Description
A group with the includeExclude type will be provisioned with the _includes and _systemOfRecord groups as members, which doesn't seem to be correct.
The _includes and _systemOfRecord members are returned by overallGroup.getMembers() and overallGroup.getCompositeMembers().
Test setup :
this.setupTestConfigForIncludeExclude();
GrouperStartup.initIncludeExcludeType();
String groupTypeName = GrouperConfig.getProperty("grouperIncludeExclude.type.name");
GroupType includeExcludeType = GroupTypeFinder.find(groupTypeName, true);
String overallName = "edu:aGroup";
Group overallGroup = Group.saveGroup(this.grouperSession, null, null,overallName, null, null, null, true);
overallGroup.addMember(SubjectTestHelper.SUBJ0);
overallGroup.addMember(SubjectTestHelper.SUBJ1);
overallGroup.addType(includeExcludeType);
Group excludesGroup = GroupFinder.findByName(this.grouperSession,overallName + "_excludes", true);
excludesGroup.addMember(SubjectTestHelper.SUBJ0);
Group includesGroup = GroupFinder.findByName(this.grouperSession,overallName + "_includes", true);
includesGroup.addMember(SubjectTestHelper.SUBJ2);
String systemOfRecordIdPath = overallName + "_systemOfRecord";
Group systemOfRecordGroup = GroupFinder.findByName(this.grouperSession, systemOfRecordIdPath,true);
systemOfRecordGroup.addMember(SubjectTestHelper.SUBJ3);
Resultant provisioning :
dn: cn=aGroup,ou=edu,ou=testgroups,${base}
member: cn=test.subject.1,ou=testpeople,${base}
member: cn=test.subject.2,ou=testpeople,${base}
member: cn=test.subject.3,ou=testpeople,${base}
member: cn=aGroup_includes,ou=edu,ou=testgroups,${base}
member: cn=aGroup_systemOfRecord,ou=edu,ou=testgroups,${base}
hasmember: my name is test.subject.1
hasmember: my name is test.subject.2
hasmember: my name is test.subject.3
hasmember: edu:aGroup_includes
hasmember: edu:aGroup_systemOfRecord
cn: aGroup
description: Group containing list of aGroup after adding the includes and subtr
acting the excludes
objectclass: eduMember
objectclass: groupOfNames
dn: cn=aGroup_excludes,ou=edu,ou=testgroups,${base}
member: cn=test.subject.0,ou=testpeople,${base}
hasmember: my name is test.subject.0
cn: aGroup_excludes
description: Group containing manual list of excludes for group aGroup which wil
l not be in the overall group
objectclass: eduMember
objectclass: groupOfNames
dn: cn=aGroup_includes,ou=edu,ou=testgroups,${base}
objectclass: eduMember
objectclass: groupOfNames
cn: aGroup_includes
description: Group containing manual list of includes for group aGroup which wil
l be added to the system of record list (unless the subject is also in the excl
udes group)
member: cn=test.subject.2,ou=testpeople,${base}
hasmember: my name is test.subject.2
ismemberof: edu:aGroup_systemOfRecordAndIncludes
ismemberof: edu:aGroup
dn: cn=aGroup_systemOfRecord,ou=edu,ou=testgroups,${base}
cn: aGroup_systemOfRecord
objectclass: eduMember
objectclass: groupOfNames
description: Group containing list of aGroup (generally straight from the system
of record) without yet considering manual include or exclude lists
member: cn=test.subject.0,ou=testpeople,${base}
member: cn=test.subject.1,ou=testpeople,${base}
member: cn=test.subject.3,ou=testpeople,${base}
hasmember: my name is test.subject.0
hasmember: my name is test.subject.1
hasmember: my name is test.subject.3
ismemberof: edu:aGroup_systemOfRecordAndIncludes
ismemberof: edu:aGroup
dn: cn=aGroup_systemOfRecordAndIncludes,ou=edu,ou=testgroups,dc=testgrouper,dc=edu
objectclass: eduMember
objectclass: groupOfNames
cn: aGroup_systemOfRecordAndIncludes
description: Internal utility group for group aGroup which facilitates the group
math for the include and exclude lists
member: cn=test.subject.0,ou=testpeople,${base}
member: cn=test.subject.1,ou=testpeople,${base}
member: cn=test.subject.2,ou=testpeople,${base}
member: cn=test.subject.3,ou=testpeople,${base}
member: cn=aGroup_includes,ou=edu,ou=testgroups,${base}
member: cn=aGroup_systemOfRecord,ou=edu,ou=testgroups,${base}
hasmember: my name is test.subject.0
hasmember: my name is test.subject.1
hasmember: my name is test.subject.2
hasmember: my name is test.subject.3
hasmember: edu:aGroup_includes
hasmember: edu:aGroup_systemOfRecord
From Shilen :
It still doesn't seem right though...
1. duke:final_systemOfRecord - contains member shilen
2. duke:final_includes - empty
3. duke:final_systemOfRecordAndIncludes - contains members duke:final_systemOfRecord, duke:final_includes, and shilen
4. duke:final_excludes - contains member shilen
5. duke:final - composite group (duke:final_systemOfRecordAndIncludes minus duke:final_excludes)
duke:final contains 2 composite memberships – duke:final_systemOfRecord and duke:final_includes. So ldappc populates the 2 memberships also....
For some reason seeing the 2 composite memberships in Grouper never before appeared like a problem, but now seeing that in LDAP just seems wrong.