grouper-users - [grouper-users] Empty stem structures created when using LDAPPCNG into the AD
Subject: Grouper Users - Open Discussion List
List archive
- From: Richard James <>
- To: grouper users list <>
- Subject: [grouper-users] Empty stem structures created when using LDAPPCNG into the AD
- Date: Wed, 23 Feb 2011 12:00:25 +0000
- Accept-language: en-US, en-GB
- Acceptlanguage: en-US, en-GB
Hi,
We have successfully been testing LDAPPCNG provisioning from Grouper into the
Active Directory, and have been working on filtering out the groups that we
need provisioned. We have this working at the moment by defining a group
filter in the GroupDataConnector, this currently filters on stems,
<resolver:DataConnector id="GroupDataConnector"
xsi:type="grouper:GroupDataConnector">
<grouper:GroupFilter xsi:type="grouper:Minus">
<grouper:GroupFilter xsi:type="grouper:StemName"
name="Applications:Filestores:ISS" scope="SUB" />
<grouper:GroupFilter xsi:type="grouper:StemName" name="CorporateData"
scope="SUB"/>
</grouper:GroupFilter>
<grouper:Attribute id="members" />
<grouper:Attribute id="groups" />
</resolver:DataConnector>
This successfully provisions the groups that live under
"Applications:Filestores:ISS", however it creates the stem structure for
CorporateData, i.e. it will create the hierarchical folders for our org
structure without the actual departmental groups.
Is there anything that we need to add to the Ldappc-resolver to stop empty
folders being created within the AD? Maybe a filter within the
StemDataConnector?
Thanks
Richie
Regards
Richard James
Infrastructure Systems Administrator
ISS Systems Architecture
Newcastle University
<?xml version="1.0" encoding="utf-8"?> <ldappc xmlns="http://grouper.internet2.edu/ldappc"; xmlns:ldappc="http://grouper.internet2.edu/ldappc"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://grouper.internet2.edu/ldappc classpath:/schema/ldappc.xsd"> <targets id="LDAP"> <target id="ldap" provider="ldap-provider" /> <object id="stem"> <identifier ref="stem-dn" baseId="${groupsOU}"> <identifyingAttribute name="objectclass" value="organizationalUnit" /> </identifier> <attribute name="objectClass" ref="stem-objectclass" /> <attribute name="ou" ref="stem-ou" /> <attribute name="description" ref="stem-description" /> </object> <object id="group" authoritative="true"> <identifier ref="group-dn" baseId="${groupsOU}"> <identifyingAttribute name="objectClass" value="${groupObjectClass}" /> </identifier> <attribute name="objectClass" ref="group-objectclass" /> <attribute name="cn" /> <attribute name="description" /> <references name="member"> <reference ref="members-jdbc" toObject="member" /> <reference ref="members-g:gsa" toObject="group" /> </references> </object> <object id="member"> <identifier ref="member-dn" baseId="${peopleOU}"> <identifyingAttribute name="objectclass" value="person" /> </identifier> </object> </targets> </ldappc>
<?xml version="1.0" encoding="UTF-8"?> <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:grouper="http://grouper.internet2.edu/shibboleth/2.0"; xmlns:ldappc="http://grouper.internet2.edu/ldappc"; xsi:schemaLocation=" urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd http://grouper.internet2.edu/shibboleth/2.0 classpath:/schema/shibboleth-2.0-grouper.xsd http://grouper.internet2.edu/ldappc classpath:/schema/ldappc.xsd"> <resolver:DataConnector id="GroupDataConnector" xsi:type="grouper:GroupDataConnector"> <grouper:GroupFilter xsi:type="grouper:Minus"> <grouper:GroupFilter xsi:type="grouper:StemName" name="Applications:Filestores:ISS" scope="SUB" /> <grouper:GroupFilter xsi:type="grouper:StemName" name="CorporateData" scope="SUB"/> </grouper:GroupFilter> <grouper:Attribute id="members" /> <grouper:Attribute id="groups" /> </resolver:DataConnector> <resolver:DataConnector id="StemDataConnector" xsi:type="grouper:StemDataConnector"> </resolver:DataConnector> <resolver:DataConnector id="MemberDataConnector" xsi:type="grouper:MemberDataConnector"> <grouper:Attribute id="groups" /> <grouper:Attribute id="SAMA" source="jdbc" /> <grouper:Attribute id="SAMA" source="jdbc2" /> </resolver:DataConnector> <resolver:DataConnector