Grouper Developers Forum

[Tom Barton <>]

Owen Cliffe wrote:
> Tom Barton wrote:
> > If this behavior is changed, you'll need to find another way to delete
> > groups in LDAP that have been deleted from the grouper db.
> I'm not sure if that this is true, ldappc makes two deletions, first of
> all it deleted groups which do not match the objectClass of the
> provisioned groups, and then it deletes  all groups that do match the
> objectClass of the provisioned groups but which did not match the
> searched grouper groups.
>
> The first set of deleted groups would never have been provisioned by
> grouper anyway (barring configuration changes), and it was these that I
> suggesting don't need to be deleted.

I see. And rather than using the group objectclass to distinguish groups 
that "belong" to Ldappc, perhaps it could be useful to mark them in some 
other attribute (eduInternet2LdappcInstanceId maybe, especially 
recognizing that some sites wish to run multiple instances of Ldappc, 
each "owning" their own slice of the grouper db).

The down side is that if we do so (either use a custom attribute, or 
fail to "own" all groups in a given ou), Ldappc will be unable to 
provision standard group objectclasses. It would require a schema 
extension to the DSA.

Of course, you probably only get full value from Ldappc if the DSA's 
schema is extended, the way things are now.

Tom
begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technology
adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637
email;internet:
title:Sr. Director - Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard