Grouper Developers Forum

[Chris Hyzer <>]

The loader needs to be configured to load the system of record group, not the overall, right?

 

Thanks,

Chris

 

 

From: Gagné Sébastien [mailto:]
Sent: Thursday, June 21, 2012 2:19 PM
To: Chris Hyzer;
Subject: RE: LDAP Loader with Composite Group

 

This happened with the Overall group.

 

I have : Composite = Part1 UNION Part2

 

The PSP sent the Composite to AD with members = member of part 1 UNION member of part2

 

The problem is when the LDAP Loader runs for AD, it tries to add the members of Part1 and Part2 back into the Composite.

 

We might not use this method, but I was testing some alternative and checking what is possible or not.

 

De : Chris Hyzer []
Envoyé : 21 juin 2012 14:11
À : Gagné Sébastien;
Objet : RE: LDAP Loader with Composite Group

 

Was the loader group on the overall group or the system of record group?

Btw, we are talking about UNION composite since the PSP will provision better than the overall group having as members the system of record (loader) group and the includes group.  If that wasn’t the case this has more overhead than just having members.

 

Anyways, if the loader is loading the system of record group then it should be fine since it is just a normal group.

 

Thanks,

Chris

 

From: On Behalf Of Gagné Sébastien
Sent: Thursday, June 21, 2012 1:46 PM
To:
Subject: [grouper-dev] LDAP Loader with Composite Group

 

I’m testing the LDAP with Composite Groups and found something that might be a problem

 

I made a Union Composite Group called udem:CompositeInclude2; It has 4 indirect/effective members as a result of the Union of two groups.

 

The PSP was able to provision the group with the effective memberships, meaning that the AD group has the 4 subject as member, not the 2 composite group. This is what I expected and wanted.

 

The problem come when I turn the LDAP Loader On, I get 4 hibernate exceptions (1 for each member) : http://tinypaste.com/a6c4a9fb

 

It seems the Loader doesn’t properly manage composite groups, maybe it tries to Add a member when it’s not allowed to on this type of object. Is that kind of use case supported with grouper ? What should happen if a member is removed from AD ? Should the component of the composite be modified the reflect the change (i.e. remove the member from the group) ? Delete might be doable, but how would you manage a “add member” for a Union composite ?

 

Deleting the Composite in Grouper resulted in the loader creating a normal group based on the members in the Active Directory.

 

 

Sébastien Gagné,     | Analyste en informatique

514-343-6111 x33844  | Université de Montréal,

                     | Pavillon Roger-Gaudry, local X-100-11