Subject: Grouper Users - Open Discussion List
- From: Scott Koranda <>
- To: grouper-users <>
- Subject: [grouper-users] ldappc-ng synchronization
- Date: Tue, 28 Feb 2012 12:54:20 -0600
- Authentication-results: mr.google.com; spf=pass (google.com: domain of designates 10.42.150.200 as permitted sender) ; dkim=pass
Suppose an identifier is removed from all groups in Grouper.
Now suppose that as ldappcng is running a bulkSync operation
the LDAP entry for the group is updated and the hasMember and
member attributes are both correctly updated for the DN that
represents that group, so that the identitifer is not a member
of the group.
But suppose that as ldappcng attempts to synchronize the entry
for the identifier and edit the isMemberOf attribute there is
a failure (say LDAP falls over).
At this point the state of Grouper and the DN for the
identifier in ldap are not synchronized. Grouper says the
identifier is not a member of any groups but the identifier's
entry in LDAP has isMemberOf entries that claim the identifier
is a member of some groups.
Since that identifier is no longer a member of any group in
Grouper will ldappcng during the next bulkSync (assuming LDAP
is back up) make any attempt to synchronize the identifier's
Is there a difference in the behavior for 1.6.x and 2.0.x and
- [grouper-users] ldappc-ng synchronization, Scott Koranda, 02/28/2012
Archive powered by MHonArc 2.6.16.