grouper-users - AW: [grouper-users] Provisioning empty groups with PSP 2.1.5
Subject: Grouper Users - Open Discussion List
List archive
- From: "Biernath, Jutta" <>
- To: Mark Cairney <>, "" <>
- Subject: AW: [grouper-users] Provisioning empty groups with PSP 2.1.5
- Date: Tue, 20 Jan 2015 16:16:29 +0100
- Accept-language: de-DE, en-US
Hi,
this was the solution! I have replaced "" by the DN of the "empty" user, and
it worked!!
Thanks a lot!
Jutta
--------------------
Jutta Biernath
Freie Universität Berlin
Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Identity & Customer Management, FUDIS
Fabeckstr. 32
14195 Berlin
Tel. +49 30 838-75090
Fax +49 30 838-475090
-----Ursprüngliche Nachricht-----
Von:
[mailto:]
Im Auftrag von Mark Cairney
Gesendet: Dienstag, 20. Januar 2015 15:32
An:
Betreff: Re: [grouper-users] Provisioning empty groups with PSP 2.1.5
Hi,
We put the following in our psp.xml:
<!-- The ldap group "member" attribute. -->
<references name="member" emptyValue="">
This creates a single blank "member" attribute in the group and broadly
matches how we tackled this issue on our Grouper 1.5 installation.
On 20/01/15 14:24, Waldbieser, Carl wrote:
> Jutta,
>
> Could you put an LDAP proxy in front of that particular directory that
> inserts a "dummy" member into the groupOfNames search result?
>
> Thanks,
> Carl Waldbieser
> ITS Systems Programmer
> Lafayette College
>
> ----- Original Message -----
> From: "Jutta Biernath"
> <>
> To:
>
> Sent: Tuesday, January 20, 2015 3:52:35 AM
> Subject: [grouper-users] Provisioning empty groups with PSP 2.1.5
>
> Hi,
>
> we use Grouper 2.1.5 and everything works well. There is just one problem
> left I cannot get fixed.
>
> We provision several LDAP directories, and for one of them we don't have to
> rights to create oder delete groups. We just can update the memberships.
> This will also stay like that, there won't be any change. This means it can
> also be that some of these groups are empty. If that happens PSP causes an
> exception ("LDAP: error code 65 - object class 'groupOfNames' requires
> attribute 'member'") and the members that populated the group before stay
> there.
>
> I have understood that the default usage of grouper is not to provision any
> empty groups at all, but for us that is no option.
>
> We have used Grouper 1.4 before. In that version it was possible to use the
> list-empty-value option in the group-members-dn-list-Tag in ldappc.xml. In
> this former configuration we could use a default dummy user named "empty"
> to populate empty groups. But ldappc was replaced by the PSP with a
> completely new functionality and I could not find a solution for the PSP
> yet. Browsing the archive of this list didn't help.
>
> I think I must edit psp-resolver.xml anyhow. Can you help me?
>
>
> Regards,
>
> Jutta Biernath
>
>
> --------------------
> Jutta Biernath
> Freie Universität Berlin
> Zentraleinrichtung für Datenverarbeitung (ZEDAT) Identity & Customer
> Management, FUDIS Fabeckstr. 32
> 14195 Berlin
> Tel. +49 30 838-75090
> Fax +49 30 838-475090
>
>
--
/****************************
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email:
PGP: 0x435A9621
*******************************/
The University of Edinburgh is a charitable body, registered in Scotland,
with registration number SC005336.
- [grouper-users] Provisioning empty groups with PSP 2.1.5, Biernath, Jutta, 01/20/2015
- Re: [grouper-users] Provisioning empty groups with PSP 2.1.5, Waldbieser, Carl, 01/20/2015
- Re: [grouper-users] Provisioning empty groups with PSP 2.1.5, Mark Cairney, 01/20/2015
- AW: [grouper-users] Provisioning empty groups with PSP 2.1.5, Biernath, Jutta, 01/20/2015
- Re: [grouper-users] Provisioning empty groups with PSP 2.1.5, Mark Cairney, 01/20/2015
- Re: [grouper-users] Provisioning empty groups with PSP 2.1.5, Waldbieser, Carl, 01/20/2015
Archive powered by MHonArc 2.6.16.