grouper-users - Re: [grouper-users] Multiple group types via LDAPPC
Subject: Grouper Users - Open Discussion List
List archive
- From: Wallaert-Taquet Brigitte <>
- To: Tom Zeller <>
- Cc: Mark Cairney <>,
- Subject: Re: [grouper-users] Multiple group types via LDAPPC
- Date: Fri, 15 Jul 2011 10:44:04 +0200
Le 13/07/2011 22:03, Tom Zeller a écrit :
Within Grouper I understand that you can create arbitrary Group types with
user-defined fields. Has anyone exported these to LDAP via LDAPPC?
Is it simply a case of creating multiple<groups> stanzas in ldappc.xml, one
for each group type?
One one<groups> element is allowed in ldappc.xml.
Hello,
Just to say that I put 2 "<object id="group" authoritative="false"> and it seems ok for me, here is my ldappcng.xml and my ldappc-resolver.xml.
You can see that my groups are published in ou=groups with different values of attribute "objectClass" and don't have the same attributes published. I use the value of attribute in type to filter the group in ldappc-resolver. I think that I can't filter directly on type but only on value of attribute of type, isn't it ?
I also publish a attribute ("ustlRole") in ou=people for only one type of group.
Here the result :
<ldappc:bulkCalcResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc' status='success' requestID='2011/07/12-19:04:19.148_Q0BECDV5'>
<ldappc:calcResponse status='success' requestID='2011/07/12-19:04:19.406_Q0BECDWC'>
<ldappc:id ID='lille1:institutionnels:personnels:tous'/>
<ldappc:pso entityName='group'>
<psoID ID='cn=grouper-TousPers,ou=groups,dc=univ-lille1,dc=fr' targetID='ldap'/>
<data>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>
<dsml:value>ustlPrivGroupe</dsml:value>
<dsml:value>groupOfURLs</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='memberURL'>
<dsml:value>ldap://anubis.univ-lille1.fr/ou=people,dc=univ-lille1,dc=fr??sub?(|(objectClass=usltPerson)(ntPassword=*))</dsml:value>
</dsml:attr>
</data>
</ldappc:pso>
</ldappc:calcResponse>
<ldappc:calcResponse status='success' requestID='2011/07/12-19:04:19.606_Q0BECDWF'>
<ldappc:id ID='lille1:groupesdetravail:avancementsec:comadhocaecm0000fses'/>
<ldappc:pso entityName='group'>
<psoID ID='cn=comAdHocAEC_M0000-FSES,ou=groups,dc=univ-lille1,dc=fr' targetID='ldap'/>
<data>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>
<dsml:value>ustlComAdHocAECGroupe</dsml:value>
<dsml:value>ustlPrivGroupe</dsml:value>
<dsml:value>groupOfNames</dsml:value>
<dsml:value>ustlGroupe</dsml:value>
<dsml:value>supannGroupe</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>
<dsml:value>comAdHocAEC_M0000-FSES</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='description'>
<dsml:value>Groupe Commission Ad Hoc Avancements Enseignants Chercheurs - M0000-FSES</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='owner'>
<dsml:value>uid=dallende,ou=people,dc=univ-lille1,dc=fr</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='ustlPresident'>
<dsml:value>uid=djellal,ou=people,dc=univ-lille1,dc=fr</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='supannGroupeDateFin'>
<dsml:value>20110831120000Z</dsml:value>
</dsml:attr>
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='members'>
<dsml:value>'jayet'/'person'/'lille1:ldap'</dsml:value>
<dsml:value>'verdier'/'person'/'lille1:ldap'</dsml:value>
</dsml:attr>
Cordialement
--
Brigitte Wallaert-Taquet
Ingénieure d'études
Chargée d'étude
Espace collaboratif de Documents
Université Lille1
Sciences et Technologies
<?xml version="1.0" encoding="utf-8"?> <ldappc xmlns="http://grouper.internet2.edu/ldappc"; xmlns:ldappc="http://grouper.internet2.edu/ldappc"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://grouper.internet2.edu/ldappc classpath:/schema/ldappc.xsd"> <targets id="LDAP"> <target id="ldap" provider="ldap-provider" /> <!