Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-953

Expunge does not result in person record DNs in LDAP removed from Group membership

    XMLWordPrintable

Details

    Description

      When a CO person is expunged the LDAP provisioner fires and the corresponding person record in ou=People is deleted.

      Memberships of that CO person in COmanage groups are also deleted, but the group memberships are not re-provisioned, and so the DN for the person record that was just deleted is still listed as a DN that has a membership for the group record in LDAP.

      This causes, for example, SYMPA to try and resolve the group membership, find the DN, and then do a secondary look up on the DN only to find that it fails.

      The work around is to go in and manually re-provision affected groups. That cleans up the ou=Group record so that the DN for the person record that no longer exists is no longer listed as a member of the group.

      Attachments

        Activity

          People

            benn.oshrin@at.internet2.edu Benn Oshrin (internet2.edu)
            scott.koranda.3@at.internet2.edu Scott Koranda SCG (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: