Grouper Users - Open Discussion List

[Tom Barton <>]

Well, it's a feature. :-)

At least it was deliberate. ePE has a value space that is designed to 
support multiple sources of authority. isMemberOf does not. So it's not 
clear how to define to a single ldappc instance what set of isMemberOf 
values it "owns" for the purpose of computing a logical diff, including 
deletes.

Michael R. Gettes wrote:
> I have LDAPPC managing the isMemberOf and eduPersonEntitlement values in
> for subjects in LDAP.  From my testing where I added
>
> isMemberOf: foo
> eduPersonEntitlement: bar
>
> to a subject's directory entry and then I run LDAPPC knowing that it
> will want to manage these attributes.  What I find is that 
> eduPersonEntitlement
> appears to properly manage based on value namespace - which is to say that
> "bar" as an EPE value was undisturbed and the other attributes were 
> properly
> managed (I deleted some to make sure LDAPPC would manage them).  However,
> for isMemberOf the "foo" value was removed and the other values properly
> managed.  I would have expected the group management portion of LDAPPC to
> behave similar to the signet portion and respect value namespaces.  If 
> LDAPPC
> could properly handle this situation then this would allow for a single
> directory object to be the recipient of attributes maintained by multiple
> LDAPPC (and in turn grouper/signet) instances.  This would be VERY cool 
> to have.
>
> So, the ultimate question is, bug or feature?
>
> /mrg