Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] ldappc-ng and custom extension

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] ldappc-ng and custom extension


Chronological Thread 
  • From: Tom Zeller <>
  • To: Scott Koranda <>
  • Cc: Grouper Users Mailing List <>
  • Subject: Re: [grouper-users] ldappc-ng and custom extension
  • Date: Mon, 7 Feb 2011 09:36:09 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=HD23oLBTQukjnrhh+CxdwhF4Hmc1PI6sLXzQk9/R9n9rvBcHylEEs3MbSvdh41ZP/Y iytFwDVy710vXjYj50FRqFeeuP2CCKcX8XO5/wo3z8iw/1SRHmrz8hD6dG5XfYDpOIFf j1HqegwjpMQa5YYMndippT6XZi3V8k3hyd6vQ=

I am pleased someone asked :-) Documentation should be better. After
writing this, I realize it should be on the wiki, which I should
attend to when I find time. This should be easier. If you decide to go
this route, keep in touch, I think it is very possible, however, it
may be time consuming for you to figure out what I have done so I
suggest we work together.

In general, you need to write (1) an ldappcng SpmlTargetProvider and
(2) a Shibboleth IdP extension.

The Provisioning Service Provider specific to your non-LDAP target
listens for SPML Requests and returns Responses. Implement the
(edu.internet2.middleware.ldappc.spml.provider.)SpmlTargetProvider
interface, probably by extending BaseSpmlTargetProvider. Take a look
at the LdapTargetProvider. Your custom provisioning business logic
will be (mostly) in :

execute(AddRequest)
execute(DeleteRequest)
execute(ModifyRequest)
execute(LookupRequest)
execute(SearchRequest)

The SPML library is now at java.net :

http://java.net/projects/openspml/

The Spring wiring for your custom IdP extension should be immensely enjoyable
:

https://spaces.internet2.edu/display/SHIB2/IdPDevCustomExtension

Your CustomSpmlTargetProvider will be a Shibboleth Service
instantiated by Spring and defined in ldappc-services.xml. For
example, here is the LdapTargetProvider configuration :

<!-- the ldap provider is required for ldappcng, not ldappc -->
<Service id="ldap-provider" xsi:type="ldappc:LdapPoolProvider"
ldapPoolId="ldapPool">
<ConfigurationResource file="/ldappc-ldap.xml"
xsi:type="resource:ClasspathResource" />
</Service>

Yours may look like :

<Service id="LIGO-provider" xsi:type="ligo:LIGO" >
<ConfigurationResource file="/LIGO.xml"
xsi:type="resource:ClasspathResource" />
</Service>

The Spring wiring for ldappcng is in src/main/resources. The ldappcng
namespace is specified in spring.handlers :

http\://grouper.internet2.edu/ldappc =
edu.internet2.middleware.ldappc.spml.config.LdappcNamespaceHandler

Here is the corresponding LdappcNamespaceHandler class :

public class LdappcNamespaceHandler extends BaseSpringNamespaceHandler {
public static final String NAMESPACE =
"http://grouper.internet2.edu/ldappc";;
public void init() {
...

registerBeanDefinitionParser(LdapTargetProviderBeanDefinitionParser.TYPE_NAME,
new LdapTargetProviderBeanDefinitionParser());
...
}
}

and the registered BeanDefinitionParser :

public class LdapTargetProviderBeanDefinitionParser extends
AbstractServiceBeanDefinitionParser {
public static final QName TYPE_NAME = new
QName(LdappcNamespaceHandler.NAMESPACE, "LdapPoolProvider");
protected Class getBeanClass(Element element) {
return LdapTargetProvider.class;
}
protected void doParse(Element configElement, ParserContext
parserContext, BeanDefinitionBuilder builder) {
super.doParse(configElement, parserContext, builder);
...
}
}

The ldappcng xsd schema is specified in spring.schemas :

http\://grouper.internet2.edu/ldappc = schema/ldappc.xsd

Here is the ldappcPoolProvider service :

<complexType name="LdapPoolProvider">
<complexContent>
<extension base="service:ServiceType">
<attribute name="ldapPoolId" type="string" use="required">
<annotation>
<documentation>TODO</documentation>
</annotation>
</attribute>
<attribute name="logLdif" type="boolean" default="false" />
<attribute name="logSpml" type="boolean" default="false" />
</extension>
</complexContent>
</complexType>

Your schema object needs to extend the ServiceType, for example :

<complexType name="LIGO">
<complexContent>
<extension base="service:ServiceType" />
</complexContent>
</complexType>

The ServiceType is defined in shibboleth-2.0-services.xsd, the
java-shib-common project may be helpful for you to check out and look
at :

https://spaces.internet2.edu/display/SHIB2/SourceAccess

Once you figure out your custom extension, the provisioned object,
identifier, and attribute definitions for your target are defined in
ldappcng.xml. For example :

<target id="ldap" provider="ldap-provider" />
<object ...
<identifier ...
<attribute ...

I think this should be enough for you to get started ;-)

TomZ

On Sun, Feb 6, 2011 at 11:07 AM, Scott Koranda
<>
wrote:
> Hi,
>
> We have a tool that requires (at this time) its own
> representation of group memberships. We prefer, however, to use
> Grouper as the single source of group membership information
> in our organization.
>
> I would like to understand if it is possible and how much work
> it would be to write a custom extension for ldappc-ng that
> would provision into the representation required for this
> tool.
>
> I have read this page with an overview of how ldappc-ng works
>
> https://spaces.internet2.edu/display/Grouper/LDAPPCNG+Documentation
>
> I would be grateful if someone could provide more technical
> details on how we would go about provisioning a non-LDAP
> target and creating a custom extension. I have downloaded the
> source but would appreciate some hints on where to get
> started.
>
> Thanks,
>
> Scott
>
>



Archive powered by MHonArc 2.6.16.

Top of Page