grouper-users - Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP
Chronological Thread
- From: cameron stewart <>
- To: Tom Zeller <>
- Cc:
- Subject: Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP
- Date: Fri, 1 Apr 2011 14:31:39 -0600
Great, I will give this a try and report back on my results.
Thanks again.
Cameron
On Apr 1, 2011, at 12:21 PM, Tom Zeller wrote:
>> Whenever I create a group in Grouper and try to sync, it tries to create an
>> entry in LDAP like this:
>>
>> cn=Groups:groupname,o=organization,c=US
>>
>> our LDAP is formatted such that it would like to have this:
>>
>> ou=Groups,ou=groupname,o=organization,c=US
>>
>> Specifically, note that Groups (an already existing ou) is an ou, not cn.
>> Also, the ':'.
>>
>> What would I edit to change this, or can I even do this?
>
> You could script the <AttributeDefinition id="group-dn"> in
> ldappc-resolver.xml.
>
> I didn't try this, but it should be close :
>
> <resolver:AttributeDefinition id="group-dn"
> xsi:type="ldappc:PSOIdentifier"
> sourceAttributeID="mungDN" >
> <resolver:Dependency ref="mungDN" />
> </resolver:AttributeDefinition
>
> <resolver:AttributeDefinition xsi:type="Script"
> xmlns="urn:mace:shibboleth:2.0:resolver:ad"
> id="mungDN" >
> <resolver:Dependency ref="GroupDataConnector" />
> <Script><![CDATA[
>
> importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
>
> // value = "groupName:stem:rootStem";
> value = name.getValues().get(0);
>
> // mungDN : ou=Groups,ou=groupname,o=organization,c=US
> mungDN = new BasicAttribute("mungDN");
> mungDN.getValues().add("OU=Groups,ou=" + value + ",o=organization,c=US");
>
> ]]></Script>
> </resolver:AttributeDefinition>
>
> [1]
> https://lists.internet2.edu/sympa/arc/grouper-users/2011-03/msg00021.html
>
> [2]
> https://spaces.internet2.edu/display/SHIB2/ResolverScriptAttributeDefinition
>
> [3] https://spaces.internet2.edu/display/SHIB2/IdPAddAttribute
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, cameron stewart, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, Tom Zeller, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, cameron stewart, 04/01/2011
- <Possible follow-up(s)>
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, Tom Zeller, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, cameron stewart, 04/01/2011
- Re: [grouper-users] Changing format of fully qualified LDAP name in sync from Grouper to LDAP, Tom Zeller, 04/01/2011
Archive powered by MHonArc 2.6.16.