Skip to Content.
Sympa Menu

grouper-dev - ldappc provisioning permission infomation about groups

Subject: Grouper Developers Forum

List archive

ldappc provisioning permission infomation about groups


Chronological Thread 
  • From: "Allen Chen" <>
  • To: "grouper-dev" <>
  • Subject: ldappc provisioning permission infomation about groups
  • Date: Fri, 28 Dec 2007 09:23:15 +0800

I have a question, if I authorize a group some privileges, how can I provision the permission infomation about the group to ldap?
 
The following configuration is copied from comanage recommended config:
 <signet>
    <permissions-listing stored-as="string"
      string-object-class="eduPerson"
      string-attribute="eduPersonEntitlement"
      string-prefix="urn:mace:internet2-nlr.edu:permission" />
      <permissions-queries>
        <subsystem-queries>
          <subsystem-list>
            <subsystem id="i2nlr" />
          </subsystem-list>
        </subsystem-queries>
 <!--
        <function-queries>
          <function-list>
            <function id="" />
          </function-list>
        </function-queries>
 -->
      </permissions-queries>
  </signet>
 
But if I want to deal with the permission of a group, what's the correct configuration?
I know the group in signet is also treated as a subject. Should those attributes in ldappc.xml be changed? Such as  string-object-class, string-attribute?
 
And since I haven't succeed in provisioning groups permission into LDAP, I want to know how permission of a group present in LDAP?  Is the permission of  group in the attrbutes of the group entry?
 
 
Allen Chen
2007-12-28
 



Archive powered by MHonArc 2.6.16.

Top of Page