grouper-users - Re: [grouper-users] ldappcng : modify the format attribute
Subject: Grouper Users - Open Discussion List
List archive
- From: Wallaert-Taquet Brigitte <>
- To: Tom Zeller <>
- Cc:
- Subject: Re: [grouper-users] ldappcng : modify the format attribute
- Date: Fri, 15 Jul 2011 12:23:17 +0200
Hello,
Thanks a lot, it's ok !
I obtain what I want :
<capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
<spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
<spmlref:toPsoID ID='uid=jayet,ou=people,dc=univ-lille1,dc=fr' targetID='ldap'/>
</spmlref:reference>
<spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
<spmlref:toPsoID ID='uid=verdier,ou=people,dc=univ-lille1,dc=fr' targetID='ldap'/>
</spmlref:reference>
<spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='supannGroupeAdminDN'>
<spmlref:toPsoID ID='uid=djellal,ou=people,dc=univ-lille1,dc=fr' targetID='ldap'/>
</spmlref:reference>
<spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='supannGroupeAdminDN'>
<spmlref:toPsoID ID='uid=figuered,ou=people,dc=univ-lille1,dc=fr' targetID='ldap'/>
</spmlref:reference>
</capabilityData>
But now, I want to publish in my ldap and I note that bulkSync functions differently that bulkCalc.
So I can't publish in my ldap : the bulkSync take only one group : the first declared in my ldappcng.xml
Perhaps an option could help me ?
Thanks for help.
Cordialement
Brigitte
Le 14/07/2011 22:40, Tom Zeller a écrit :
The purpose of ldappcng.xml is to map target (ldap) attributes to
attribute definitions from a Shibboleth attribute resolver
configuration (ldappc-resolver.xml).
In ldappcng.xml,<ldappc:attribute name=X ref=Y /> returns an (ldap)
attribute with name X and values from<resolver:AttributeDefinition
id=Y /> in ldappc-resolver.xml.
So
ldappcng.xml :
<ldappc:attribute name="members" ref="member" />
ldappc-resolver.xml :
<resolver:AttributeDefinition id="member" xsi:type="ad:Simple"
sourceAttributeID="members:immediate">
<resolver:Dependency ref="GroupDataConnector" />
</resolver:AttributeDefinition>
produces
<dsml:attr name='members' ...>
<dsml:value>'jayet'/'person'/'lille1:ldap'</dsml:value>
<dsml:value>'verdier'/'person'/'lille1:ldap'</dsml:value>
</dsml:attr>
where 'jayet'/'person'/'lille1:ldap' is the string representation of a
subject who is a member (an immediate member of the default "members"
list) of the group being provisioned.
In ldappcng.xml, a<reference /> is similar to an<attribute /> in
that values are derived from an<AttributeDefinition /> in
ldappc-resolver.xml, however, the values are resolved into
identifiers.
So, you will want something like
ldappcng.xml :
<references name="member" emptyValue="">
<reference ref="members-lille1:ldap" toObject="member" />
</references>
ldappc-resolver.xml :
<resolver:AttributeDefinition id="members-lille1:ldap"
xsi:type="grouper:Member" sourceAttributeID="members:immediate">
<resolver:Dependency ref="GroupDataConnector" />
<grouper:Attribute id="id" source="lille1:ldap" />
</resolver:AttributeDefinition>
which resolves members into identifiers. The<AttributeDefinition
id="members-lille1:ldap" /> returns the subject "id" attribute (your
ldap uid, e.g. 'jayet') of every immediate member from the
"lille1:ldap" source of the default "members" list.
You should have a "member" object in ldappcng.xml :
ldappcng.xml :
<object id="member">
<identifier ref="member-dn" baseId="ou=people,dc=univ-lille1,dc=fr">
<identifyingAttribute name="objectclass" value="person" />
</identifier>
</object>
which refers to a "member-dn" attribute definition in
ldappc-resolver.xml, which performs an ldap lookup via an
SPMLDataConnector :
ldappc-resolver.xml :
<resolver:AttributeDefinition id="member-dn" xsi:type="ad:Simple"
sourceAttributeID="psoID">
<resolver:Dependency ref="SpmlDataConnector" />
</resolver:AttributeDefinition>
<resolver:DataConnector id="SpmlDataConnector"
provider="ldap-provider" xsi:type="ldappc:SPMLDataConnector"
scope="subTree" base="ou=people,dc=univ-lille1,dc=fr"
returnData="identifier">
<resolver:Dependency ref="MemberDataConnector" />
<ldappc:FilterTemplate>(uid=${id.get(0)})</ldappc:FilterTemplate>
</resolver:DataConnector>
So, the<AttributeDefinition id="members-lille1:ldap" /> returns
'jayet', for which an ldap search is performed (with the filter
"uid=jayet"), and the resultant identifier
'uid=jayet,ou=people,dc=univ-lille1,dc=fr' is returned as the value of
<AttributeDefinition id="member-dn" />. This becomes the identifier of
<object id="member" />, which becomes a value of<references
name="members" />.
