grouper-dev - Re: [grouper-dev] another psp 2.1.2 release candidate
Subject: Grouper Developers Forum
List archive
- From: Tom Zeller <>
- To: Gagné Sébastien <>
- Cc:
- Subject: Re: [grouper-dev] another psp 2.1.2 release candidate
- Date: Thu, 30 Aug 2012 11:47:38 -0500
And do a bulkDiff before a bulkSync to verify it is doing the right thing.
On Thu, Aug 30, 2012 at 8:29 AM, Gagné Sébastien
<>
wrote:
> It might be a good idea to add comment where the "Base Stem" are defined to
> be sure to match the case of the directory
>
> e.g. writing it all in lowercase(dc=domain, dc=ca) when AD will use
> "DC=domain, DC=ca" , I did this mistake at the beginning
>
>
> -----Message d'origine-----
> De :
>
>
> [mailto:]
> De la part de Tom Zeller
> Envoyé : 29 août 2012 16:37
> À :
>
> Objet : [grouper-dev] another psp 2.1.2 release candidate
>
> Another psp 2.1.2 release candidate is now available.
>
> http://www.internet2.edu/grouper/release/2.1.2/
>
> A pretty horrible bug was introduced in 2.1.1 which catastrophically
> deletes all provisioned objects when provisioning Active Directory.
> Hence, I disabled downloads of 2.1.1.
>
> The psp considers identifiers to be case sensitive, and defaults to
> lowercase rdn attribute types, for example
>
> dc=example,dc=edu
>
> while Active Directory returns uppercase rdn attribute types, for example
>
> DC=example,DC=edu
>
> The difference between uppercase and lowercase rdn attribute types resulted
> in the psp incorrectly deleting provisioned objects.
>
> When provisioning Active Directory, care should be taken to make sure that
> ldap dns are calculated with uppercase rdn attribute types. Prior to
> version 2.1.2, rdn attribute types were not configurable when calculating
> ldap dns from grouper names. This 2.1.2 release candidate allows rdn
> attribute types to be configured, for example
>
> <resolver:AttributeDefinition
> id="groupDn"
> xsi:type="psp-grouper-ldap:LdapDnFromGrouperNamePSOIdentifier"
> rdnAttributeName="CN"
> stemRdnAttributeName="OU"
> ... />
>
> At first I thought that comparing identifiers case-insensitively was the
> right thing to do, but the openspml library uses string equals() to compare
> identifiers, and I decided this would be messy to override.
> So for now, identifiers are case sensitive.
>
> Changes made in version 2.1.1 to improve performance exposed this issue. I
> hurried 2.1.1 without adequate testing. It took a while to acquire another
> Active Directory test environment, mostly because of my schedule.
>
> Thanks for your patience,
> and apologies for the inconvenience,
> TomZ
- [grouper-dev] another psp 2.1.2 release candidate, Tom Zeller, 08/29/2012
- Re: [grouper-dev] another psp 2.1.2 release candidate, Tom Barton, 08/29/2012
- RE: [grouper-dev] another psp 2.1.2 release candidate, Gagné Sébastien, 08/30/2012
- RE: [grouper-dev] another psp 2.1.2 release candidate, Tom Barton, 08/30/2012
- RE: [grouper-dev] another psp 2.1.2 release candidate, Gagné Sébastien, 08/30/2012
- RE: [grouper-dev] another psp 2.1.2 release candidate, Gagné Sébastien, 08/30/2012
- Re: [grouper-dev] another psp 2.1.2 release candidate, Tom Zeller, 08/30/2012
- Re: [grouper-dev] another psp 2.1.2 release candidate, Tom Barton, 08/29/2012
Archive powered by MHonArc 2.6.16.