Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Ldappc missing LDAP sourced members

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Ldappc missing LDAP sourced members


Chronological Thread 
  • From: Tom Zeller <>
  • To: Raymond D Walker <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Ldappc missing LDAP sourced members
  • Date: Thu, 22 Oct 2009 09:08:53 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=r4ye1rpLhNX4TocT8d62QGMkzgPM6V2Tr7cZifxeyD1vdAFh8QMSFIWJwAY4WFKKvW CuN6hlS8KCo8awtjIOs2hATtJCa79KnoTEz31vxjlBaE4FuohzJaNrpBxWMHbKsBQkar iN5VjE3n1SyrHtynSEBgwWKxnW4twsqXprhew=

I'm feeling ancient too, and remember when I used to think of most
data structures as a multi-valued hash. It seems that objects are
often flattened into a string representation, and I'm not sure how
java beans fit into those flattened representations, since java won't
let you call a dynamically created method.

Anyway, the deal is

<source-subject-name-map source="NAULDAP" subject-attribute="name" />

will call subject.getAttributeValue("name"), which will return null if
you're using the GrouperJndiSourceAdapter.

So, now, ldappc checks if the subject-attribute="name" or "id", and
will call subject.getId() or subject.getName() if appropriate.

Fixed for 1.5.0.

Thanks,
Tomz

On Wed, Oct 21, 2009 at 1:55 PM, Raymond D Walker
<>
wrote:
> Revisiting this ancient issue with a better understanding...
>
> Currently have provisioning of "group-members-dn-list" working and now
> trying to add "group-members-name-list" via the "name" attribute. The
> provisioning of "group-members-name-list" does not seem to be working
> correctly. My config seems to be properly setup:
>
> <group-members-dn-list list-object-class="nauEduEnterpriseGroup"
>  list-attribute="nauEduManualMember"/>
>
> <group-members-name-list list-attribute="memberUid" list-object-
> class="nauEduEnterpriseGroup" list-empty-value="NONE">
>  <source-subject-name-mapping>
>   <source-subject-name-map source="NAULDAP" subject-attribute="name" />
>  </source-subject-name-mapping>
> </group-members-name-list>
>
> I have confirmed my source:
> source: id='NAULDAP' name='NAU LDAP'
> class='edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter'
>
> I have confirmed the attribute on the subjects to be populating:
> subject: id='XXXXXXXXXXXXXXXXXXXXXXXXXX' type='person'
> source='NAULDAP' name='rdw4'
>
> All I get is the empty value "NONE" populated for attribute
> "memberUid" in LDAP for all groups (populated or not) when
> provisioning. Any ideas on this?
>
> Raymond Walker
> Software Systems Engineer Sr.
> ITS Northern Arizona University
>
> On Nov 18, 2008, at 4:25 PM, Tom Zeller wrote:
>
>> A guess : group-members-dn-list and group-members-name-list are
>> colliding in a strange way since they both provision to uniqueMember
>> - maybe try setting group-members-name-list to a different list-
>> attribute than uniqueMember ?
>>
>> TomZ
>>
>> On Tue, Nov 18, 2008 at 12:03 PM,
>> <>
>> wrote:
>> I have grouper api 1.3.1 running and correctly sourcing subjects
>> from an instance of LDAP. When trying to use ldappc 1.2.0 to
>> populate LDAP with a list of groups and their members, I am
>> encountering some interesting issues.
>>
>> The groups populate in LDAP as expected, but members of these groups
>> do not show up. I'm looking at working with AD & LDAP so I'm just
>> trying to get UID's to populate as uniqueMember within a group.
>> Groups within groups populate, as I see from the g:gsa subject
>> source, but I'm actually looking to populate deep groups. For
>> example, all members are LDAP sourced:
>>
>> GroupA consists of person1, person2, & GroupB
>> GroupB consists of person3
>>
>> LDAP should look like:
>> dn: cn=etc:GroupA,ou=grouper,dc=nau,dc=edu
>> objectClass: groupOfUniqueNames
>> objectClass: top
>> cn: etc:GroupA
>> uniqueMember: person1
>> uniqueMember: person2
>> uniqueMember: person3
>>
>> dn: cn=etc:GroupB,ou=grouper,dc=nau,dc=edu
>> objectClass: groupOfUniqueNames
>> objectClass: top
>> cn: etc:GroupB
>> uniqueMember: person3
>>
>> I am executing:
>> ./bin/ldappc.sh -subject GrouperSystem -groups -interval 60
>> (from what I understand the -membership option is meant to populate
>> an LDAP person with what groups they are in. I am just looking to
>> populate a separate group area with groups and their members at this
>> time.)
>>
>> In grouper, my current sources are:
>> source: id='g:gsa' name='Grouper: Group Source Adapter'
>> class='edu.internet2.middleware.grouper.GrouperSourceAdapter'
>> source: id='g:isa' name='Grouper: Internal Source Adapter'
>> class='edu.internet2.middleware.grouper.InternalSourceAdapter'
>> source: id='jdbc' name='JDBC Source Adapter'
>> class='edu.internet2.middleware.subject.provider.JDBCSourceAdapter'
>> source: id='NAU LDAP' name='NAU Edu'
>> class='edu.internet2.middleware.subject.provider.JNDISourceAdapter'
>>
>> ldappc.xml looks like:
>>
>> <ldappc>
>>  <grouper>
>>    <group-queries>
>>      <subordinate-stem-queries>
>>        <stem-list>
>>          <stem>etc</stem>
>>        </stem-list>
>>      </subordinate-stem-queries>
>>    </group-queries>
>>    <groups structure="flat"
>>      root-dn="ou=grouper,dc=nau,dc=edu"
>>      ldap-object-class="groupOfUniqueNames"
>>      ldap-rdn-attribute="cn" grouper-attribute="name" >
>>
>>      <group-members-dn-list list-object-class="groupOfUniqueNames"
>> list-attribute="uniqueMember" list-empty-value=""/>
>>
>>      <group-members-name-list list-object-class="groupOfUniqueNames"
>> list-attribute="uniqueMember" >
>>        <source-subject-name-mapping>
>>          <source-subject-name-map source="NAU LDAP" subject-
>> attribute="id" />
>>          <source-subject-name-map source="g:gsa" subject-
>> attribute="name" />
>>      </source-subject-name-mapping>
>>      </group-members-name-list>
>>
>>  <source-subject-identifiers>
>>    <source-subject-identifier source="NAU LDAP" subject-
>> attribute="id" >
>>      <ldap-search base="ou=people,dc=nau,dc=edu"
>>        scope="subtree_scope"
>>        filter="(uid={0})" />
>>    </source-subject-identifier>
>>    <source-subject-identifier source="g:gsa" subject-
>> attribute="name" >
>>      <ldap-search base="ou=grouper,dc=nau,dc=edu"
>>        scope="subtree_scope"
>>        filter="(cn={0})" />
>>    </source-subject-identifier>
>>  </source-subject-identifiers>
>> ...ldap info removed...
>>
>> Any ideas of what's going south? This seems like a pretty basic
>> setup. My current setup looks to be doing LDAP queries for LDAP
>> sourced grouper members? Seems somewhat redundant. Thanks much for
>> any info! :D
>>
>> -Ray Walker
>>
>
>



Archive powered by MHonArc 2.6.16.

Top of Page