grouper-users - Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP
Chronological Thread
- From: Tom Zeller <>
- To: Cameron stewart <>
- Cc:
- Subject: Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP
- Date: Fri, 1 Apr 2011 13:21:39 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=ouaY0AfIqFwQx4pfKyQEC3F2xW148BIwAs6soslSZPsIgE67JSlyOqKLJLp1tW2K55 9fyELp+ycH/Osq5ZriLB72jsLHYuUix2Tv0uoKLwQN57Bv+qPR3MOjfkesX+vC5dYdtI GMzBBMYoIQbVFmKZJDFebThOkHT6KENANZQ40=
> Whenever I create a group in Grouper and try to sync, it tries to create an
> entry in LDAP like this:
>
> cn=Groups:groupname,o=organization,c=US
>
> our LDAP is formatted such that it would like to have this:
>
> ou=Groups,ou=groupname,o=organization,c=US
>
> Specifically, note that Groups (an already existing ou) is an ou, not cn.
> Also, the ':'.
>
> What would I edit to change this, or can I even do this?
You could script the <AttributeDefinition id="group-dn"> in
ldappc-resolver.xml.
I didn't try this, but it should be close :
<resolver:AttributeDefinition id="group-dn"
xsi:type="ldappc:PSOIdentifier"
sourceAttributeID="mungDN" >
<resolver:Dependency ref="mungDN" />
</resolver:AttributeDefinition
<resolver:AttributeDefinition xsi:type="Script"
xmlns="urn:mace:shibboleth:2.0:resolver:ad"
id="mungDN" >
<resolver:Dependency ref="GroupDataConnector" />
<Script><![CDATA[
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
// value = "groupName:stem:rootStem";
value = name.getValues().get(0);
// mungDN : ou=Groups,ou=groupname,o=organization,c=US
mungDN = new BasicAttribute("mungDN");
mungDN.getValues().add("OU=Groups,ou=" + value + ",o=organization,c=US");
]]></Script>
</resolver:AttributeDefinition>
[1] https://lists.internet2.edu/sympa/arc/grouper-users/2011-03/msg00021.html
[2]
https://spaces.internet2.edu/display/SHIB2/ResolverScriptAttributeDefinition
[3] https://spaces.internet2.edu/display/SHIB2/IdPAddAttribute
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, cameron stewart, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, Tom Zeller, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, cameron stewart, 04/01/2011
- <Possible follow-up(s)>
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, Tom Zeller, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, cameron stewart, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, Tom Zeller, 04/01/2011
Archive powered by MHonArc 2.6.16.