Grouper Users - Open Discussion List

[Tom Zeller <>]

> Since that identifier is no longer a member of any group in
> Grouper will ldappcng during the next bulkSync (assuming LDAP
> is back up) make any attempt to synchronize the identifier's
> isMemberOf attribute?
>
> Is there a difference in the behavior for 1.6.x and 2.0.x and
> 2.1.x?

Not cleaning up member data completely after removal from all groups
should be considered a bug, which is fixed in 2.1.x.

As of 2.1.x, the identifiers synchronized during bulk operations are
determined by attributes returned from the attribute resolver. This
exposes what was once hidden (due to time and thought constraints) and
allows for customization.

So, a "member" is defined by something like :

 <pso
    id="member"
    allSourceIdentifiersRef="memberSubjectIds">

and the attribute whose values are all source identifiers looks like :

  <!-- Returns a single "memberSubjectIds" attribute whose values are
the subject ids of all members matching the filter. -->
  <resolver:DataConnector
    id="AllMemberSubjectIdsConnector"
    xsi:type="psp-grouper-source:AllMemberSubjectIdsDataConnector">
    <grouper:Filter
      xsi:type="grouper:MemberSource"
      sourceId="ldap" />
  </resolver:DataConnector>

  <!-- The subject ids of all members matching the data connector filter. -->
  <resolver:AttributeDefinition
    id="memberSubjectIds"
    xsi:type="ad:Simple">
    <resolver:Dependency ref="AllMemberSubjectIdsConnector" />
  </resolver:AttributeDefinition>

TomZ