Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Provisioning empty groups with PSP 2.1.5

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Provisioning empty groups with PSP 2.1.5


Chronological Thread 
  • From: "Waldbieser, Carl" <>
  • To: Jutta Biernath <>
  • Cc:
  • Subject: Re: [grouper-users] Provisioning empty groups with PSP 2.1.5
  • Date: Tue, 20 Jan 2015 09:24:32 -0500 (EST)

Jutta,

Could you put an LDAP proxy in front of that particular directory that
inserts a "dummy" member into the groupOfNames search result?

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

----- Original Message -----
From: "Jutta Biernath"
<>
To:

Sent: Tuesday, January 20, 2015 3:52:35 AM
Subject: [grouper-users] Provisioning empty groups with PSP 2.1.5

Hi,

we use Grouper 2.1.5 and everything works well. There is just one problem
left I cannot get fixed.

We provision several LDAP directories, and for one of them we don't have to
rights to create oder delete groups. We just can update the memberships. This
will also stay like that, there won't be any change. This means it can also
be that some of these groups are empty. If that happens PSP causes an
exception ("LDAP: error code 65 - object class 'groupOfNames' requires
attribute 'member'") and the members that populated the group before stay
there.

I have understood that the default usage of grouper is not to provision any
empty groups at all, but for us that is no option.

We have used Grouper 1.4 before. In that version it was possible to use the
list-empty-value option in the group-members-dn-list-Tag in ldappc.xml. In
this former configuration we could use a default dummy user named "empty" to
populate empty groups. But ldappc was replaced by the PSP with a completely
new functionality and I could not find a solution for the PSP yet. Browsing
the archive of this list didn't help.

I think I must edit psp-resolver.xml anyhow. Can you help me?


Regards,

Jutta Biernath


--------------------
Jutta Biernath
Freie Universität Berlin
Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Identity & Customer Management, FUDIS
Fabeckstr. 32
14195 Berlin
Tel. +49 30 838-75090
Fax +49 30 838-475090




Archive powered by MHonArc 2.6.16.

Top of Page