grouper-users - Re: [grouper-users] sources confusion
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Barton <>
- To:
- Subject: Re: [grouper-users] sources confusion
- Date: Sat, 26 Feb 2011 13:19:02 -0600
Baron,
In addition to the grouper book, this page has such details:
https://spaces.internet2.edu/display/Grouper/subject-0.3.1-doc
This page is admittedly hard to find. We're working on improving the
wiki, and it'd be great to leverage your experience in trying to use it
to get started. Please do let us know when you can't readily find an
answer to a question. We'll tell you where that answer is, and others to
follow should have a somewhat easier time.
Many thanks,
Tom
On 2/25/2011 2:44 PM, Baron Fujimoto wrote:
> Thank you! This response and Chris's have resolved the issue.
>
> Is there somewhere in the Wiki I overlooked though that explains these
> requirements and relationships though? The best reference I could find
> to guide my efforts was the Grouper Book's "Connecting to a subject
> source" page.
>
> <https://spaces.internet2.edu/display/Grouper/Grouper+book+-+Connecting+to+a+subject+source>
>
> -baron
>
> On Fri, Feb 25, 2011 at 08:50:41AM -0600, Tom Barton wrote:
> : Chris is right, of course. I'll just emphasize that the LDAP attribute
> : that contains the subjectId you've chosen for your implementation must
> : be what your searchSubject filter looks in. Since you've got
> :
> : <init-param>
> : <param-name>SubjectID_AttributeType</param-name>
> : <param-value>uid</param-value>
> : </init-param>
> :
> : declaring uid to be the attribute bearing the subjectId, you must use
> : uid in the equality filter in the definition of the searchSubject
> : searchType:
> :
> : <search>
> : <searchType>searchSubject</searchType>
> : <param>
> : <param-name>filter</param-name>
> : <param-value>
> : (& (uid=%TERM%) (objectclass=uhEduPerson))
> : </param-value>
> : </param>
> : <param>
> : <param-name>scope</param-name>
> : <param-value>
> : SUBTREE_SCOPE
> : </param-value>
> : </param>
> : <param>
> : <param-name>base</param-name>
> : <param-value>
> : ou=people,dc=hawaii,dc=edu
> : </param-value>
> : </param>
> : </search>
> :
> : Hope this helps,
> : Tom
> :
> : On 2/24/2011 8:11 PM, Chris Hyzer wrote:
> : > First, I will say I haven't done subject sources with ldap... but let
> me *try* to help :)
> : >
> : > There are three ways to search for a subject:
> : >
> : > By id
> : > By identifier
> : > By search string (returns list)
> : >
> : > The ID is usually the attribute of the user which doesn't change
> (probably opaque). At Penn, this is the penn_id which is e.g. 12345678
> : >
> : > An identifier (could be multiple) is what you can lookup a subject by.
> At penn, this is the pennkey, or e.g. mchyzer
> : >
> : > So... this part is the subject id:
> : >
> : > <init-param>
> : > <param-name>SubjectID_AttributeType</param-name>
> : > <param-value>uid</param-value>
> : > </init-param>
> : >
> : > Is uid something about the user which doesn't change?
> : >
> : > This should match (I think):
> : >
> : > FROM:
> : > <search>
> : > <searchType>searchSubject</searchType>
> : > <param>
> : > <param-name>filter</param-name>
> : > <param-value>
> : > (& (cn=%TERM%) (objectclass=uhEduPerson))
> : > </param-value>
> : > </param>
> : >
> : > TO:
> : > <search>
> : > <searchType>searchSubject</searchType>
> : > <param>
> : > <param-name>filter</param-name>
> : > <param-value>
> : > (& (uid=%TERM%) (objectclass=uhEduPerson))
> : > </param-value>
> : > </param>
> : >
> : > Then the search by identifier can be the other:
> : >
> : > FROM:
> : > <search>
> : > <searchType>searchSubjectByIdentifier</searchType>
> : > <param>
> : > <param-name>filter</param-name>
> : > <param-value>
> : > (& (uid=%TERM%) (objectclass=uhEduPerson))
> : > </param-value>
> : > </param>
> : >
> : > TO:
> : > <search>
> : > <searchType>searchSubjectByIdentifier</searchType>
> : > <param>
> : > <param-name>filter</param-name>
> : > <param-value>
> : > (& (cn=%TERM%) (objectclass=uhEduPerson))
> : > </param-value>
> : > </param>
> : >
> : > Right? Anyone else chime in :)
> : >
> : > You can test this command line:
> : >
> : >
> [appadmin@lorenzo
> bin]$ ./gsh.sh
> : > Type help() for instructions
> : > gsh 0% grouperSession = GrouperSession.startRootSession();
> : > edu.internet2.middleware.grouper.GrouperSession:
> 993610149d3b4cfc8ff2cdd89cd126cc,'GrouperSystem','application'
> : > gsh 1% SubjectFinder.findById("10021368");
> : > subject: id='10021368' type='person' source='pennperson' name='Michael
> Christopher Hyzer'
> : > gsh 2% SubjectFinder.findByIdentifier("mchyzer");
> : > subject: id='10021368' type='person' source='pennperson' name='Michael
> Christopher Hyzer'
> : > gsh 4% SubjectFinder.findAll("Chris Hyzer");
> : > subject: id='10021368' type='person' source='pennperson' name='Michael
> Christopher Hyzer'
> : > gsh 5% SubjectFinder.findAll("Chris Hyzer").iterator().next().getId();
> : > 10021368
> : > gsh 6%
> : >
> : > Note, the ID of the result must match what you findById()...
> : >
> : > Thanks,
> : > Chris
- [grouper-users] sources confusion, Baron Fujimoto, 02/24/2011
- RE: [grouper-users] sources confusion, Chris Hyzer, 02/24/2011
- Re: [grouper-users] sources confusion, Tom Barton, 02/25/2011
- Re: [grouper-users] sources confusion, Baron Fujimoto, 02/25/2011
- Re: [grouper-users] sources confusion, Tom Barton, 02/26/2011
- Re: [grouper-users] sources confusion, Baron Fujimoto, 02/25/2011
- RE: [grouper-users] sources confusion, Julio Polo, 02/25/2011
- RE: [grouper-users] sources confusion, Chris Hyzer, 02/25/2011
- Re: [grouper-users] sources confusion, Tom Barton, 02/25/2011
- RE: [grouper-users] sources confusion, Chris Hyzer, 02/24/2011
Archive powered by MHonArc 2.6.16.