Grouper Users - Open Discussion List

[Richard James <>]

Cheers Tom, that works perfectly and I'm now able to provision subjects from 
a number of different of different sources.

I will create a page on our part of the Grouper Wiki to document using 
LDAPPCNG with the Active Directory, hopefully it will be a good reference 
point for any other users.

Have a good weekend.

Richie

>-----Original Message-----
>From: 
>
> 
>[mailto:]
> On Behalf Of Tom
>Zeller
>Sent: 11 February 2011 15:46
>To: Richard James
>Cc: grouper users list
>Subject: Re: [grouper-users] LDAPPCNG Subject Identifiers
>
>If I understand correctly, in ldappc-resolver.xml, you will want to
>search for members using your SAMA attribute :
>
> <resolver:DataConnector id="SpmlDataConnector" ...
>  <resolver:Dependency ref="MemberDataConnector" />
>    <ldappc:FilterTemplate>(cn=${SAMA.get(0)})</ldappc:FilterTemplate>
>  </resolver:DataConnector>
>
>You will need to declare the SAMA attribute in the MemberDataConnector :
>
>  <resolver:DataConnector id="MemberDataConnector"
>xsi:type="grouper:MemberDataConnector">
>    <grouper:Attribute id="groups" />
>    <grouper:Attribute id="SAMA" source="jdbcX" />
>  </resolver:DataConnector>
>
>I wrote jdbcX, since I'm not sure which source adapter you wish to
>use. Multiple <Attribute id="" source="" /> elements are allowed.
>
>The MemberDataConnector returns only the declared attributes (using
><Attribute id="" source="" />) of a Member to avoid unnecessary
>queries.
>
>Does this help ?
>TomZ
>
>On Fri, Feb 11, 2011 at 8:43 AM, Richard James
><>
> wrote:
>> Hi,
>>
>> Hopefully this will be a nice simple query to help with, and apologies
>if this has already been discussed/documented elsewhere.
>>
>> We have been using LDAPPC for the past 4 months or so and have
>successfully been provisioning groups and memberships into our Active
>Directory. To do this we provision our subjects using a subject
>attribute we defined in our sources.xml file called SAMA. With LDAPPC we
>were able to configure in the LDAPPC.xml file to use the SAMA attribute
>when searching in the Active Directory.
>>
>> I have been installing LDAPPCNG and have been able to provision groups
>into the AD, but when we provision the memberships it uses the default
>subject ID, which unfortunately means that it will not be able to find a
>match against the CN attribute in the AD. If we change the subject id to
>a format which matches the CN attribute in the AD it will successfully
>provision the membership.
>>
>> See the response we get from running bulkCalc, which shows trying to
>provision the 2 different formats of subject ID.
>>
>> <ldappc:calcResponse status='failure' requestID='2011/02/11-
>14:24:26.644_QUBG45LX' error='noSuchIdentifier'>
>>    <errorMessage>Unable to calculate provisioned
>object.</errorMessage>
>>    <ldappc:id 
>> '/>
>>  </ldappc:calcResponse>
>>  <ldappc:calcResponse status='success' requestID='2011/02/11-
>14:24:26.699_QUBG45L0'>
>>    <ldappc:id ID='nrj17'/>
>>    <ldappc:pso entityName='member'>
>>      <psoID ID='cn=nrj17,ou=Staff Users,ou=Campus
>Users,dc=campus,dc=ncl,dc=ac,dc=uk' targetID='ldap'/>
>>    </ldappc:pso>
>>  </ldappc:calcResponse>
>> </ldappc:bulkCalcResponse>
>>
>> Would you be able to point me in the right direction of where you can
>change the subject identifier that LDAPPCNG will use when provisioning
>memberships i.e. for it to use the SAMA attribute? I have attempted to
>amend the Ldappc-resolver.xml but with no success. I have attached
>sanitized versions of some of our Ldappc config files.
>>
>> Thanks
>>
>> Richie
>>
>>
>>
>>
>>
>> Richard James
>> Infrastructure Systems Administrator
>> ISS Systems Architecture
>> Newcastle University