Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-46

Support deleting group membership for subjects who are no longer in the directory

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.3.0
    • 1.3.0
    • API
    • None
    • Apache 2.2.4
      Tomcat 5.5
      Java 1.5
      Linux Redhat Enterprise Server 4
      Oracle 10g DB
      SunOne Directory server 5.2

    Description

      In our pre-release work in Grouper, we discovered that the API must instantiate a subject before it can delete the subject from a group's membership. There is a major use case at Brown (and certainly elsewhere) where users leave the directory without first being deleted from Grouper. Our provisioning software handled these cases by recognizing the need to remove the user from the group, but it would fail catastrophically and produce an unrecoverable corrupted data condition that made the group unusable. We implemented a solution that uses a local SQL user registry rather than our LDAP registry, (originally, there were performance reasons for this). But our design of the SQL person registry was influenced by the desire to never delete users from the SQL registry, so we could be assured of being able to successfully delete purged users' group membership.

      Ideally, there should be an ability to remove a subject's group membership based on just a subject identifier, not a subject instance. I don't have an example of the exception, but it was (unfortunately) one of the most repeatable exceptions we've seen.

      Attachments

        Activity

          People

            tom.zeller@at.internet2.edu Tom Zeller
            jcramton James Cramton (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Smart Checklist