Grouper Users - Open Discussion List

[Tom Zeller <>]

If everyone is in the same ldap ou, perhaps a script attribute
definition will suffice, something like :

ldappcng.xml :
<attribute name="owner" ref="ownerScript" />

ldappc-resolver.xml :
<resolver:AttributeDefinition xsi:type="Script"
  xmlns="urn:mace:shibboleth:2.0:resolver:ad"
  id="ownerScript" >
  <resolver:Dependency ref="GroupDataConnectorAED" />
  <Script><![CDATA[
    
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
   // value = "dallende";
   value = owner.getValues().get(0);
   ownerScript = new BasicAttribute("ownerScript");
   ownerScript.getValues().add(value + ",ou=people,dc=univ-lille1,dc=fr");
 ]]></Script>
</resolver:AttributeDefinition>

I have not tried this. At first, I used "owner" as the name of the
AttributeDefinition, but "owner" is also the name of a grouper
attribute, and I thought they may collide.

[1] 
https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinition

> Hello,
>
> Still one question :
>  I try to do the same format attribute with a simple attribute that contains
> the uid of 1 person :
> owner=dallende --> uid=dallende,ou=people,dc=univ-lille1,dc=fr
> "dallende" is writed manually, not via the person's search...
>
> I have this response :
>
> <ldappc:calcResponse status='failure'
> requestID='2011/07/15-16:05:03.354_Q0FH9FRZ' error='customError'>
> <errorMessage>Unable to resolve attribute, dependency value is not a
> Member</errorMessage>
> <ldappc:id ID='lille1:groupesdetravail:avancementsec:comadhocaecm0000fses'/>
> </ldappc:calcResponse>
>
> I use the same syntax as for supannGroupeAdminDN or member for ldappcng but
> probably not possible because of the nature of attribute : string ?
> Must I use a list, even if there will be always only one person in that
> attribute or is there another possibility ?
>
> in ldappcng.xml :
> <references name="owner" emptyValue="" >
> <reference ref="owner" toObject="member" />
> </references>
>
> in ldappc-resolver.xml :
> <resolver:AttributeDefinition id="owner" xsi:type="grouper:Member"
> sourceAttributeID="owner">
> <resolver:Dependency ref="GroupDataConnectorAEC" />
> <grouper:Attribute id="id" source="lille1:ldap" />
> </resolver:AttributeDefinition>
>
>
>
> Thanks.
> Cordialement
> Brigitte
>
>
> Le 15/07/2011 12:43, Tom Zeller a écrit :
>>>
>>> So I can't publish in my ldap : the bulkSync take only one group : the
>>> first
>>> declared in my ldappcng.xml
>>> Perhaps an option could help me ?
>>
>> Looking at ldappcng.xml posted in the other thread, each object should
>> have a unique id :
>>
>> <object id="group2" authoritative="false">
>>  <identifier ref="group-dn2" baseId="${groupsOU}">
>>
>> <object id="group" authoritative="false">
>>   <identifier ref="group-dn" baseId="${groupsOU}">
>>
>> Your configuration has<object id="group" ... />  twice, which I think
>> is the issue.
>>
>> If this is the case, ldappcng should throw a configuration error, and
>> the failure to do so is a bug.
>
>
> --
> Brigitte Wallaert-Taquet
> Ingénieure d'études
> Chargée d'étude
> Espace collaboratif de Documents
> Université Lille1
> Sciences et Technologies
>
>