not say for which COU a person is a member and
which staff.)

Therefore, even if the above Jira issue is 'fixed' (provisioning fails when
multiple roles are defined) it still does not address the real functional
need.

Is the solution to concatenate the COU name and affiliation in
eduPersonAffiliation? E.g., 'COU-1->member,COU-2->staff'

Or restructuring the mapping to LDAP (yikes!)?

Or?