Subject: Grouper Users - Open Discussion List
[grouper-users] ldappcng serious bug : -bulkSync and -lastModifyTime
- From: Tom Zeller <>
- To: Grouper Users Mailing List <>
- Subject: [grouper-users] ldappcng serious bug : -bulkSync and -lastModifyTime
- Date: Tue, 12 Oct 2010 09:39:41 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; b=vkFYxV2AmtkSGT6HyRLyG4Ou0K/iHjpWzrUd/l5r820rFADKBjxTgyXEOAIMQB12wd b5e91NnscA4lVI+SJetVuM2tMaKwiqFwd0o6dB84nAVOaiI8SiKH/Z0LPo3mhTJp6HOB 9+lp2ozS56BzpD99o2zK60pynGeZFGT9JAXQs=
There is a serious bug in ldappcng resulting in the incorrect deletion
of groups from provisioned targets when the -lastModifyTime option is
used for bulkSync operations.
One of the last parts of ldappcng I wrote before the 1.6.0 release to
be feature-comparable with ldappc was the -lastModifyTime command line
option, and I did not think it through nor test it thoroughly.
The fix should be easy enough, a line or two of code. I think I can
release a patch or a version of ldappcng, 126.96.36.199 or similar, without
having to go through a Grouper release process. I imagine we will
decide on our Grouper dev call tomorrow.
To those of you using ldappcng or thinking about using it, my
apologies. As they say, "my bad".
For those interested, the bulkDiff operation includes logic whereby it
searches a provisioned target for the identifiers of all provisioned
objects and then deletes provisioned object identifiers which do not
have a corresponding source identifier. The -lastModifyTime option
filters source identifiers which were not modified after the given
lastModifyTime, resulting in their deletion from provisioned targets.
Thanks, Shilen, for pointing this out.
- [grouper-users] ldappcng serious bug : -bulkSync and -lastModifyTime, Tom Zeller, 10/12/2010
Archive powered by MHonArc 2.6.16.