id="StaticDataConnector" xsi:type="dc:Static"> <dc:Attribute id="group-objectclass"> <dc:Value>top</dc:Value> <dc:Value>${groupObjectClass}</dc:Value> </dc:Attribute> <dc:Attribute id="group-objectclass-eduMember"> <dc:Value>top</dc:Value> <dc:Value>${groupObjectClass}</dc:Value> <dc:Value>eduMember</dc:Value> </dc:Attribute> <dc:Attribute id="stem-objectclass"> <dc:Value>top</dc:Value> <dc:Value>organizationalUnit</dc:Value> </dc:Attribute> <dc:Attribute id="member-objectclass"> <dc:Value>eduMember</dc:Value> </dc:Attribute> </resolver:DataConnector> <resolver:AttributeDefinition id="stem-dn" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="extension" rdnAttributeName="ou" base="${groupsOU}"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-ou" xsi:type="ad:Simple" sourceAttributeID="extension"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-description" xsi:type="ad:Simple" sourceAttributeID="description"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-dn" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="extension" rdnAttributeName="cn" base="${groupsOU}"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-objectclass-eduMember" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="description" xsi:type="ad:Simple"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="cn" xsi:type="ad:Simple" sourceAttributeID="displayExtension"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName" sourceAttributeID="displayExtension"> <resolver:Dependency ref="GroupDataConnector" /> <Script><![CDATA[ // Import Shibboleth attribute provider importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider); value = name.getValues().get(0); value = value.replaceAll("\\/", "_"); value = value.replaceAll("\\/", "_"); value = value.replaceAll("\\[", "_"); value = value.replaceAll("\\]", "_"); value = value.replaceAll("\\:", "_"); value = value.replaceAll("\\;", "_"); value = value.replaceAll("\\|", "_"); value = value.replaceAll("\\=", "_"); value = value.replaceAll("\\,", "_"); value = value.replaceAll("\\+", "_"); value = value.replaceAll("\\*", "_"); value = value.replaceAll("\\?", "_"); sAMAccountName = new BasicAttribute("sAMAccountName"); sAMAccountName.getValues().add(value); ]]></Script> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="hasMember" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="id" source="jdbc" /> <grouper:Attribute id="name" source="g:gsa" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="groupIsMemberOf" xsi:type="grouper:Group" sourceAttributeID="groups"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="members-jdbc" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="id" source="jdbc" /> <grouper:Attribute id="id" source="jdbc2" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="members-g:gsa" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" source="g:gsa" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="member-dn" xsi:type="ad:Simple" sourceAttributeID="psoID"> <resolver:Dependency ref="SpmlDataConnector" /> </resolver:AttributeDefinition> <resolver:DataConnector id="SpmlDataConnector" provider="ldap-provider" xsi:type="ldappc:SPMLDataConnector" scope="subTree" base="${peopleOU}" returnData="identifier"> <resolver:Dependency ref="MemberDataConnector" /> <ldappc:FilterTemplate>(cn=${SAMA.get(0)})</ldappc:FilterTemplate> </resolver:DataConnector> <resolver:AttributeDefinition id="member-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="memberIsMemberOf" xsi:type="grouper:Group" sourceAttributeID="groups"> <resolver:Dependency ref="MemberDataConnector" /> <grouper:Attribute id="extension" /> </resolver:AttributeDefinition> </AttributeResolver>
- [grouper-users] Empty stem structures created when using LDAPPCNG into the AD, Richard James, 02/23/2011
- Re: [grouper-users] Empty stem structures created when using LDAPPCNG into the AD, Tom Zeller, 02/23/2011
- RE: [grouper-users] Empty stem structures created when using LDAPPCNG into the AD, Richard James, 02/24/2011
- Re: [grouper-users] Empty stem structures created when using LDAPPCNG into the AD, Tom Zeller, 02/23/2011
Archive powered by MHonArc 2.6.16.