Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] failure scenario for older ldappc

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] failure scenario for older ldappc

Chronological Thread 
  • From: Tom Zeller <>
  • To: Scott Koranda <>
  • Cc: "" <>, Stuart Anderson <>
  • Subject: Re: [grouper-users] failure scenario for older ldappc
  • Date: Thu, 24 Feb 2011 16:46:37 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=VDQM04FN5RdJ43zYxJfSj/83u2EbR+k3UiouRmeweh4vopvEB2rnZ695FtVWg3kpjA Hh69MrwONPjPlDo+u8ovFlViwA3K21rPYZgbWjQa+RrRAL/EymjZMsZ4KLvgkVmoC4tT zX5XGYoG0azFn66Vlq/OEZMkg/uKApvakkR3w=

I think this failure scenario is possible regardless of ldappc[ng] version.

Grouper would need to communicate that a Subject is unresolvable
because a Source is unavailable, temporarily or otherwise.

Perhaps this will make an interesting agenda item for a grouper-dev call.

Good catch, Scott.


On Thu, Feb 24, 2011 at 3:56 PM, Scott Koranda
> Hi,
> Is this failure scenario possible for the ldappc distributed
> with Grouper 1.4.x?
> - a ldappc provisioning cycle begins
> - ldappc establishes a secure connection to the LDAP into
>  which it will provision
> - ldappc begins calculating what needs to be provisioned or
>  deprovisioned
> - the X.509 certificate for the LDAP server expires
> - Grouper API is unable to resolve subjects from the LDAP on
>  behalf of ldappc because it cannot authenticate to the LDAP
> - ldappc is unable, through Grouper, to resolve subject
>  information
> - ldappc devprovisions some group memberships in LDAP
> Is that failure scenario possible for ldappc-ng?
> Thanks,
> Scott

Archive powered by MHonArc 2.6.16.

Top of Page