Skip to Content.
Sympa Menu

grouper-users - AW: [grouper-users] Provisioning empty groups with PSP 2.1.5

Subject: Grouper Users - Open Discussion List

List archive

AW: [grouper-users] Provisioning empty groups with PSP 2.1.5


Chronological Thread 
  • From: "Biernath, Jutta" <>
  • To: Mark Cairney <>, "" <>
  • Subject: AW: [grouper-users] Provisioning empty groups with PSP 2.1.5
  • Date: Tue, 20 Jan 2015 16:16:29 +0100
  • Accept-language: de-DE, en-US

Hi,

this was the solution! I have replaced "" by the DN of the "empty" user, and
it worked!!

Thanks a lot!

Jutta

--------------------
Jutta Biernath
Freie Universität Berlin
Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Identity & Customer Management, FUDIS
Fabeckstr. 32
14195 Berlin
Tel. +49 30 838-75090
Fax +49 30 838-475090

-----Ursprüngliche Nachricht-----
Von:


[mailto:]
Im Auftrag von Mark Cairney
Gesendet: Dienstag, 20. Januar 2015 15:32
An:

Betreff: Re: [grouper-users] Provisioning empty groups with PSP 2.1.5

Hi,

We put the following in our psp.xml:

<!-- The ldap group "member" attribute. -->
<references name="member" emptyValue="">

This creates a single blank "member" attribute in the group and broadly
matches how we tackled this issue on our Grouper 1.5 installation.

On 20/01/15 14:24, Waldbieser, Carl wrote:
> Jutta,
>
> Could you put an LDAP proxy in front of that particular directory that
> inserts a "dummy" member into the groupOfNames search result?
>
> Thanks,
> Carl Waldbieser
> ITS Systems Programmer
> Lafayette College
>
> ----- Original Message -----
> From: "Jutta Biernath"
> <>
> To:
>
> Sent: Tuesday, January 20, 2015 3:52:35 AM
> Subject: [grouper-users] Provisioning empty groups with PSP 2.1.5
>
> Hi,
>
> we use Grouper 2.1.5 and everything works well. There is just one problem
> left I cannot get fixed.
>
> We provision several LDAP directories, and for one of them we don't have to
> rights to create oder delete groups. We just can update the memberships.
> This will also stay like that, there won't be any change. This means it can
> also be that some of these groups are empty. If that happens PSP causes an
> exception ("LDAP: error code 65 - object class 'groupOfNames' requires
> attribute 'member'") and the members that populated the group before stay
> there.
>
> I have understood that the default usage of grouper is not to provision any
> empty groups at all, but for us that is no option.
>
> We have used Grouper 1.4 before. In that version it was possible to use the
> list-empty-value option in the group-members-dn-list-Tag in ldappc.xml. In
> this former configuration we could use a default dummy user named "empty"
> to populate empty groups. But ldappc was replaced by the PSP with a
> completely new functionality and I could not find a solution for the PSP
> yet. Browsing the archive of this list didn't help.
>
> I think I must edit psp-resolver.xml anyhow. Can you help me?
>
>
> Regards,
>
> Jutta Biernath
>
>
> --------------------
> Jutta Biernath
> Freie Universität Berlin
> Zentraleinrichtung für Datenverarbeitung (ZEDAT) Identity & Customer
> Management, FUDIS Fabeckstr. 32
> 14195 Berlin
> Tel. +49 30 838-75090
> Fax +49 30 838-475090
>
>

--
/****************************

Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email:

PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in Scotland,
with registration number SC005336.




Archive powered by MHonArc 2.6.16.

Top of Page