COmanage Users List

[Benn Oshrin <>]

In the LDAP provisioner attribute configuration, you should see an
option "Use value from Organizational Identity" that does what you want.
I thought this was documented in the wiki somewhere, but I can't find it...

(In general you can't export Org Identity attributes because they're not
"operational", but there are limited exceptions primarily for this use
case.)

Thanks,

-Benn-

On 4/10/17 9:06 AM, Kevin M. Hildebrand wrote:
> I'm having some challenges creating the LDAP dn that I want based on
> attributes obtained via self-signup.
> 
> I've got authenticated self-signup working, using Google auth.  That
> populates ePPN in the Organizational Identity with the authenticated ID
> (I'm currently having it use the Google user's email address).
> 
> The problem I'm having is that the LDAP provisioner only seems to want
> to draw items from the CO person record, and self-signup doesn't
> populate that record with much.
> 
> For example if I set my 'People DN Identifier Type' in the provisioner
> to ePPN, the provisioning fails because ePPN isn't defined in the CO
> person record.
> 
> I'd like to have the authenticated ID passed in from Google get assigned
> to ePPN in a form available to the LDAP provisioner so I can build a DN
> from it.  Perhaps by automatically copying it to the CO person record,
> or perhaps a way to allow the LDAP provisioner to export attributes from
> the Organizational record.
> 
> Thanks,
> Kevin
> 
> --
> Kevin Hildebrand
> University of Maryland, College Park
>