grouper-users - RE: [grouper-users] sources.xml ldap and script groupershell
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Chris Hyzer <>, Brigitte Wallaert Taquet <>
- Cc: Tom Zeller <>, "" <>
- Subject: RE: [grouper-users] sources.xml ldap and script groupershell
- Date: Sat, 8 Oct 2011 05:55:41 +0000
- Accept-language: en-US
Are you on 2.0?
Here is a script that will do what you want, and doesn't depend on
sources.xml findAll()...
First add these properties to the grouper.properties file:
ldap.url = ldaps://someldap.school.edu:636
ldap.baseDn = dc=school,dc=edu
ldap.user = uid=user,ou=people,dc=school,dc=edu
ldap.pass = xxxxxx
Then, add the vt-ldap.jar to the classpath (lib dir?)
http://code.google.com/p/vt-middleware/downloads/detail?name=vt-ldap-3.3.4-dist.zip&can=2&q=
Here is a GSH script to add membership from an ldap filter to a group (note,
make sure there are no newlines that are not below (only after semicolon)).
Also note, you could turn this into Java for more flexibility too... :)
grouperSession = GrouperSession.startRootSession();
group = new
GroupSave(grouperSession).assignName("test:testGroup").assignCreateParentStemsIfNotExist(true).save();
ldapConfig = new
edu.vt.middleware.ldap.LdapConfig(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.url"),
edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.baseDn"));
ldapConfig.setBindDn(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.user"));
ldapConfig.setBindCredential(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.pass"));
factory = new edu.vt.middleware.ldap.pool.DefaultLdapFactory(ldapConfig);
pool = new edu.vt.middleware.ldap.pool.BlockingLdapPool(factory);
ldap = pool.checkOut();
results = ldap.search("ou=people,dc=school,dc=edu", new
edu.vt.middleware.ldap.SearchFilter("(|(uid=jsmith)(uid=tjones))"), new
String[]{"uid"});
while (results.hasNext())
{group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(),
true));}
pool.checkIn(ldap);
# check with this:
getMembers("test:testGroup");
-----Original Message-----
From:
[mailto:]
On Behalf Of Chris Hyzer
Sent: Friday, October 07, 2011 11:31 PM
To: Brigitte Wallaert Taquet
Cc: Tom Zeller;
Subject: RE: [grouper-users] sources.xml ldap and script groupershell
Yes, you can have a different sources.xml for gsh and ui. In Grouper 2.1
there is a loader from ldap:
https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP
I assume you cant wait a few months for this :) Or maybe you can get
something working now, and then migrate to the loader later and switch your
sources.xml back.
Another option is I can give you some code from 2.1 in a jar that you could
run temporarily until you upgrade to 2.1...
Thanks,
Chris
-----Original Message-----
From: Brigitte Wallaert Taquet
[mailto:]
Sent: Friday, October 07, 2011 2:42 PM
To: Chris Hyzer
Cc: Tom Zeller;
Subject: RE: [grouper-users] sources.xml ldap and script groupershell
Hello,
Yes, I need for my script GrouperShell (folder-grouper/bin/gsh.sh
myscript.gsh) to search all subjects for whom the attribute ldap
"ustlRole" is valued (ustlRole=*) and then attach these subjects to a
group named "ustlRoletemoin".
Initially, I ask first ldap with dircontext and after, I transform
each identifier received (uid) in subject Grouper (with findAll on
identifier "uid") but my administrator ldap says that I ask 2 times
for the same things so he doesn't agree.
So, I think use only findAll in my groupershell script to search on
attribute ustlRole=* instead on uid and displayName. But for LiteUi, I
need that the search for a subject (findAll too it seems ?) continue
to use uid and displayName attributes to do the search.
I hope it is more clearly ?
So, if I understand what you say, it's perhaps possible if I can have
2 sources.xml différents ; one for my script and one for LiteUi ? but
how ? Now, I do that but I have to modify sources.xml if I need to
deploy again Grouper-API for Grouper-UI, it is not very good I think !
Thanks for your help.
Cordialement
Brigitte
Quoting Chris Hyzer
<>:
> Not sure I completely understand, but findAll cannot have a
> parameter of where it is being called from, it is consistent. But
> you can have a slightly different sources.xml in your UI as opposed
> to WS or something else. Can you explain what you need in a
> different way? :)
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: Wallaert-Taquet Brigitte
> [mailto:]
> Sent: Friday, October 07, 2011 5:54 AM
> To: Chris Hyzer; Tom Zeller
> Cc:
>
> Subject: Re: [grouper-users] sources.xml ldap and script groupershell
>
> Hello,
>
> Thanks a lot for your indications : effectively, the logs show me the
> asks which was ok and finally, the administrator's ldap find that the
> attribute "ustlRole" was protected and my server wasn't the rights to
> bind with connection ldap anonyme.
>
> Are you using GrouperJndiSourceAdapter in sources.xml ?
>
> <source
> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"
> ...>
>
> Yes
>
> Now I have problem because if I modify the search in sources.xml for my
> groupershell, the LiteUI will not find the subject correctly (because
> ask on ustlRole attribute instead on uid/displayName attributes).
> So, do you think it is possible to parameter somewhere for
> SubjectFinder.findAll use another search defined in sources.xml (for
> example, I can define another searchType named "searchUstlRole" in my
> sources.xml) or to parameter LiteUI and AdminUi to use another searchType ?
>
> Thanks a lot !
> Brigitte
>
>
> Le 06/10/2011 05:34, Chris Hyzer a écrit :
>> Search is used in SubjectFinder.findAll e.g. on the UI when you do
>> a search for a subject...
>>
>> Thanks,
>> Chris
>>
>> -----Original Message-----
>> From:
>>
>>
>> [mailto:]
>> On Behalf Of
>> Wallaert-Taquet Brigitte
>> Sent: Wednesday, October 05, 2011 5:32 AM
>> To:
>>
>> Subject: [grouper-users] sources.xml ldap and script groupershell
>>
>> Hello,
>>
>> I make a script that have to populate a group (named "ustlroletemoin")
>> for people LDAP for whom attribute ldap "ustlRole" have a value.
>>
>> So, I modify sources.xml for the search asks on ustlRole attribute (I
>> don't know exactly when this search is used ?):
>>
>> <search>
>> <searchType>search</searchType>
>> <param>
>> <param-name>filter</param-name>
>> <param-value>
>> (ustlRole=%TERM%)
>> <--------------------------------------------------
>> </param-value>
>> </param>
>> <param>
>> <param-name>scope</param-name>
>> <param-value>
>> SUBTREE_SCOPE
>> </param-value>
>> </param>
>> <param>
>> <param-name>base</param-name>
>> <param-value>
>> ou=people,dc=univ-lille1,dc=fr
>> </param-value>
>> </param>
>> </search>
>>
>> But I don't find a method that ask with this search ? It seems that
>> SubjectFinder.findAll asks only on searchSubject in sources.xml ?
>>
>> Before to put "*" (!), I try this and I have no results although there
>> are persons who have ustlRole=IntranetTest-users :
>>
>> for (Subject sujet : SubjectFinder.findAll("IntranetTest-users")) {
>> groupetemoin.addMember(sujet,false); nbreusersajoutes+=1; } }
>>
>> result : entree and nbreuserajoutes=0
>>
>> Thanks a lot !
>>
>
>
> --
> Brigitte Wallaert-Taquet
> Ingénieure d'études
> Chargée d'étude
> Espace collaboratif de Documents
> Université Lille1
> Sciences et Technologies
>
>
- [grouper-users] sources.xml ldap and script groupershell, Wallaert-Taquet Brigitte, 10/05/2011
- Re: [grouper-users] sources.xml ldap and script groupershell, Tom Zeller, 10/05/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/05/2011
- Re: [grouper-users] sources.xml ldap and script groupershell, Wallaert-Taquet Brigitte, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Brigitte Wallaert Taquet, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/08/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Brigitte Wallaert Taquet, 10/08/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/08/2011
- Re: [grouper-users] sources.xml ldap and script groupershell, Wallaert-Taquet Brigitte, 10/10/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/10/2011
- Re: [grouper-users] sources.xml ldap and script groupershell, Wallaert-Taquet Brigitte, 10/11/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/08/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Brigitte Wallaert Taquet, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Chris Hyzer, 10/07/2011
- RE: [grouper-users] sources.xml ldap and script groupershell, Brigitte Wallaert Taquet, 10/08/2011
- Re: [grouper-users] sources.xml ldap and script groupershell, Wallaert-Taquet Brigitte, 10/07/2011
Archive powered by MHonArc 2.6.16.