I'm using Sun DS v5.2.
I have three attributes: designation, role.
I am using a tool using which when i create a create/modify user entry with designation filled, a unique member is added to a group 'Members'.
Now, there are circumstances where
* Creating/ Modifying user entry is not done via the tool and so unique member for this user entry is not added to the group 'Members'.
* When user the designation attribute is deleted, group entry is not deleted.
This is causing inconsistency in the users and the group.
How can i resolve this?
Adding a user to a group based on the existence of another attribute is a custom procedure, so DSEE does not provide any specific feature OOTB to handle this.
Howveer, you can consider creating a directory plugin (e.g post modify ) to implement the desired logic. More on directory plugins at Sun ONE Directory Server 5.2 Plug-In API Programming Guide: Contents
30K entries is a small database, so I don't think it is required to put in place clever algorithm.
For scenario #1, you can get the list of users with designation set (e.g with search filter ((objectclass=yourUserClass)(designationAttribute=*)),
then retrieve the Member group and figure out who is missing
For scenario 2, you can easily extract those user entries without designation attribute with the following search filter ((objectclass=yourUserClass)(!(designationAttribute=*)) , then you can remove them from the Member group if needed.
My 2 cents