Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] ldappc-ng synchronization

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] ldappc-ng synchronization

Chronological Thread 
  • From: Tom Zeller <>
  • To: Scott Koranda <>
  • Cc: grouper-users <>
  • Subject: Re: [grouper-users] ldappc-ng synchronization
  • Date: Tue, 28 Feb 2012 13:24:36 -0600
  • Authentication-results:; spf=pass ( domain of designates as permitted sender) ; dkim=pass

> Since that identifier is no longer a member of any group in
> Grouper will ldappcng during the next bulkSync (assuming LDAP
> is back up) make any attempt to synchronize the identifier's
> isMemberOf attribute?
> Is there a difference in the behavior for 1.6.x and 2.0.x and
> 2.1.x?

Not cleaning up member data completely after removal from all groups
should be considered a bug, which is fixed in 2.1.x.

As of 2.1.x, the identifiers synchronized during bulk operations are
determined by attributes returned from the attribute resolver. This
exposes what was once hidden (due to time and thought constraints) and
allows for customization.

So, a "member" is defined by something like :


and the attribute whose values are all source identifiers looks like :

<!-- Returns a single "memberSubjectIds" attribute whose values are
the subject ids of all members matching the filter. -->
sourceId="ldap" />

<!-- The subject ids of all members matching the data connector filter. -->
<resolver:Dependency ref="AllMemberSubjectIdsConnector" />


Archive powered by MHonArc 2.6.16.

Top of Page