Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
COmanage Registry 3.3.0 (Magic Ring)
Description
When "Enable Attribute Options" is checked but the eduMember objectclass is not the LdapProvisioner is sending a LDAP MOD that includes ismemberof and has the effect of deleting existing isMemberOf attribute values on the CoPerson record that are being managed by another external program (in this case Grouper and psp).
Note that "Unconfigured Attribute Mode" is set to "Remove" but the documentation for the LdapProvisioner at
https://spaces.at.internet2.edu/display/COmanage/LDAP+Provisioning+Plugin
says "Regardless of this setting, attributes associated with object classes not enabled are left alone (except as described in Operations, below)."
Also note that "Additional Person Object Classes" includes eduMember.
Lastly, unchecking "Enable Attribute Options" restores the expected behavior and the isMemberOf attribute values are NOT removed from the CoPerson record when re-provisioning.