Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
-
tested in grouper 4.5.5
Description
I changed the string value that the provisioner is provisioning as an entitlement. I notice that after running the full sync on it, both the old and new entitlement values are now placed on the user accounts in LDAP. The old values are not removed.
Here is the configuration for the provisioner this was observed in:
provisioner.eduPersonEntitlement.addDisabledFullSyncDaemon = true
provisioner.eduPersonEntitlement.class = edu.internet2.middleware.grouper.app.ldapProvisioning.LdapSync
provisioner.eduPersonEntitlement.configureMetadata = true
provisioner.eduPersonEntitlement.customizeGroupCrud = true
provisioner.eduPersonEntitlement.deleteGroups = false
provisioner.eduPersonEntitlement.entityAttributeValueCache0entityAttribute = ldap_dn
provisioner.eduPersonEntitlement.entityAttributeValueCache0has = true
provisioner.eduPersonEntitlement.entityAttributeValueCache0source = target
provisioner.eduPersonEntitlement.entityAttributeValueCache0type = entityAttribute
provisioner.eduPersonEntitlement.entityAttributeValueCacheHas = true
provisioner.eduPersonEntitlement.entityMatchingAttribute0name = uid
provisioner.eduPersonEntitlement.entityMatchingAttributeCount = 1
provisioner.eduPersonEntitlement.entityMembershipAttributeName = eduPersonEntitlement
provisioner.eduPersonEntitlement.entityMembershipAttributeValue = groupAttributeValueCache0
provisioner.eduPersonEntitlement.groupAttributeValueCache0groupAttribute = entitlement_string
provisioner.eduPersonEntitlement.groupAttributeValueCache0has = true
provisioner.eduPersonEntitlement.groupAttributeValueCache0source = grouper
provisioner.eduPersonEntitlement.groupAttributeValueCache0type = groupAttribute
provisioner.eduPersonEntitlement.groupAttributeValueCacheHas = true
provisioner.eduPersonEntitlement.hasTargetEntityLink = true
provisioner.eduPersonEntitlement.insertGroups = false
provisioner.eduPersonEntitlement.ldapExternalSystemConfigId = demo
provisioner.eduPersonEntitlement.metadata.0.canChange = true
provisioner.eduPersonEntitlement.metadata.0.canUpdate = true
provisioner.eduPersonEntitlement.metadata.0.formElementType = text
provisioner.eduPersonEntitlement.metadata.0.name = md_entitlementValue
provisioner.eduPersonEntitlement.metadata.0.showForFolder = true
provisioner.eduPersonEntitlement.metadata.0.showForGroup = false
provisioner.eduPersonEntitlement.metadata.0.valueType = string
provisioner.eduPersonEntitlement.numberOfEntityAttributes = 4
provisioner.eduPersonEntitlement.numberOfGroupAttributes = 1
provisioner.eduPersonEntitlement.numberOfMetadata = 1
provisioner.eduPersonEntitlement.operateOnGrouperEntities = true
provisioner.eduPersonEntitlement.operateOnGrouperGroups = true
provisioner.eduPersonEntitlement.operateOnGrouperMemberships = true
provisioner.eduPersonEntitlement.provisioningType = entityAttributes
provisioner.eduPersonEntitlement.selectAllEntities = true
provisioner.eduPersonEntitlement.selectGroups = false
provisioner.eduPersonEntitlement.showAdvanced = true
provisioner.eduPersonEntitlement.startWith = this is start with read only
provisioner.eduPersonEntitlement.subjectSourcesToProvision = eduLDAP
provisioner.eduPersonEntitlement.targetEntityAttribute.0.name = ldap_dn
provisioner.eduPersonEntitlement.targetEntityAttribute.1.name = eduPersonEntitlement
provisioner.eduPersonEntitlement.targetEntityAttribute.2.name = uid
provisioner.eduPersonEntitlement.targetEntityAttribute.2.translateExpressionType = grouperProvisioningEntityField
provisioner.eduPersonEntitlement.targetEntityAttribute.2.translateFromGrouperProvisioningEntityField = subjectIdentifier0
provisioner.eduPersonEntitlement.targetEntityAttribute.3.multiValued = true
provisioner.eduPersonEntitlement.targetEntityAttribute.3.name = objectClass
provisioner.eduPersonEntitlement.targetEntityAttribute.3.showAdvancedAttribute = true
provisioner.eduPersonEntitlement.targetEntityAttribute.3.showAttributeValueSettings = true
provisioner.eduPersonEntitlement.targetEntityAttribute.3.translateExpressionType = staticValues
provisioner.eduPersonEntitlement.targetEntityAttribute.3.translateFromStaticValues = eduPerson
provisioner.eduPersonEntitlement.targetGroupAttribute.0.name = entitlement_string
provisioner.eduPersonEntitlement.targetGroupAttribute.0.translateExpression = \u0024{grouperProvisioningGroup.retrieveAttributeValueString('md_entitlementValue') + grouperProvisioningGroup.extension }
provisioner.eduPersonEntitlement.targetGroupAttribute.0.translateExpressionType = translationScript
provisioner.eduPersonEntitlement.updateGroups = false
provisioner.eduPersonEntitlement.userSearchBaseDn = ou=people,dc=internet2,dc=edu
Another organization that I was working with ran into a similar issue with a provisioner they were working on as well.