Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
Description
Alpha Sanneh
Today at 1:43 PM
Hello everyone, is anyone using openLDAP who has encountered an issue whereby an entity that exists in grouper but not in the target is added by the new provisioner. We have this problem with our law school who are using openLDAP instead of DS389. We are using v2.6.8 and the same problem exists in v2.6.15. Any suggested workarounds? This is not an issue we had with PSPNG
8 replies
Drew Aschenbrener
4 hours ago
Hi Alpha. Can you further explain the difference between the behavior you are experiencing and the behavior you are looking for? (edited)
Alpha Sanneh
4 hours ago
Hi Drew, the difference is that with PSPNG if the entity does not exist in the target it will never add the person in the provisioned group. And that is the behavior I expected the new provisioner to do but it does not. It will add the person even if they do not exist as an entity in the target.
Drew Aschenbrener
3 hours ago
I would guess in the provisioning framework you have
Entity configuration - Operate on Entities set to True
and somewhere under there Insert entities set to True
Chris Hyzer
3 hours ago
the DN is cached in the entity, so if the user was there, it is using that DN. I need look at it to see how we can get it to look each user up before adding...
Alpha Sanneh
3 hours ago
Only operate on Entities is set to True and everything else false hence the puzzlement
Alpha Sanneh
3 hours ago
Grouper is not responsible for provisioning entities to the target. In our environment IIQ does that
Chris Hyzer
3 hours ago
note he is saying that the membership attribute value is being added not the actual user
Alpha Sanneh
3 hours ago
Chris said it best