COmanage Users List

[Benn Oshrin <>]

Oh right I see what you're asking for. It's sort of related to another thread on list from a couple of days ago, but slightly more complicated. What you want requires 2.0.0 functionality, but even then is probably dependent on another change we're working on. I'll provide more details when I'm not typing on my phone...

On April 10, 2017 6:04:08 PM CDT, "Kevin M. Hildebrand" <> wrote:

That works for most of the ldap attributes but I can't create a dn that way. 

I'd like my dn to have the eppn in it, and have the uid match. 

i.e., 

dn: uid=,dc=test,dc=umd,dc=edu

I was thinking, perhaps an expansion of the fields available in the automatic identifier assignment would help- right now you can build identifiers with tokens from the user's name, how about expanding that to allow more generic expansion. 

Then I can build uid from eppn, and use that for my dn. 

Alternatively, the dn creation options should also allow one to pull values from the org record. 

Kevin 

On Apr 10, 2017 18:21, "Benn Oshrin" <> wrote:

In the LDAP provisioner attribute configuration, you should see an
option "Use value from Organizational Identity" that does what you want.
I thought this was documented in the wiki somewhere, but I can't find it...

(In general you can't export Org Identity attributes because they're not
"operational", but there are limited exceptions primarily for this use
case.)

Thanks,

-Benn-

On 4/10/17 9:06 AM, Kevin M. Hildebrand wrote:
> I'm having some challenges creating the LDAP dn that I want based on
> attributes obtained via self-signup.
>
> I've got authenticated self-signup working, using Google auth.  That
> populates ePPN in the Organizational Identity with the authenticated ID
> (I'm currently having it use the Google user's email address).
>
> The problem I'm having is that the LDAP provisioner only seems to want
> to draw items from the CO person record, and self-signup doesn't
> populate that record with much.
>
> For example if I set my 'People DN Identifier Type' in the provisioner
> to ePPN, the provisioning fails because ePPN isn't defined in the CO
> person record.
>
> I'd like to have the authenticated ID passed in from Google get assigned
> to ePPN in a form available to the LDAP provisioner so I can build a DN
> from it.  Perhaps by automatically copying it to the CO person record,
> or perhaps a way to allow the LDAP provisioner to export attributes from
> the Organizational record.
>
> Thanks,
> Kevin
>
> --
> Kevin Hildebrand
> University of Maryland, College Park
>