Details
-
Bug
-
Resolution: Fixed
-
Critical
-
COmanage Registry 0.9.1 (Essential Enneagon Plus One)
Description
When a CO person is expunged the LDAP provisioner fires and the corresponding person record in ou=People is deleted.
Memberships of that CO person in COmanage groups are also deleted, but the group memberships are not re-provisioned, and so the DN for the person record that was just deleted is still listed as a DN that has a membership for the group record in LDAP.
This causes, for example, SYMPA to try and resolve the group membership, find the DN, and then do a secondary look up on the DN only to find that it fails.
The work around is to go in and manually re-provision affected groups. That cleans up the ou=Group record so that the DN for the person record that no longer exists is no longer listed as a member of the group.