Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAPPC bug?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAPPC bug?


Chronological Thread 
  • From: Tom Barton <>
  • To: "Michael R. Gettes" <>
  • Cc: Grouper-Users <>
  • Subject: Re: [grouper-users] LDAPPC bug?
  • Date: Mon, 04 Jun 2007 12:22:11 -0500

Well, it's a feature. :-)

At least it was deliberate. ePE has a value space that is designed to support multiple sources of authority. isMemberOf does not. So it's not clear how to define to a single ldappc instance what set of isMemberOf values it "owns" for the purpose of computing a logical diff, including deletes.

Michael R. Gettes wrote:
I have LDAPPC managing the isMemberOf and eduPersonEntitlement values in
for subjects in LDAP. From my testing where I added

isMemberOf: foo
eduPersonEntitlement: bar

to a subject's directory entry and then I run LDAPPC knowing that it
will want to manage these attributes. What I find is that eduPersonEntitlement
appears to properly manage based on value namespace - which is to say that
"bar" as an EPE value was undisturbed and the other attributes were properly
managed (I deleted some to make sure LDAPPC would manage them). However,
for isMemberOf the "foo" value was removed and the other values properly
managed. I would have expected the group management portion of LDAPPC to
behave similar to the signet portion and respect value namespaces. If LDAPPC
could properly handle this situation then this would allow for a single
directory object to be the recipient of attributes maintained by multiple
LDAPPC (and in turn grouper/signet) instances. This would be VERY cool to have.

So, the ultimate question is, bug or feature?

/mrg


  • LDAPPC bug?, Michael R. Gettes, 06/04/2007
    • Re: [grouper-users] LDAPPC bug?, Tom Barton, 06/04/2007

Archive powered by MHonArc 2.6.16.

Top of Page