Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] LDAP provisioner attributes

Subject: COmanage Users List

List archive

Re: [comanage-users] LDAP provisioner attributes

Chronological Thread 
  • From: Benn Oshrin <>
  • To: "Kevin M. Hildebrand" <>
  • Cc:
  • Subject: Re: [comanage-users] LDAP provisioner attributes
  • Date: Fri, 22 Mar 2019 16:38:35 -0700

Have you reviewed "Unconfigured Attribute Mode"?

Semi-relatedly, changes to LDAP schemas are tricky. The plugin doesn't really have an easy way to know what version of a schema you have in place (trying to query it from the server configuration isn't the easiest), so we basically assume you always have the latest version of the schema in place.



On 3/22/19 9:28 AM, Kevin M. Hildebrand wrote:
I just upgraded to 3.2.1 and was enabling the voPerson LDAP attributes when I noticed what appears to be a bug.
At the moment, the only voPerson attribute I have checked is voPersonId.
However, when the provisioner sends the LDAP modify operation to the LDAP server, it's sending ALL of the voPerson attributes.  I only noticed this because I have an older voPerson schema that doesn't have the voPersonAffiliation attribute defined, so the modify failed.
(This LDAP modify operation is being generated by a manual reprovision of a user, if it matters.)
Why is COmanage sending LDAP attributes that aren't checked?  Is this the desired behavior?  I can obviously update my schema, but thought this might be worthy of mention.
I also verified that this isn't unique to voPerson- there are other objectClass attributes that aren't checked that are also being sent as part of the LDAP modify operation.


Kevin Hildebrand
University of Maryland
Division of IT

Archive powered by MHonArc 2.6.19.

Top of Page