comanage-users - Re: [comanage-users] Creating LDAP DN from a self-signup user
Subject: COmanage Users List
List archive
- From: Benn Oshrin <>
- To: "Kevin M. Hildebrand" <>
- Cc:
- Subject: Re: [comanage-users] Creating LDAP DN from a self-signup user
- Date: Mon, 10 Apr 2017 17:21:04 -0500
- Ironport-phdr: 9a23:2CwPahwiISllRizXCy+O+j09IxM/srCxBDY+r6Qd2+gfIJqq85mqBkHD//Il1AaPBtSFrasfwLOO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFJiTanfL9/Ihq6oRjNusILnYZsN6E9xwfTrHBVYepW32RoJVySnxb4+Mi9+YNo/jpTtfw86cNOSL32cKskQ7NWCjQmKH0169bwtRbfVwuP52ATXXsQnxFVHgXK9hD6XpP2sivnqupw3TSRMMPqQbwoXzmp8rxmQwH0higZKzE58XnXis1ug6JdvBKhvAF0z4rNbI2IKPZyYqbRcNUHTmRDQ8lRTTRMDJ6iYYsBD+QPPuhWoIfyqFQMsRSwChKhBP/txzJSmnP6waM33uYnHArb3AIgBdUOsHHModjoKqgSV+a1x7TRwzXYb/NWwzb96I7VeR0muv6DQ7RwcczWyUQ0FgPFiEmQppL/PzOTyOsNr3aX4/B+Wu2ylm4qsgd8qSWsyMc0koTFmJ4Zx1Pe+Sh9wos5P8C0RUBlbdK+DpdcqyKXO5NrTs4gTGxkojs2x7kFtJKhYSQG1o4rywDCZ/GFdYWD/wjtW/yLIThigXJoYLK/iAi28Uin0uD8Vs600FNLriVbl9nDrHEN1xjK5sedTvZw+l2t2TmV2w/O8OFLP1o7la/bK54m2b4wioAfvljEHi/zgEn2jamWeVs4+uWw9ejrfrbrqoWYOoJ2kA3yL6ojltKlDegmLgQDXHCX+eGm273i+U35Tq9KjvozkqTBq5/VO8Ibpqi+AwJO04Yj7Qq/ACm80NQeg3YHMExJdAiZgIf0JlHCOOr4Auung1SwjDdrwOjLMaHmApXINHfDlq3ufblj5EJF1Qoz1s5Q54hPCrwaJPLzW1TxtMDDDhMnKQC0wuDnCMlj2YMEX2KAHLOZPL3IvVCW++0vPrrEWIhA8hXwNfkjr9uoxV84nVMQd7Og25ddICS7E+pnJW2EZHaqj9scRzQkpA07GcbnjlvKdiVTfXe0F/Y26zc9D6qnC5vOXIagnObH0SumSM4FLltaA0yBRC+7P76PXO0BPWfLepds
In the LDAP provisioner attribute configuration, you should see an
option "Use value from Organizational Identity" that does what you want.
I thought this was documented in the wiki somewhere, but I can't find it...
(In general you can't export Org Identity attributes because they're not
"operational", but there are limited exceptions primarily for this use
case.)
Thanks,
-Benn-
On 4/10/17 9:06 AM, Kevin M. Hildebrand wrote:
> I'm having some challenges creating the LDAP dn that I want based on
> attributes obtained via self-signup.
>
> I've got authenticated self-signup working, using Google auth. That
> populates ePPN in the Organizational Identity with the authenticated ID
> (I'm currently having it use the Google user's email address).
>
> The problem I'm having is that the LDAP provisioner only seems to want
> to draw items from the CO person record, and self-signup doesn't
> populate that record with much.
>
> For example if I set my 'People DN Identifier Type' in the provisioner
> to ePPN, the provisioning fails because ePPN isn't defined in the CO
> person record.
>
> I'd like to have the authenticated ID passed in from Google get assigned
> to ePPN in a form available to the LDAP provisioner so I can build a DN
> from it. Perhaps by automatically copying it to the CO person record,
> or perhaps a way to allow the LDAP provisioner to export attributes from
> the Organizational record.
>
> Thanks,
> Kevin
>
> --
> Kevin Hildebrand
> University of Maryland, College Park
>
- [comanage-users] Creating LDAP DN from a self-signup user, Kevin M. Hildebrand, 04/10/2017
- Re: [comanage-users] Creating LDAP DN from a self-signup user, Benn Oshrin, 04/10/2017
- Re: [comanage-users] Creating LDAP DN from a self-signup user, Kevin M. Hildebrand, 04/10/2017
- Re: [comanage-users] Creating LDAP DN from a self-signup user, Benn Oshrin, 04/10/2017
- Re: [comanage-users] Creating LDAP DN from a self-signup user, Benn Oshrin, 04/14/2017
- Re: [comanage-users] Creating LDAP DN from a self-signup user, Kevin M. Hildebrand, 04/10/2017
- Re: [comanage-users] Creating LDAP DN from a self-signup user, Benn Oshrin, 04/10/2017
Archive powered by MHonArc 2.6.19.