Now, let us look at
ldappcng.xml :
<attribute name="supannGroupeAdminDN" ref="admin" />
ldappc-resolver.xml :
<resolver:AttributeDefinition id="admin" xsi:type="ad:Simple"
sourceAttributeID="members:immediate:supannGroupeAdminDN">
<resolver:Dependency ref="GroupDataConnector" />
</resolver:AttributeDefinition>
I assume that you want an ldap attribute like
supannGroupeAdminDN: uid=jayet,ou=people,dc=univ-lille1,dc=fr
To do this, you will need something like
ldappcng.xml :
<references name="supannGroupeAdminDN" emptyValue="">
<reference ref="admin" toObject="member" />
</references>
ldappc-resolver.xml :
<resolver:AttributeDefinition id="admin" xsi:type="grouper:Member"
sourceAttributeID="members:immediate:supannGroupeAdminDN">
<resolver:Dependency ref="GroupDataConnector" />
<grouper:Attribute id="id" source="lille1:ldap" />
</resolver:AttributeDefinition>
I hope this helps. There are other configurations that will work.
Let us know if you are successful, or not.
TomZ
On Wed, Jul 13, 2011 at 2:52 AM, Wallaert-Taquet Brigitte
<>
wrote:
Hello,
Here is my sources.xml
Yes, I use only ldap source for my group members.
Thanks for you help.
Cordialement
Le 12/07/2011 21:45, Tom Zeller a écrit :
Could you attach a copy of sources.xml (omitting any passwords) please ?
I assume you are using an ldap source for group members, is that correct ?
On Tue, Jul 12, 2011 at 12:12 PM, Wallaert-Taquet Brigitte
<>
wrote:
Hello,
I want to obtain this with my ldappcng but I don't find how :
my attributes are a simple attribute "ustlPresident" or "owner" for
example or is the default list members and also a custom list
"supannGroupeAdminDN". I would like that ldappcng do that :
For example : in Grouper, members = jayet, verdier
in ldap : member =
uid=jayet,ou=people,dc=univ-lille1,dc=fr
uid=verdier,ou=people,dc=univ-lille1,dc=fr
At the moment, I obtain this :
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='members'>
<dsml:value>'jayet'/'person'/'lille1:ldap'</dsml:value>
<dsml:value>'verdier'/'person'/'lille1:ldap'</dsml:value>
</dsml:attr>
Here is part of my ldappc-resolver.xml and ldappcng.xml :
------ ldappcng.xml ------------
<object id="group" authoritative="false">
<identifier ref="group-dn" baseId="${groupsOU}">
<identifyingAttribute name="objectClass" value="${groupObjectClass}" />
</identifier>
<attribute name="objectClass" />
<attribute name="cn" />
<attribute name="description" />
<attribute name="owner" />
<attribute name="ustlPresident" />
<attribute name="supannGroupeDateFin" />
<attribute name="members" ref="member" />
<attribute name="supannGroupeAdminDN" ref="admin" />
</object>
----------- ldappc-resolver.xml --------------------
<resolver:AttributeDefinition id="owner" xsi:type="ad:Simple"
sourceAttributeID="owner">
<resolver:Dependency ref="GroupDataConnector" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition id="ustlPresident" xsi:type="ad:Simple"
sourceAttributeID="ustlPresident">
<resolver:Dependency ref="GroupDataConnector" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition id="member" xsi:type="ad:Simple"
sourceAttributeID="members:immediate">
<resolver:Dependency ref="GroupDataConnector" />
</resolver:AttributeDefinition>
<resolver:AttributeDefinition id="admin" xsi:type="ad:Simple"
sourceAttributeID="members:immediate:supannGroupeAdminDN">
<resolver:Dependency ref="GroupDataConnector" />
</resolver:AttributeDefinition>
Anyone could help me ?
Thank you.
Nota : Excuse-me for my poor english...
Cordialement
--
Brigitte Wallaert-Taquet
Ingénieure d'études
Chargée d'étude
Espace collaboratif de Documents
Université Lille1
Sciences et Technologies
--
Brigitte Wallaert-Taquet
Ingénieure d'études
Chargée d'étude
Espace collaboratif de Documents
Université Lille1
Sciences et Technologies
--
Brigitte Wallaert-Taquet
Ingénieure d'études
Chargée d'étude
Espace collaboratif de Documents
Université Lille1
Sciences et Technologies
- [grouper-users] Multiple group types via LDAPPC, Mark Cairney, 07/12/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Tom Zeller, 07/12/2011
- [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/12/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/12/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/13/2011
- [grouper-users] bug with screen group summary when several types for a group, Wallaert-Taquet Brigitte, 07/13/2011
- Re: [grouper-users] bug with screen group summary when several types for a group, GW Brown, Information Systems and Computing, 07/15/2011
- Re: [grouper-users] bug with screen group summary when several types for a group, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] bug with screen group summary when several types for a group, GW Brown, Information Systems and Computing, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/14/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/15/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/19/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/19/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/19/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/19/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/19/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/15/2011
- [grouper-users] bug with screen group summary when several types for a group, Wallaert-Taquet Brigitte, 07/13/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/13/2011
- Re: [grouper-users] ldappcng : modify the format attribute, Tom Zeller, 07/12/2011
- [grouper-users] ldappcng : modify the format attribute, Wallaert-Taquet Brigitte, 07/12/2011
- Re: [grouper-users] Multiple group types via LDAPPC, Tom Zeller, 07/12/2011
Archive powered by MHonArc 2.6.16.