Details
-
Bug
-
Resolution: Fixed
-
Critical
-
COmanage Registry 3.3.1 (Magic Ring MR1)
Description
Start with a COmanage Registry that has multiple CO Person and CO Group records and a empty LDAP directory server (nothing previously provisioned). Configure a LDAP Provisioner to provision both CO Person records and CO Group records. Schedule/queue a re-provision all job. Cause the job to execute using JobShell.
A number of CO Person records will be provisioned into LDAP.
No CO groups will be provisioned into LDAP.
Check the cm_co_ldap_provisioner_dns table and find that only a single DN has been recorded.
Schedule/queue another re-provision all and use a JobShell to make it run. A second DN will be added to the cm_co_ldap_provisioner_dns table, but only a single additional DN is added.
Continue to schedule/queue re-provision all jobs and use a JobShell to run them, and you will find that after each execution of the job one and only one DN will be added to the cm_co_ldap_provisioner_dns table.
This causes problems with the calculation of the members: attribute in LDAP for provisioning CO Groups. For example, the cn=CO:members:active group in LDAP will only have a single member attribute, the value being the single DN that is in the cm_co_ldap_provisioner_dns table.