Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-409

[ldappc] includeExclude _includes and _systemOfRecord provisioning

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 1.6.0
    • None
    • API
    • None

    Description

      A group with the includeExclude type will be provisioned with the _includes and _systemOfRecord groups as members, which doesn't seem to be correct.

      The _includes and _systemOfRecord members are returned by overallGroup.getMembers() and overallGroup.getCompositeMembers().

      Test setup :

      this.setupTestConfigForIncludeExclude();
      GrouperStartup.initIncludeExcludeType();

      String groupTypeName = GrouperConfig.getProperty("grouperIncludeExclude.type.name");
      GroupType includeExcludeType = GroupTypeFinder.find(groupTypeName, true);

      String overallName = "edu:aGroup";
      Group overallGroup = Group.saveGroup(this.grouperSession, null, null,overallName, null, null, null, true);
      overallGroup.addMember(SubjectTestHelper.SUBJ0);
      overallGroup.addMember(SubjectTestHelper.SUBJ1);
      overallGroup.addType(includeExcludeType);

      Group excludesGroup = GroupFinder.findByName(this.grouperSession,overallName + "_excludes", true);
      excludesGroup.addMember(SubjectTestHelper.SUBJ0);

      Group includesGroup = GroupFinder.findByName(this.grouperSession,overallName + "_includes", true);
      includesGroup.addMember(SubjectTestHelper.SUBJ2);

      String systemOfRecordIdPath = overallName + "_systemOfRecord";
      Group systemOfRecordGroup = GroupFinder.findByName(this.grouperSession, systemOfRecordIdPath,true);
      systemOfRecordGroup.addMember(SubjectTestHelper.SUBJ3);

      Resultant provisioning :

      dn: cn=aGroup,ou=edu,ou=testgroups,${base}
      member: cn=test.subject.1,ou=testpeople,${base}
      member: cn=test.subject.2,ou=testpeople,${base}
      member: cn=test.subject.3,ou=testpeople,${base}
      member: cn=aGroup_includes,ou=edu,ou=testgroups,${base}
      member: cn=aGroup_systemOfRecord,ou=edu,ou=testgroups,${base}
      hasmember: my name is test.subject.1
      hasmember: my name is test.subject.2
      hasmember: my name is test.subject.3
      hasmember: edu:aGroup_includes
      hasmember: edu:aGroup_systemOfRecord
      cn: aGroup
      description: Group containing list of aGroup after adding the includes and subtr
      acting the excludes
      objectclass: eduMember
      objectclass: groupOfNames

      dn: cn=aGroup_excludes,ou=edu,ou=testgroups,${base}
      member: cn=test.subject.0,ou=testpeople,${base}
      hasmember: my name is test.subject.0
      cn: aGroup_excludes
      description: Group containing manual list of excludes for group aGroup which wil
      l not be in the overall group
      objectclass: eduMember
      objectclass: groupOfNames

      dn: cn=aGroup_includes,ou=edu,ou=testgroups,${base}
      objectclass: eduMember
      objectclass: groupOfNames
      cn: aGroup_includes
      description: Group containing manual list of includes for group aGroup which wil
      l be added to the system of record list (unless the subject is also in the excl
      udes group)
      member: cn=test.subject.2,ou=testpeople,${base}
      hasmember: my name is test.subject.2
      ismemberof: edu:aGroup_systemOfRecordAndIncludes
      ismemberof: edu:aGroup

      dn: cn=aGroup_systemOfRecord,ou=edu,ou=testgroups,${base}
      cn: aGroup_systemOfRecord
      objectclass: eduMember
      objectclass: groupOfNames
      description: Group containing list of aGroup (generally straight from the system
      of record) without yet considering manual include or exclude lists
      member: cn=test.subject.0,ou=testpeople,${base}
      member: cn=test.subject.1,ou=testpeople,${base}
      member: cn=test.subject.3,ou=testpeople,${base}
      hasmember: my name is test.subject.0
      hasmember: my name is test.subject.1
      hasmember: my name is test.subject.3
      ismemberof: edu:aGroup_systemOfRecordAndIncludes
      ismemberof: edu:aGroup

      dn: cn=aGroup_systemOfRecordAndIncludes,ou=edu,ou=testgroups,dc=testgrouper,dc=edu
      objectclass: eduMember
      objectclass: groupOfNames
      cn: aGroup_systemOfRecordAndIncludes
      description: Internal utility group for group aGroup which facilitates the group
      math for the include and exclude lists
      member: cn=test.subject.0,ou=testpeople,${base}
      member: cn=test.subject.1,ou=testpeople,${base}
      member: cn=test.subject.2,ou=testpeople,${base}
      member: cn=test.subject.3,ou=testpeople,${base}
      member: cn=aGroup_includes,ou=edu,ou=testgroups,${base}
      member: cn=aGroup_systemOfRecord,ou=edu,ou=testgroups,${base}
      hasmember: my name is test.subject.0
      hasmember: my name is test.subject.1
      hasmember: my name is test.subject.2
      hasmember: my name is test.subject.3
      hasmember: edu:aGroup_includes
      hasmember: edu:aGroup_systemOfRecord

      From Shilen :

      It still doesn't seem right though...

      1. duke:final_systemOfRecord - contains member shilen
      2. duke:final_includes - empty
      3. duke:final_systemOfRecordAndIncludes - contains members duke:final_systemOfRecord, duke:final_includes, and shilen
      4. duke:final_excludes - contains member shilen
      5. duke:final - composite group (duke:final_systemOfRecordAndIncludes minus duke:final_excludes)

      duke:final contains 2 composite memberships – duke:final_systemOfRecord and duke:final_includes. So ldappc populates the 2 memberships also....

      For some reason seeing the 2 composite memberships in Grouper never before appeared like a problem, but now seeing that in LDAP just seems wrong.

      Attachments

        Activity

          People

            shilen.patel@at.internet2.edu Shilen Patel (duke.edu)
            tom.zeller@at.internet2.edu Tom Zeller
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: