Grouper Users - Open Discussion List

[Mark Cairney <>]

Of course I just realised I forgot to point out that I've made no
changes to the base behaviour in my grouper-loader.properties i.e. I'm
following this default behaviour.

On 08/12/14 11:24, Mark Cairney wrote:
> Further to my previous email I found the following entries in
> grouper.loader-base.properties:
> 
> ##################################
> ## Change log
> ##################################
> 
> # should the change log temp to change log daemon run?  Note, this
> should be true
> changeLog.changeLogTempToChangeLog.enable = true
> 
> #quartz cron-like schedule for change log temp to change log daemon, the
> default is 50 seconds after every minute: 50 * * * * ?
> #leave blank to disable this
> changeLog.changeLogTempToChangeLog.quartz.cron =
> 
> # Should the change log include flattened memberships?
> changeLog.includeFlattenedMemberships = true
> 
> # Should the change log include flattened privileges?
> changeLog.includeFlattenedPrivileges = true
> 
> # Should the change log include roles that have had permission changes?
> changeLog.includeRolesWithPermissionChanges = false
> 
> # Should the change log include non-flattened (immediate and composite
> only) memberships?
> changeLog.includeNonFlattenedMemberships = false
> 
> # Should the change log include non-flattened (immediate only) privileges?
> changeLog.includeNonFlattenedPrivileges = false
> 
> Reading the section of the docs on "Real-Time Provisioning Beta-Testing
> : Membership Structure" "everything" should include all users who are
> direct and indirect members of the group, along with the groups.
> 
> Having tried it again with another 2 groups things look a lot more
> sensible. I think I may have been a bit unfortunate with my choice of
> groups the first time round as it looks like they contain a lot of
> service accounts which don't exist on the test LDAP server.
> 
> Assuming there's no other config changes that control/ optimise this
> behaviour then I think this can be considered solved.
> 
> 
> On 01/12/14 14:00, Mark Cairney wrote:
>> Hi,
>>
>> I'm seeing a problem with our provisioning where an adhoc group whose
>> membership consists of other groups isn't getting the indirect members
>> added. In LDAP it looks like:
>>
>> dn: 
>> cn=penguin,ou=magic,ou=adhoc,ou=grouper2,dc=authorise-test,dc=ed,dc=ac,d
>>  c=uk
>> objectClass: groupOfNames
>> objectClass: posixGroup
>> objectClass: top
>> cn: penguin
>> gidNumber: 4188011206
>> member: 
>> cn=D355,ou=D355,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
>>  uthorise-test,dc=ed,dc=ac,dc=uk
>> member: 
>> cn=D783,ou=D783,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
>>  uthorise-test,dc=ed,dc=ac,dc=uk
>> member: 
>> cn=D890,ou=D890,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
>>  uthorise-test,dc=ed,dc=ac,dc=uk
>> member: 
>> cn=P5C,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=authorise-
>>  test,dc=ed,dc=ac,dc=uk
>> member: uid=user1,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=u
>>  k
>> member: uid=user2,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user3,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user4,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user5,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user6,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=u
>>  k
>> description: penguin
>>
>> Subsequently running a gsh.sh sync of the group added a few more users
>> but it's still a small subset of what should be there.
>>
>> Trawling through the documentation I can see mentions made to
>> "flattened" and "direct only" memberships in the training videos but I
>> can't see it mentioned in any of the PSP configuration documents or in
>> the psp-example configs. How can I ensure that Grouper expands indirect
>> memberships for all groups?
>>
>>
>>
> 

-- 
/****************************

Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email: 

PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Attachment: signature.asc
Description: OpenPGP digital signature