Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
COmanage Registry 4.4.1 (Sparkling Summit MR1)
Description
During a full sync for an OIS with CO Group Mapping capabilities the function
syncOrgIdentityToCoPerson()
|
in the CoPipeline.php model is invoked. That function does synchronize CO Group Memberships if the OIS has CO Group Mapping capabilities and so it is possible for there to be changes in CO Group Memberships. The function will invoke manual provisioning before returning but only for the CO Person record and not for any related CO Groups where the memberships have changed.
As a consequence the LDAP Provisioner does not reprovision either the groupOfNames nor posixGroup object classes and their attributes tracking memberships become out of sync with the isMemberOf attribute on the person record.