grouper-users - [grouper-users] ldappcng serious bug : -bulkSync and -lastModifyTime
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Grouper Users Mailing List <>
- Subject: [grouper-users] ldappcng serious bug : -bulkSync and -lastModifyTime
- Date: Tue, 12 Oct 2010 09:39:41 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; b=vkFYxV2AmtkSGT6HyRLyG4Ou0K/iHjpWzrUd/l5r820rFADKBjxTgyXEOAIMQB12wd b5e91NnscA4lVI+SJetVuM2tMaKwiqFwd0o6dB84nAVOaiI8SiKH/Z0LPo3mhTJp6HOB 9+lp2ozS56BzpD99o2zK60pynGeZFGT9JAXQs=
There is a serious bug in ldappcng resulting in the incorrect deletion
of groups from provisioned targets when the -lastModifyTime option is
used for bulkSync operations.
https://bugs.internet2.edu/jira/browse/GRP-499
One of the last parts of ldappcng I wrote before the 1.6.0 release to
be feature-comparable with ldappc was the -lastModifyTime command line
option, and I did not think it through nor test it thoroughly.
The fix should be easy enough, a line or two of code. I think I can
release a patch or a version of ldappcng, 1.6.1.1 or similar, without
having to go through a Grouper release process. I imagine we will
decide on our Grouper dev call tomorrow.
To those of you using ldappcng or thinking about using it, my
apologies. As they say, "my bad".
For those interested, the bulkDiff operation includes logic whereby it
searches a provisioned target for the identifiers of all provisioned
objects and then deletes provisioned object identifiers which do not
have a corresponding source identifier. The -lastModifyTime option
filters source identifiers which were not modified after the given
lastModifyTime, resulting in their deletion from provisioned targets.
Thanks, Shilen, for pointing this out.
TomZ
- [grouper-users] ldappcng serious bug : -bulkSync and -lastModifyTime, Tom Zeller, 10/12/2010
Archive powered by MHonArc 2.6.16.