Idea ID: 2876104

eDirectory, make users and groups be internally consistent

jrd jrd
Status : New Idea

Reviewing my OES logs shows postfix complaining about not finding a group for a user. Culling the MF archives shows this useful article The article points to an .xml file which seems to require IDM to fix this insistency matter. The article has this pithy description:

"One problem people struggle with is keeping eDirectory group membership information in sync. eDirectory stores Groups as double-linked lists. What this means is, the Group has a pointer to the User and the User has a pointer to the Group. The problem is, when you use LDAP to update the User, eDirectory does not automatically update the Group and vice versa."

I don't use IDM and it ought not be necessary for run of the mill OES machines. Instead, the regular OES components should take care of ensuring that a change to a user or a group is properly reflected in the other side of the pointers. That synchronization should be automatic, no user action needed, no IDM needed. Lack of sync can easily lead to access permissions problems, or worse.


Joe D.