grouper-users - Re: [grouper-users] ldappc-ng and attribute authoritative for element object
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Scott Koranda <>
- Cc: "" <>
- Subject: Re: [grouper-users] ldappc-ng and attribute authoritative for element object
- Date: Wed, 6 Apr 2011 12:01:59 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=uLiZFYgvqPtMtxsivaVluVLB/ZmnrfXNm4sg5dr4795rcVAsq0ytRk4fA6pi3HGuxI 62IpXcWCRcj2xh49RprIO/ug3W+/AhHhwYnj36hhR49eLMdlo4BqXOOzpQjRbttPnc/d SykjlVG8pLh4Bk6/HdRECR+yxDHMRSYjc0Uzw=
> In ldappcng.xml an <object/> element can have an attribute
> named 'authoritative'. It is a boolean and the default is
> 'false'.
>
> What is the precise meaning/impact of the 'authoritative'
> attribute?
When processing a bulkdiff or bulksync operation, delete provisioned
objects which exist but should not. This is currently how a group is
deprovisioned after it is removed from grouper.
Given the following (default) configuration
<object id="group" authoritative="true">
<identifier ref="group-dn" baseId="ou=testgroups,${base}">
<identifyingAttribute name="objectClass" value="${groupObjectClass}" />
</identifier>
ldappcng will delete any object under the baseId that it does not provision.
Is that understandable ?
- [grouper-users] ldappc-ng and attribute authoritative for element object, Scott Koranda, 04/06/2011
- Re: [grouper-users] ldappc-ng and attribute authoritative for element object, Tom Zeller, 04/06/2011
- Re: [grouper-users] ldappc-ng and attribute authoritative for element object, Scott Koranda, 04/06/2011
- Re: [grouper-users] ldappc-ng and attribute authoritative for element object, Tom Zeller, 04/06/2011
Archive powered by MHonArc 2.6.16.