grouper-users - Re: [grouper-users] failure scenario for older ldappc
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Scott Koranda <>
- Cc: "" <>, Stuart Anderson <>
- Subject: Re: [grouper-users] failure scenario for older ldappc
- Date: Thu, 24 Feb 2011 16:46:37 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=VDQM04FN5RdJ43zYxJfSj/83u2EbR+k3UiouRmeweh4vopvEB2rnZ695FtVWg3kpjA Hh69MrwONPjPlDo+u8ovFlViwA3K21rPYZgbWjQa+RrRAL/EymjZMsZ4KLvgkVmoC4tT zX5XGYoG0azFn66Vlq/OEZMkg/uKApvakkR3w=
I think this failure scenario is possible regardless of ldappc[ng] version.
Grouper would need to communicate that a Subject is unresolvable
because a Source is unavailable, temporarily or otherwise.
Perhaps this will make an interesting agenda item for a grouper-dev call.
Good catch, Scott.
TomZ
On Thu, Feb 24, 2011 at 3:56 PM, Scott Koranda
<>
wrote:
> Hi,
>
> Is this failure scenario possible for the ldappc distributed
> with Grouper 1.4.x?
>
> - a ldappc provisioning cycle begins
> - ldappc establishes a secure connection to the LDAP into
> which it will provision
> - ldappc begins calculating what needs to be provisioned or
> deprovisioned
> - the X.509 certificate for the LDAP server expires
> - Grouper API is unable to resolve subjects from the LDAP on
> behalf of ldappc because it cannot authenticate to the LDAP
> - ldappc is unable, through Grouper, to resolve subject
> information
> - ldappc devprovisions some group memberships in LDAP
>
> Is that failure scenario possible for ldappc-ng?
>
> Thanks,
>
> Scott
>
- [grouper-users] failure scenario for older ldappc, Scott Koranda, 02/24/2011
- Re: [grouper-users] failure scenario for older ldappc, Tom Zeller, 02/24/2011
Archive powered by MHonArc 2.6.16.