Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Group management within a COU

Subject: COmanage Users List

List archive

Re: [comanage-users] Group management within a COU

Chronological Thread 
  • From: Scott Koranda <>
  • To: Duncan Brown <>
  • Cc: "" <>
  • Subject: Re: [comanage-users] Group management within a COU
  • Date: Thu, 21 Apr 2022 14:48:43 -0500
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kOtVGKP1HPOTbwYRutUOS7mvcU4XE0O+IWHBQnawX1I=; b=bw8pEwp77MLfDMY/iUnc8TGF30BHWKvJzBi2QZQIytOzMtTsVQ75DAI5LF2BE9AD0lgQWnWNkU9kh0yuhREO6jmSR0UNWRGVs7tSLCS93cvKmBxJFGKwi/+F8ugYf1PWnVqj829NNEtctFCOUt0GzbddcwVzKBT20B3i44HToaHdGLErhopRFQSU0uuP9QiTuQr4U+zEmVkqeZFmG4BHuaNj8XDnLkvusMsS6gUioRIemTe826DlDPlN2heQ/4w5lAriCJZsza410CKq4a/JnS1gIAMvLNfqMwZQkQvZn6ACkc4crHBciQNk1CFbU4WTRoZNY1adprMLKYPJYqvu3g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=PIb6LEbkAoAmyyzQ0QUrHBBUwrkeWGZInQphze7laR69ikbxYd32ix0jmFMgGhpfR7WyZc/hxYRob33YtpoYjUdlPEhRyD2BzZxkceG3qrHYn3xJdQkeqcFScoEo6EzwTMuPhf19qmgcwB/VbMlKpwEtcMDP1aFSPk3d9WpS4BIfYV03beYjW9ZX00QyjaKTasFijE9t49lflUR7AU2g6QNCAxhMf3ZPzaxSNlG3Pjsue2IemvZLhZYQe2qxIsSwv/II3Xp9LkE8+2xL0o2tjDYBxl9CsHIzrAm+mO+gurxqsq4QAiL7sP8vBZKKZgCA8ArDvminn8ljtP92ozZo1w==

Hi Duncan,

Comments inline below.

> Is it possible to restrict the ability to add and remove group to a
> specific COU,


> or is an open group open to everyone in the CO?

Yes. Any CO Person can add themselves to an open CO Group.

> If the answer is "no," is there an easy way to add people from one CO
> to a new CO without everyone having to go through the enrollment flow
> again?

Easy? No.

I have a design for an Organizational Identity Source (OIS) plugin that
would use one CO as the source of organizationial identities for another
CO, but it is only in the design phase and will not help you any time

In the meantime, I suspect you are provisioning your first/source CO
into LDAP.

You might then consider using those LDAP records with the LDAP Source

with the second CO. There is a Search Filter configuration that should
allow you to "cherry pick" the records you want in the second CO.



> Cheers, Duncan.
> --
> Duncan Brown Room 263-1, Physics
> Department Charles Brightman Professor of Physics Syracuse
> University, NY 13244
> (+1) 315 443 5993

Archive powered by MHonArc 2.6.24.

Top of Page