Grouper Users - Open Discussion List

[Gagné Sébastien <>]

Hi again,

We have a requirement here that Groups should have their sAMAccountName equal to their CN. LDAPPCNG was configured to provision the sAMAccountName attribute to Groups in our Active Directory using the Extension attribute. We are using a bushy DN structure so we cannot have stem1:stem2:GroupName as the CN or sAMAccountName.

 

This configuration causes problems because two groups can have the same extension (ID in the UI) if they are in different stems . In that case their name (ID Path in UI) will be different :

-          Name: stem1:groupABC, extension : groupABC

-          Name: stem2:groupABC, extiension: groupABC

 

When trying to provision something like that to AD grouper will receive an error code from AD (LDAP: error code 68, ENTRY_EXISTS) since both of them will have “sAMAccountName=groupABC” even if they are in different OUs. This is also a problem if a group has the same ID as an AD user (sAMAccountName is our Subject ID).

 

My question (or request) is : is it possible for Grouper to enforce an unique group extension throughout all of its stems and maybe even including the SubjectIDs ?

 

I’m glad we have naming conventions here, but you never know when someone might manually create a conflicting entry

 

Thank you

 

 

Sébastien Gagné,     | Analyste en informatique

514-343-6111 x33844  | Université de Montréal,

                     | Pavillon Roger-Gaudry, local X-100-11