COmanage Users List

[Benn Oshrin <>]

Have you reviewed "Unconfigured Attribute Mode"?

 https://spaces.at.internet2.edu/display/COmanage/LDAP+Provisioning+Plugin

Semi-relatedly, changes to LDAP schemas are tricky. The plugin doesn't 
really have an easy way to know what version of a schema you have in 
place (trying to query it from the server configuration isn't the 
easiest), so we basically assume you always have the latest version of 
the schema in place.

Thanks,

-Benn-

On 3/22/19 9:28 AM, Kevin M. Hildebrand wrote:
> I just upgraded to 3.2.1 and was enabling the voPerson LDAP attributes 
> when I noticed what appears to be a bug.
> At the moment, the only voPerson attribute I have checked is voPersonId.
> However, when the provisioner sends the LDAP modify operation to the 
> LDAP server, it's sending ALL of the voPerson attributes.  I only 
> noticed this because I have an older voPerson schema that doesn't have 
> the voPersonAffiliation attribute defined, so the modify failed.
> (This LDAP modify operation is being generated by a manual reprovision 
> of a user, if it matters.)
> Why is COmanage sending LDAP attributes that aren't checked?  Is this 
> the desired behavior?  I can obviously update my schema, but thought 
> this might be worthy of mention.
> I also verified that this isn't unique to voPerson- there are other 
> objectClass attributes that aren't checked that are also being sent as 
> part of the LDAP modify operation.
>
> Thanks,
> Kevin
>
> --
> Kevin Hildebrand
> University of Maryland
> Division of IT