Grouper Users - Open Discussion List

["Waldbieser, Carl" <>]

Jutta,

Could you put an LDAP proxy in front of that particular directory that 
inserts a "dummy" member into the groupOfNames search result?

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

----- Original Message -----
From: "Jutta Biernath" 
<>
To: 

Sent: Tuesday, January 20, 2015 3:52:35 AM
Subject: [grouper-users] Provisioning empty groups with PSP 2.1.5

Hi,

we use Grouper 2.1.5 and everything works well. There is just one problem 
left I cannot get fixed.

We provision several LDAP directories, and for one of them we don't have to 
rights to create oder delete groups. We just can update the memberships. This 
will also stay like that, there won't be any change. This means it can also 
be that some of these groups are empty.  If that happens PSP causes an 
exception ("LDAP: error code 65 - object class 'groupOfNames' requires 
attribute 'member'") and the members that populated the group before stay 
there.

I have understood that the default usage of grouper is not to provision any 
empty groups at all, but for us that is no option.

We have used Grouper 1.4 before. In that version it was possible to use the 
list-empty-value option in the group-members-dn-list-Tag in ldappc.xml. In 
this former configuration we could use a default dummy user named "empty" to 
populate empty groups. But ldappc was replaced by the PSP with a completely 
new functionality and I could not find a solution for the PSP yet. Browsing 
the archive of this list didn't help.

I think I must edit psp-resolver.xml anyhow. Can you help me?


Regards,

Jutta Biernath


--------------------
Jutta Biernath
Freie Universität Berlin
Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Identity & Customer Management, FUDIS
Fabeckstr. 32
14195 Berlin
Tel. +49 30 838-75090
Fax +49 30 838-475090