Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Group created by changelog only getting direct members

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Group created by changelog only getting direct members


Chronological Thread 
  • From: Mark Cairney <>
  • To:
  • Subject: Re: [grouper-users] Group created by changelog only getting direct members
  • Date: Mon, 08 Dec 2014 11:24:46 +0000

Further to my previous email I found the following entries in
grouper.loader-base.properties:

##################################
## Change log
##################################

# should the change log temp to change log daemon run? Note, this
should be true
changeLog.changeLogTempToChangeLog.enable = true

#quartz cron-like schedule for change log temp to change log daemon, the
default is 50 seconds after every minute: 50 * * * * ?
#leave blank to disable this
changeLog.changeLogTempToChangeLog.quartz.cron =

# Should the change log include flattened memberships?
changeLog.includeFlattenedMemberships = true

# Should the change log include flattened privileges?
changeLog.includeFlattenedPrivileges = true

# Should the change log include roles that have had permission changes?
changeLog.includeRolesWithPermissionChanges = false

# Should the change log include non-flattened (immediate and composite
only) memberships?
changeLog.includeNonFlattenedMemberships = false

# Should the change log include non-flattened (immediate only) privileges?
changeLog.includeNonFlattenedPrivileges = false

Reading the section of the docs on "Real-Time Provisioning Beta-Testing
: Membership Structure" "everything" should include all users who are
direct and indirect members of the group, along with the groups.

Having tried it again with another 2 groups things look a lot more
sensible. I think I may have been a bit unfortunate with my choice of
groups the first time round as it looks like they contain a lot of
service accounts which don't exist on the test LDAP server.

Assuming there's no other config changes that control/ optimise this
behaviour then I think this can be considered solved.


On 01/12/14 14:00, Mark Cairney wrote:
> Hi,
>
> I'm seeing a problem with our provisioning where an adhoc group whose
> membership consists of other groups isn't getting the indirect members
> added. In LDAP it looks like:
>
> dn: cn=penguin,ou=magic,ou=adhoc,ou=grouper2,dc=authorise-test,dc=ed,dc=ac,d
> c=uk
> objectClass: groupOfNames
> objectClass: posixGroup
> objectClass: top
> cn: penguin
> gidNumber: 4188011206
> member: cn=D355,ou=D355,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
> uthorise-test,dc=ed,dc=ac,dc=uk
> member: cn=D783,ou=D783,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
> uthorise-test,dc=ed,dc=ac,dc=uk
> member: cn=D890,ou=D890,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
> uthorise-test,dc=ed,dc=ac,dc=uk
> member: cn=P5C,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=authorise-
> test,dc=ed,dc=ac,dc=uk
> member: uid=user1,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=u
> k
> member: uid=user2,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
> member: uid=user3,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
> member: uid=user4,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
> member: uid=user5,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
> member: uid=user6,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=u
> k
> description: penguin
>
> Subsequently running a gsh.sh sync of the group added a few more users
> but it's still a small subset of what should be there.
>
> Trawling through the documentation I can see mentions made to
> "flattened" and "direct only" memberships in the training videos but I
> can't see it mentioned in any of the PSP configuration documents or in
> the psp-example configs. How can I ensure that Grouper expands indirect
> memberships for all groups?
>
>
>

--
/****************************

Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email:

PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.16.

Top of Page