Grouper Users - Open Discussion List

[Tom Zeller <>]

What Source/Subject adapter are you using ? Is it custom ? If not
custom, posting your (sanitized) sources.xml will help.

TomZ

On Fri, Aug 6, 2010 at 8:59 AM, Richard James
<>
 wrote:
> Hi All,
>
> With some very much appreciated help from the community, we are able to 
> successfully provision from grouper into our active directory, yet we do 
> have an area which we would appreciate some advice on.
>
> Our current Grouper setup uses 
> 
>  as the subject identifier, this is to ensure that our Grouper install is 
> future proof if we begin to allow multi institutional federated access.
>
> The issue we encounter is that within the active directory, there are no 
> attributes attached to a user object which use the 
> 
>  scope. The attribute we would ideally like to be able to search is the 
> sAMAccountName, which uses just the login id, without the @ncl.ac.uk. To 
> currently be able to find subjects in the AD, we are setting the subject 
> 'name' attribute to be the login id so that we can use this is the 
> ldap-search,
>
> <source-subject-identifiers>
>    <source-subject-identifier source="jdbc" subject-attribute="name">
>      <ldap-search
>        base="CN=Users,dc=testcampus,dc=ncl,dc=ac,dc=uk"
>        scope="onelevel_scope"
>        filter="(sAMAccountName={0})" />
>    </source-subject-identifier>
>  </source-subject-identifiers>
>
> What we are wondering is if there is any way to attach a custom attribute 
> to the subject which we can define as sAMAccountName, and be able to use 
> this in the LDAP search? Or alternatively be able to trim the @ncl.ac.uk 
> from the ID for searching, similar to the process used for replacing colons 
> for the sAMAccountName in the creation of a new group?
>
> Any hints or possible approaches would be very much appreciated.
>
> Regards
>
> Richard James
> ISS Middleware Team
>
>
>