On 26/06/2013 19:22, Mirko Signoretto wrote:
Hi,
I tried the Syncope Roles provisioning. When Syncope creates a group
in LDAP, via role provisioning, adds to the group memberships the LDAP
connector user (configured for provisioning operations). Why? Is this
correct?
I'm using 389 redhat directory server -- syncope 1.1.1 and ldap
connector 1.3.5
Hi Mirko,
the commonly used LDAP group object classes (groupOfNames,
groupOfUniqueNames) require value for membership attribute ('member' or
' uniqueMember' respectively) to be provided upon creation.
This means that you cannot create an LDAP group without providing at
least one member: Syncope, for major safety, puts there an LDAP user
that exists for sure, e.g. the from the LDAP connector configuration.
Hope this clarifies a bit.
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
