Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-5271

When entitlement string changes in an LDAP usersWithEduPersonEntitlements provisioner configuration, the old entitlement values are not removed.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • None
    • tested in grouper 4.5.5

    Description

       I changed the string value that the provisioner is provisioning as an entitlement.  I notice that after running the full sync on it, both the old and new entitlement values are now placed on the user accounts in LDAP.  The old values are not removed.

      Here is the configuration for the provisioner this was observed in:

      provisioner.eduPersonEntitlement.addDisabledFullSyncDaemon = true
      provisioner.eduPersonEntitlement.class = edu.internet2.middleware.grouper.app.ldapProvisioning.LdapSync
      provisioner.eduPersonEntitlement.configureMetadata = true
      provisioner.eduPersonEntitlement.customizeGroupCrud = true
      provisioner.eduPersonEntitlement.deleteGroups = false
      provisioner.eduPersonEntitlement.entityAttributeValueCache0entityAttribute = ldap_dn
      provisioner.eduPersonEntitlement.entityAttributeValueCache0has = true
      provisioner.eduPersonEntitlement.entityAttributeValueCache0source = target
      provisioner.eduPersonEntitlement.entityAttributeValueCache0type = entityAttribute
      provisioner.eduPersonEntitlement.entityAttributeValueCacheHas = true
      provisioner.eduPersonEntitlement.entityMatchingAttribute0name = uid
      provisioner.eduPersonEntitlement.entityMatchingAttributeCount = 1
      provisioner.eduPersonEntitlement.entityMembershipAttributeName = eduPersonEntitlement
      provisioner.eduPersonEntitlement.entityMembershipAttributeValue = groupAttributeValueCache0
      provisioner.eduPersonEntitlement.groupAttributeValueCache0groupAttribute = entitlement_string
      provisioner.eduPersonEntitlement.groupAttributeValueCache0has = true
      provisioner.eduPersonEntitlement.groupAttributeValueCache0source = grouper
      provisioner.eduPersonEntitlement.groupAttributeValueCache0type = groupAttribute
      provisioner.eduPersonEntitlement.groupAttributeValueCacheHas = true
      provisioner.eduPersonEntitlement.hasTargetEntityLink = true
      provisioner.eduPersonEntitlement.insertGroups = false
      provisioner.eduPersonEntitlement.ldapExternalSystemConfigId = demo
      provisioner.eduPersonEntitlement.metadata.0.canChange = true
      provisioner.eduPersonEntitlement.metadata.0.canUpdate = true
      provisioner.eduPersonEntitlement.metadata.0.formElementType = text
      provisioner.eduPersonEntitlement.metadata.0.name = md_entitlementValue
      provisioner.eduPersonEntitlement.metadata.0.showForFolder = true
      provisioner.eduPersonEntitlement.metadata.0.showForGroup = false
      provisioner.eduPersonEntitlement.metadata.0.valueType = string
      provisioner.eduPersonEntitlement.numberOfEntityAttributes = 4
      provisioner.eduPersonEntitlement.numberOfGroupAttributes = 1
      provisioner.eduPersonEntitlement.numberOfMetadata = 1
      provisioner.eduPersonEntitlement.operateOnGrouperEntities = true
      provisioner.eduPersonEntitlement.operateOnGrouperGroups = true
      provisioner.eduPersonEntitlement.operateOnGrouperMemberships = true
      provisioner.eduPersonEntitlement.provisioningType = entityAttributes
      provisioner.eduPersonEntitlement.selectAllEntities = true
      provisioner.eduPersonEntitlement.selectGroups = false
      provisioner.eduPersonEntitlement.showAdvanced = true
      provisioner.eduPersonEntitlement.startWith = this is start with read only
      provisioner.eduPersonEntitlement.subjectSourcesToProvision = eduLDAP
      provisioner.eduPersonEntitlement.targetEntityAttribute.0.name = ldap_dn
      provisioner.eduPersonEntitlement.targetEntityAttribute.1.name = eduPersonEntitlement
      provisioner.eduPersonEntitlement.targetEntityAttribute.2.name = uid
      provisioner.eduPersonEntitlement.targetEntityAttribute.2.translateExpressionType = grouperProvisioningEntityField
      provisioner.eduPersonEntitlement.targetEntityAttribute.2.translateFromGrouperProvisioningEntityField = subjectIdentifier0
      provisioner.eduPersonEntitlement.targetEntityAttribute.3.multiValued = true
      provisioner.eduPersonEntitlement.targetEntityAttribute.3.name = objectClass
      provisioner.eduPersonEntitlement.targetEntityAttribute.3.showAdvancedAttribute = true
      provisioner.eduPersonEntitlement.targetEntityAttribute.3.showAttributeValueSettings = true
      provisioner.eduPersonEntitlement.targetEntityAttribute.3.translateExpressionType = staticValues
      provisioner.eduPersonEntitlement.targetEntityAttribute.3.translateFromStaticValues = eduPerson
      provisioner.eduPersonEntitlement.targetGroupAttribute.0.name = entitlement_string
      provisioner.eduPersonEntitlement.targetGroupAttribute.0.translateExpression = \u0024{grouperProvisioningGroup.retrieveAttributeValueString('md_entitlementValue')  +  grouperProvisioningGroup.extension }
      provisioner.eduPersonEntitlement.targetGroupAttribute.0.translateExpressionType = translationScript
      provisioner.eduPersonEntitlement.updateGroups = false
      provisioner.eduPersonEntitlement.userSearchBaseDn = ou=people,dc=internet2,dc=edu

      Another organization that I was working with ran into a similar issue with a provisioner they were working on as well.

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            jim.beard.2@at.internet2.edu Jim Beard
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: