Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] ldappc-ng and attribute authoritative for element object

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] ldappc-ng and attribute authoritative for element object


Chronological Thread 
  • From: Tom Zeller <>
  • To: Scott Koranda <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] ldappc-ng and attribute authoritative for element object
  • Date: Wed, 6 Apr 2011 12:01:59 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=uLiZFYgvqPtMtxsivaVluVLB/ZmnrfXNm4sg5dr4795rcVAsq0ytRk4fA6pi3HGuxI 62IpXcWCRcj2xh49RprIO/ug3W+/AhHhwYnj36hhR49eLMdlo4BqXOOzpQjRbttPnc/d SykjlVG8pLh4Bk6/HdRECR+yxDHMRSYjc0Uzw=

> In ldappcng.xml an <object/> element can have an attribute
> named 'authoritative'. It is a boolean and the default is
> 'false'.
>
> What is the precise meaning/impact of the 'authoritative'
> attribute?

When processing a bulkdiff or bulksync operation, delete provisioned
objects which exist but should not. This is currently how a group is
deprovisioned after it is removed from grouper.

Given the following (default) configuration

<object id="group" authoritative="true">
<identifier ref="group-dn" baseId="ou=testgroups,${base}">
<identifyingAttribute name="objectClass" value="${groupObjectClass}" />
</identifier>

ldappcng will delete any object under the baseId that it does not provision.

Is that understandable ?



Archive powered by MHonArc 2.6.16.

Top of Page