Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
Description
LDAP member field is usually a required field for the groupOfNames object type. The way to manage this in provisioning is to set a default value of <<emptyString>>, and it will set a single value of blank for that attribute. This works for a full sync provisioner, but not for the incremental.
The incremental just acts on a single changelog entry, which is to delete the user. It doesn't consider whether it's the last member. The debug log line for the action shows that it retrieves the target and that member field is available. So it may just be a matter of considering the target.
java.lang.RuntimeException: There were 1 exceptions, throwing first exception,
|
Group(matchingAttrs: LinkedHashSet(1): [0]: [businessCategory, apps:Office365:exceptions:M365LicenseOverride-ONLINE, currentValue: true], provisioned: false, attr[businessCategory]: "apps:Office365:exceptions:M365LicenseOverride-ONLINE", attr[cn]: "001-UOFT-M365LicenseOverride-ONLINE", attr[ldap_dn]: "cn=M365LicenseOverride-ONLINE,ou=Office365,ou=apps,ou=grouper,dc=example,dc=edu", attr[member]: TreeSet(1): [0]: id=1003443387,dc=example,dc=edu, attr[objectClass]: LinkedHashSet(2): [0]: top, [1]: groupOfNames, del member "id=1003443387,dc=example,dc=edu")
|
|
|
...
|
|
|
Caused by: [org.ldaptive.LdapException@2102427653::resultCode=OBJECT_CLASS_VIOLATION, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'groupOfNames' requires attribute 'member']
|
|
|
...
|