-- <object id="stem"> <identifier ref="stem-dn" baseId="${groupsOU}"> <identifyingAttribute name="objectclass" value="organizationalUnit" /> </identifier> <attribute name="objectClass" ref="stem-objectclass" /> <attribute name="ou" ref="stem-ou" /> <attribute name="description" ref="stem-description" /> </object> --> <object id="group" authoritative="false"> <identifier ref="group-dn2" baseId="${groupsOU}"> <identifyingAttribute name="objectClass" value="${groupObjectClass2}" /> </identifier> <attribute name="objectClass" ref="objectClass2" /> <attribute name="memberURL" /> </object> <object id="group" authoritative="false"> <identifier ref="group-dn" baseId="${groupsOU}"> <identifyingAttribute name="objectClass" value="${groupObjectClass}" /> </identifier> <attribute name="objectClass" /> <attribute name="cn" /> <attribute name="description" /> <attribute name="owner" /> <attribute name="ustlPresident" /> <attribute name="supannGroupeDateFin" /> <attribute name="members" ref="member" /> <attribute name="supannGroupeAdminDN" ref="admin" /> <!--<attribute name="hasMember" ref="hasMember" /> <attribute name="isMemberOf" ref="groupIsMemberOf" />--> <!-- <references name="member" emptyValue="" > <reference ref="members-jdbc" toObject="member" /> </references> --> </object> <object id="member"> <identifier ref="member-dn" baseId="${peopleOU}"> <identifyingAttribute name="objectClass" value="eduPerson" /> </identifier> <attribute name="ustlRole" ref="memberIsMemberOf" /> </object> </targets> </ldappc>
<?xml version="1.0" encoding="UTF-8"?> <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:grouper="http://grouper.internet2.edu/shibboleth/2.0"; xmlns:ldappc="http://grouper.internet2.edu/ldappc"; xsi:schemaLocation=" urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd http://grouper.internet2.edu/shibboleth/2.0 classpath:/schema/shibboleth-2.0-grouper.xsd http://grouper.internet2.edu/ldappc classpath:/schema/ldappc.xsd"> <resolver:DataConnector id="GroupDataConnector" xsi:type="grouper:GroupDataConnector"> <grouper:GroupFilter xsi:type="grouper:ExactAttribute" name="PubLDAPGroup" value="AEC" /> <grouper:Attribute id="members:immediate" /> <grouper:Attribute id="members:immediate:supannGroupeAdminDN" /> </resolver:DataConnector> <resolver:DataConnector id="GroupDataConnector2" xsi:type="grouper:GroupDataConnector"> <grouper:GroupFilter xsi:type="grouper:ExactAttribute" name="PubLDAPGroup" value="GOF" /> <grouper:Attribute id="members:immediate" /> </resolver:DataConnector> <!-- <resolver:DataConnector id="StemDataConnector" xsi:type="grouper:StemDataConnector"> </resolver:DataConnector> --> <resolver:DataConnector id="MemberDataConnector" xsi:type="grouper:MemberDataConnector"> <grouper:GroupFilter xsi:type="grouper:ExactAttribute" name="PubLDAP" value="true"/> <grouper:Attribute id="groups" /> </resolver:DataConnector> <resolver:DataConnector id="StaticDataConnector" xsi:type="dc:Static"> <dc:Attribute id="objectClass"> <dc:Value>ustlComAdHocAECGroupe</dc:Value> <dc:Value>ustlPrivGroupe</dc:Value> <dc:Value>groupOfNames</dc:Value> <dc:Value>ustlGroupe</dc:Value> <dc:Value>supannGroupe</dc:Value> </dc:Attribute> </resolver:DataConnector> <resolver:DataConnector id="StaticDataConnector2" xsi:type="dc:Static"> <dc:Attribute id="objectClass"> <dc:Value>ustlPrivGroupe</dc:Value> <dc:Value>groupOfURLs</dc:Value> </dc:Attribute> </resolver:DataConnector> <!-- <resolver:AttributeDefinition id="stem-dn" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="name" rdnAttributeName="ou" base="${groupsOU}"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-ou" xsi:type="ad:Simple" sourceAttributeID="extension"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-description" xsi:type="ad:Simple" sourceAttributeID="description"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> --> <resolver:AttributeDefinition id="group-dn" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="cn" rdnAttributeName="cn" base="${groupsOU}"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-dn2" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="cn" rdnAttributeName="cn" base="${groupsOU}"> <resolver:Dependency ref="GroupDataConnector2" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="objectClass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="objectClass2" xsi:type="ad:Simple" sourceAttributeID="objectClass"> <resolver:Dependency