Ldappc will not remove membership for a deleted group correctly if the member has other provisioned memberships.

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Minor
    • 1.4.2
    • Affects Version/s: None
    • Component/s: API
    • None

      Given the test setup :

      groupA
      members: subjectA

      groupB
      members: subjectA

      Ldappc will provision subjectA as :

      cn=subjectA
      isMemberOf : groupA
      isMemberOf : groupB

      Then delete groupA, and run ldappc -memberships, which will not change the provisioning of subjectA !

      This is because, as Arnaud points out, the subject dn's membership is not removed since the subject is a member of another group. GrouperProvisioner.buildSourceSubjectDnSet slurps all subjects which are members via the filter "(&(uid=)(|(isMemberOf=)(objectClass=eduMember))", which in the case above includes subjectA. Then, when iterating over the groups to be provisioned, subjectA is removed from the memberships to be deleted since they are a member of another group !

      buildSourceSubjectDnSet(existingSubjectDns, existingObjectDns);

      for (Group group : groups) {
      for(Member member : (Set<Member) group.getMembers()) {
      ...
      existingSubjectDns.remove(subjectDn);

      try {
      clearSubjectEntryMemberships(existingSubjectDns);

            Assignee:
            Tom Zeller (Inactive)
            Reporter:
            Tom Zeller (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: