Grouper Users - Open Discussion List

["Tom Zeller" <>]

Sometimes fresh air is good for the mind - I was likely on the wrong track.

To provision a single group (or any number less than all, i.e.
incremental export), one would define group-queries elements in
ldappc.xml. However, ldappc will delete any groups not defined by
group-queries.

Perhaps a command line or xml option could be provided to disable the
deletion of undefined groups or stems.

Alternately, ldappc might be configured to provision a subset of
groups and their children - I imagine this would be more complicated
to implement.

TomZ

On Mon, Dec 8, 2008 at 11:19 AM, Tom Zeller 
<>
 wrote:
> On Mon, Dec 8, 2008 at 7:37 AM, Dr. Loris Bennett
> <>
>  wrote:
>>
>> The current version of LDAPPC does not perform an incremental export,
>> but rather deletes the existing groups and rewrites the group
>> information.
>
> Could you please provide more details for me regarding your
> "incremental export" scenario ?
>
> I think you are saying that when ldappc updates a group's memberships,
> that it first deletes the group. That would certainly be problematic
> for Active Directory permissions and SIDs. Am I understanding
> correctly ?
>
> Thank you,
> TomZ
>