Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
Description
We are in patch a72-u43-w7-p9.
LdapSystem.performLdapSearchRequest returns empty list of member when group has more than 1500 memberships.
Our settings in grouper-loader.properties:
ldap.active_directory.searchResultHandlers=org.ldaptive.handler.DnAttributeEntryHandler,edu.internet2.middleware.grouper.ldap.ldaptive.GrouperRangeEntryHandler
|
ldap.active_directory.pagedResultsSize = 1000 |
ldap.active_directory.searchResultPagingEnabled=true |
ldap.active_directory.searchResultPagingSize=1000 |
changeLog.consumer.pspng_activedirectory.memberAttributeName = member
|
Logs like:
Full-sync comparison for psrwi.auckland.ac.nz:Employee/#128662(Existing): Target-subject count: Correct/Actual: 12713/0
Group psrwi.auckland.ac.nz:Employee/#128662(Existing) has 0 extra values
Group psrwi.auckland.ac.nz:Employee/#128662(Existing) has 128662 missing values
This issue cause the following code in LdapGroupProvisioner wont be invoked when grouper has members > 1500, and members never get delete from target system
LOG.info("{}: Group {} has {} extra values", |
new Object[] {getDisplayName(), grouperGroupInfo, extraValues.size()}); |
if ( extraValues.size() > 0 ) { |
getLdapSystem().performLdapModify(
|
new ModifyRequest( |
ldapGroup.dn,
|
new AttributeModification( |
AttributeModificationType.REMOVE,
|
new LdapAttribute(config.getMemberAttributeName(),extraValues.toArray(new String[0])))), |
config.isMemberAttributeCaseSensitive(),
|
true); |
}
|
This issue seems happen after p6.
Attachments
Issue Links
- mentioned in
-
Page Loading...