grouper-dev - Re: [grouper-dev] RE: Different attribute that are the same for AD
Subject: Grouper Developers Forum
List archive
- From: Tom Zeller <>
- To: Gagné Sébastien <>
- Cc:
- Subject: Re: [grouper-dev] RE: Different attribute that are the same for AD
- Date: Wed, 6 Feb 2013 16:11:52 -0600
> Maybe I'm wrong about all this but I feel like replace should be the default
Oh, another reason I defaulted to add-then-delete rather than replace
is because, in my opinion, it makes auditing easier.
For example, for an ldap server with an audit log which produces ldif,
it is easier to see what was changed via add-then-delete than replace,
since replace "hides" the previous value in the audit log. You know,
if someone calls and says "hey I can no longer access X" and
authorization is based on an attribute value, it should be
straightforward to grep a log file for when the appropriate
authorization attribute value was deleted. This is obviously quite
subjective.
- [grouper-dev] RE: Different attribute that are the same for AD, Gagné Sébastien, 02/04/2013
- <Possible follow-up(s)>
- RE: [grouper-dev] RE: Different attribute that are the same for AD, Gagné Sébastien, 02/05/2013
- RE: [grouper-dev] RE: Different attribute that are the same for AD, Gagné Sébastien, 02/05/2013
- Re: [grouper-dev] RE: Different attribute that are the same for AD, Tom Zeller, 02/06/2013
- RE: [grouper-dev] RE: Different attribute that are the same for AD, Gagné Sébastien, 02/06/2013
- Re: [grouper-dev] RE: Different attribute that are the same for AD, Tom Zeller, 02/06/2013
- Re: [grouper-dev] RE: Different attribute that are the same for AD, Tom Zeller, 02/06/2013
- RE: [grouper-dev] RE: Different attribute that are the same for AD, Gagné Sébastien, 02/06/2013
- Re: [grouper-dev] RE: Different attribute that are the same for AD, Tom Zeller, 02/06/2013
Archive powered by MHonArc 2.6.16.