Grouper Users - Open Discussion List

[Kathryn Huxtable <>]

I'd actually talked with Michael Gettes about doing something like this last fall and then forgot. -K

On Jun 10, 2008, at 11:48 AM, Kathryn Huxtable wrote:

Well, then, I'll add a regex for the next version. -K

On Jun 10, 2008, at 8:57 AM, Tom Zeller wrote:

On Mon, Jun 9, 2008 at 4:01 PM, Tom Barton <> wrote:

Kathryn Huxtable wrote:

When I was at KU, we used a different provisioning mechanism, which allowed us to specify a string prefix for provisioning. Our provisioning would only manage values in the attribute beginning with that prefix, leaving other values alone. This enabled us to have multiple provisioning mechanisms provisioning into ePentitlement.

Maybe something like this would be useful in ldappc...

Yes, or a regex identifying the value space that ldappc "owns".

Tom

I've been looking at using ldappc and (coincidentally) just yesterday came across this same exception regarding adding an already existing objectclass to a Fedora/Red Hat directory server entry. In our home-grown provisioning software, we used 'managed values' which were evaluated as a regex, similar to TomB's suggestion. 

<ProvisionedAttribute id="objectClass" ...

 <ManagedValue>top</ManagedValue>

 <ManagedValue>person</ManagedValue>

 <ManagedValue>organizationalPerson</ManagedValue>

 <ManagedValue>user</ManagedValue>

 ...

TomZ