ref="StaticDataConnector2" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="memberURL" xsi:type="ad:Simple"> <resolver:Dependency ref="GroupDataConnector2" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="description" xsi:type="ad:Simple"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="cn" xsi:type="ad:Simple" sourceAttributeID="cn"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="owner" xsi:type="ad:Simple" sourceAttributeID="owner"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="ustlPresident" xsi:type="ad:Simple" sourceAttributeID="ustlPresident"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="supannGroupeDateFin" xsi:type="ad:Simple" sourceAttributeID="supannGroupeDateFin"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <!--<resolver:AttributeDefinition id="member" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" base="${peopleOU}" rdnAttributeName="members" sourceAttributeID="members:immediate"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition>>--> <resolver:AttributeDefinition id="member" xsi:type="ad:Simple" sourceAttributeID="members:immediate"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="admin" xsi:type="ad:Simple" sourceAttributeID="members:immediate:supannGroupeAdminDN"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <!-- <resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName" sourceAttributeID="name"> <resolver:Dependency ref="GroupDataConnector" /> <Script><![CDATA[ // Import Shibboleth attribute provider importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider); value = name.getValues().get(0); value = value.replaceAll("\\/", "_"); value = value.replaceAll("\\/", "_"); value = value.replaceAll("\\[", "_"); value = value.replaceAll("\\]", "_"); value = value.replaceAll("\\:", "_"); value = value.replaceAll("\\;", "_"); value = value.replaceAll("\\|", "_"); value = value.replaceAll("\\=", "_"); value = value.replaceAll("\\,", "_"); value = value.replaceAll("\\+", "_"); value = value.replaceAll("\\*", "_"); value = value.replaceAll("\\?", "_"); sAMAccountName = new BasicAttribute("sAMAccountName"); sAMAccountName.getValues().add(value); ]]></Script> </resolver:AttributeDefinition> --> <resolver:AttributeDefinition id="hasMember" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" source="jdbc" /> <grouper:Attribute id="name" source="g:gsa" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="groupIsMemberOf" xsi:type="grouper:Group" sourceAttributeID="groups"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="members-jdbc" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="id" source="jdbc" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="members-g:gsa" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="members" source="g:gsa" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="member-dn" xsi:type="ad:Simple" sourceAttributeID="psoID" > <resolver:Dependency ref="SpmlDataConnector" /> </resolver:AttributeDefinition> <resolver:DataConnector id="SpmlDataConnector" provider="ldap-provider" xsi:type="ldappc:SPMLDataConnector" scope="subTree" base="${peopleOU}" returnData="identifier"> <resolver:Dependency ref="MemberDataConnector" /> <ldappc:FilterTemplate>(uid=${id.get(0)})</ldappc:FilterTemplate> </resolver:DataConnector> <resolver:AttributeDefinition id="memberIsMemberOf" xsi:type="grouper:Group" sourceAttributeID="groups"> <resolver:Dependency ref="MemberDataConnector" /> <grouper:Attribute id="ustlRole" /> </resolver:AttributeDefinition> </AttributeResolver>
- Re: [grouper-users] bug with screen group summary when several types for a group, (continued)
- Re: [grouper-users] bug with screen group summary when several types for a group, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/14/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Tom Zeller, 07/13/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Mark Cairney, 07/14/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Tom Zeller, 07/15/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Tom Zeller, 07/15/2011
Archive powered by MHonArc 2.6.16.