Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-1670

LdapProvisioner does not reprovision isMemberOf on group name change

    XMLWordPrintable

Details

    • COmanage Onboarding Sprint

    Description

      When a group name is changed, a Group Update provisioning action is executed. However, if the 'isMemberOf' eduMember-objectclass attribute is enabled, the group name is available on each members entry. The LdapProvisioner does not update those attributes in this case and the isMemberOf subsequently points to a non-existing reference.

      To reproduce:

      • create a group
      • make someone a member of the group
      • enable the LdapProvisioner, configure the eduMember objectclass and enable isMemberOf and hasMember attributes. Allow for automatic provisioning.
      • Click on 'reprovision all'
      • Note that the isMemberOf attributes are synchronised to the correct group name
      • Change the group name
      • Note that the isMemberOf attribute has not changed, but the group DN did change

      Reprovisioning all members of such groups seems like overkill. Probably the rename operation for groups need to be caught while provisioning and a similar rename operation needs to be performed for the isMemberOf attribute of all members.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CO-1357 Improve LdapProvisioner Construction of Groups

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              ioannis.e.igoumenos@at.internet2.edu Ioannis Eythymios Igoumenos (google.com)
              michiel Michiel Uitdehaag (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: