Grouper Users - Open Discussion List

[Chris Hyzer <>]

It seems like one thing you could do now is just set the name and description to be uid.  Then make another attribute called directory_name or something, which is the public name, or blank if not there.  Or you could make that a virtual attribute which uses the name, and if not there uses the uid.  Or the name, and if not there the cn, and if not there, then the uid.  Know what I mean? 

 

Thanks,

chris

 

From: Lynn Garrison [mailto:]
Sent: Friday, February 25, 2011 2:28 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Error related to missing data in grouper source

 

            I would think that we would want the uid for name.   We currently store our group information in our directory. A user may not have a name in the directory but still can be added to groups because they have a uid.       We have to be able to manage groups without exposing the names of individuals who have requested a confidentiality hold.

On Feb 25, 2011, at 1:09 PM, Chris Hyzer wrote:

Do you really want it blank, or do you want it to be the uid so something is displayed where name is used?  Just curious

 

Thanks,

Chris

 

From:  [mailto:] On Behalf Of Lynn Garrison
Sent: Friday, February 25, 2011 11:11 AM
To: 
Subject: [grouper-users] Error related to missing data in grouper source

 

            We have encountered several errors in a test load of our faculty/staff data into Grouper.   We are using LDAP as our subject source.  The parameters are defined as

 

<init-param>

      <param-name>SubjectID_AttributeType</param-name>

      <param-value>uid</param-value>

    </init-param>

    <init-param>

      <param-name>Name_AttributeType</param-name>

      <param-value>cn</param-value>

    </init-param>

    <init-param>

      <param-name>Description_AttributeType</param-name>

      <param-value>eduPersonPrimaryAffiliation</param-value>

    </init-param>

 

 

Search is defined as

 

<search>

        <searchType>searchSubject</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (&amp; (uid=%TERM%) (objectclass=eduPerson))

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE

            </param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>

                dc=psu,dc=edu

            </param-value>

        </param>

 

 

            In a small number of cases, the ldap entry for a user doesn't have a cn entry due to a confidentiality hold.   We also have a few cases where the ldap entry doesn't have a eduPersonPrimaryAffiliation entry.   

           

            An addMember result in one of the following errors.  

2011-02-24 18:15:34,523: [main] ERROR JNDISourceAdapter.createSubject(236) -  - The LDAP attribute "eduPersonPrimaryAffiliation" does not have a value. It is being used as the Grouper special attribute "description".

2011-02-24 18:18:42,430: [main] ERROR JNDISourceAdapter.createSubject(227) -  - The LDAP attribute "cn" does not have a value. It is being used as the Grouper special attribute "name".

 

            A findSubject search in the grouper shell fails with this error,  Cant find subject by id or identifier.  

            Is there any way to make the name and description field optional - use the data if it exists, but don't generate an error if the data doesn't exist?

 

 

 

Lynn Garrison

IAM Technical Architect Group

215A Computer Building

University Park, PA 16802

(814) 865-4864