Grouper Developers Forum

[Per-Olof Andersson <>]

Hello,

I am trying to provision Grouper groups to the Active Directory at my organization. I now have a working configuration for this with psp. Now I am trying to set the groupType attribute in AD. I am using the Grouper attribute framework to set this value in Grouper and try to propagate it to Active Directory through my psp configuration. It amost works..

The problem is that upon changes to this attribute, the psp wants to do a remove of groupType with the old value and an add with the new value. See this log snippet:

2015-08-07 13:58:34,966 DEBUG ldap.LdapSpmlTarget:  Target 'activeDirectory' - Modifications '[Add attribute: groupType: -2147483646, Remove attribute: groupType: 4]’

The AD server answers  “WILL_NOT_PERFORM” to this operation. I think because groupType is a mandatory attribute. Instead of add and remove I would like the psp to perform a replace. How do I configure that?

Regards,

Pelle Andersson