Grouper Users - Open Discussion List

[Jeffrey Crawford <>]

Our subjectID is not the username (uid) we use a static reference attribute that does not change when a rename occurs. It sounds like using memberChangeSubject in this case would be a no-op. Am I reading this correctly, are we back to bulkSync?

Jeffrey

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

On Wed, Jan 13, 2016 at 1:37 PM, David Langenberg <> wrote:

You would in this case probably want to write something to also perform the rename of the user in Grouper via memberChangeSubject (assuming the username is the subjectID and LDAP is the subject source).

https://spaces.internet2.edu/display/Grouper/Member+change+subject

https://spaces.internet2.edu/pages/viewpage.action?pageId=14517859

https://bugs.internet2.edu/jira/browse/GRP-151

Dave

On Jan 13, 2016, at 2:24 PM, Jeffrey Crawford <> wrote:

As near as I can tell if an account in the LDAP server is renamed there is nothing that can tell grouper loader to re-sync the groups that contain that user correct?

I can use referential integrity to have the LDAP server itself catch changes, but if we are trying to support POSIX groups that doesn't work since referential integrity only works with "GroupOfNames" or more specifically attributes "member" and "uniqueMember".

Is the BulkSync the only way to pick up those changes, or did I miss something?

Jeffrey

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

--
David Langenberg
Identity & Access Management Architect
The University of Chicago