When a new user is provisioned, add the user entry before being assigned to a group.
Referential integrity cannot be guaranteed. If a group is added at the same time as a group is removed, the user can be left in a group that no longer exists. To prevent users being left in a group that does not exist, handle group updates with a single application.
We recommend that you rename groups by performing a delete and an add operation, otherwise, the changed name is not reflected in the memberOf attribute. If this error occurs, a cautionary alarm is issued.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |