grouper-users - Re: [grouper-users] Group created by changelog only getting direct members
Subject: Grouper Users - Open Discussion List
List archive
- From: Mark Cairney <>
- To:
- Subject: Re: [grouper-users] Group created by changelog only getting direct members
- Date: Mon, 08 Dec 2014 11:42:53 +0000
Of course I just realised I forgot to point out that I've made no
changes to the base behaviour in my grouper-loader.properties i.e. I'm
following this default behaviour.
On 08/12/14 11:24, Mark Cairney wrote:
> Further to my previous email I found the following entries in
> grouper.loader-base.properties:
>
> ##################################
> ## Change log
> ##################################
>
> # should the change log temp to change log daemon run? Note, this
> should be true
> changeLog.changeLogTempToChangeLog.enable = true
>
> #quartz cron-like schedule for change log temp to change log daemon, the
> default is 50 seconds after every minute: 50 * * * * ?
> #leave blank to disable this
> changeLog.changeLogTempToChangeLog.quartz.cron =
>
> # Should the change log include flattened memberships?
> changeLog.includeFlattenedMemberships = true
>
> # Should the change log include flattened privileges?
> changeLog.includeFlattenedPrivileges = true
>
> # Should the change log include roles that have had permission changes?
> changeLog.includeRolesWithPermissionChanges = false
>
> # Should the change log include non-flattened (immediate and composite
> only) memberships?
> changeLog.includeNonFlattenedMemberships = false
>
> # Should the change log include non-flattened (immediate only) privileges?
> changeLog.includeNonFlattenedPrivileges = false
>
> Reading the section of the docs on "Real-Time Provisioning Beta-Testing
> : Membership Structure" "everything" should include all users who are
> direct and indirect members of the group, along with the groups.
>
> Having tried it again with another 2 groups things look a lot more
> sensible. I think I may have been a bit unfortunate with my choice of
> groups the first time round as it looks like they contain a lot of
> service accounts which don't exist on the test LDAP server.
>
> Assuming there's no other config changes that control/ optimise this
> behaviour then I think this can be considered solved.
>
>
> On 01/12/14 14:00, Mark Cairney wrote:
>> Hi,
>>
>> I'm seeing a problem with our provisioning where an adhoc group whose
>> membership consists of other groups isn't getting the indirect members
>> added. In LDAP it looks like:
>>
>> dn:
>> cn=penguin,ou=magic,ou=adhoc,ou=grouper2,dc=authorise-test,dc=ed,dc=ac,d
>> c=uk
>> objectClass: groupOfNames
>> objectClass: posixGroup
>> objectClass: top
>> cn: penguin
>> gidNumber: 4188011206
>> member:
>> cn=D355,ou=D355,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
>> uthorise-test,dc=ed,dc=ac,dc=uk
>> member:
>> cn=D783,ou=D783,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
>> uthorise-test,dc=ed,dc=ac,dc=uk
>> member:
>> cn=D890,ou=D890,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=a
>> uthorise-test,dc=ed,dc=ac,dc=uk
>> member:
>> cn=P5C,ou=P5C,ou=ISG3,ou=ISG,ou=UOE,ou=org,ou=grouper2,dc=authorise-
>> test,dc=ed,dc=ac,dc=uk
>> member: uid=user1,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=u
>> k
>> member: uid=user2,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user3,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user4,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user5,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=uk
>> member: uid=user6,ou=people,ou=central,dc=authorise-test,dc=ed,dc=ac,dc=u
>> k
>> description: penguin
>>
>> Subsequently running a gsh.sh sync of the group added a few more users
>> but it's still a small subset of what should be there.
>>
>> Trawling through the documentation I can see mentions made to
>> "flattened" and "direct only" memberships in the training videos but I
>> can't see it mentioned in any of the PSP configuration documents or in
>> the psp-example configs. How can I ensure that Grouper expands indirect
>> memberships for all groups?
>>
>>
>>
>
--
/****************************
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email:
PGP: 0x435A9621
*******************************/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
Attachment:
signature.asc
Description: OpenPGP digital signature
- [grouper-users] Group created by changelog only getting direct members, Mark Cairney, 12/01/2014
- Re: [grouper-users] Group created by changelog only getting direct members, Mark Cairney, 12/08/2014
- Re: [grouper-users] Group created by changelog only getting direct members, Mark Cairney, 12/08/2014
- Re: [grouper-users] Group created by changelog only getting direct members, Mark Cairney, 12/08/2014
Archive powered by MHonArc 2.6.16.