Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
2.1.0
-
None
Description
This is really a feature request for your consideration.
When you have a large number of groups and memberships in Grouper and want to keep them in sync with LDAP, the bulk sync process can take a very long time to run. I'm talking about 500K+ groups and millions of memberships. I think it would be helpful if there were a way to exclude (based on a regular expression) objects from being sync'ed. That is, while going through all the group and stem names, if the name matches the regex, then ignore it, don't query LDAP for that object (and its children) and also don't delete the object from LDAP. I think the PSP allows you to exclude objects right now, but then it will also delete the objects from LDAP too (unless you set authoritative to false, which is not desirable), right?
The use case I have in mind is when you have a Grouper Registry that is largely made up of course groups. When you keep old terms around for multiple years, since they don't change, it would be nice if the PSP didn't have to check those objects every time the bulk sync runs.