Details
Critical Description
In our pre-release work in Grouper, we discovered that the API must instantiate a subject before it can delete the subject from a group's membership. There is a major use case at Brown (and certainly elsewhere) where users leave the directory without first being deleted from Grouper. Our provisioning software handled these cases by recognizing the need to remove the user from the group, but it would fail catastrophically and produce an unrecoverable corrupted data condition that made the group unusable. We implemented a solution that uses a local SQL user registry rather than our LDAP registry, (originally, there were performance reasons for this). But our design of the SQL person registry was influenced by the desire to never delete users from the SQL registry, so we could be assured of being able to successfully delete purged users' group membership.
Ideally, there should be an ability to remove a subject's group membership based on just a subject identifier, not a subject instance. I don't have an example of the exception, but it was (unfortunately) one of the most repeatable exceptions we've seen.