Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] sources.xml ldap and script groupershell

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] sources.xml ldap and script groupershell


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Chris Hyzer <>, Brigitte Wallaert Taquet <>
  • Cc: Tom Zeller <>, "" <>
  • Subject: RE: [grouper-users] sources.xml ldap and script groupershell
  • Date: Sat, 8 Oct 2011 05:55:41 +0000
  • Accept-language: en-US

Are you on 2.0?

Here is a script that will do what you want, and doesn't depend on
sources.xml findAll()...

First add these properties to the grouper.properties file:

ldap.url = ldaps://someldap.school.edu:636
ldap.baseDn = dc=school,dc=edu
ldap.user = uid=user,ou=people,dc=school,dc=edu
ldap.pass = xxxxxx

Then, add the vt-ldap.jar to the classpath (lib dir?)

http://code.google.com/p/vt-middleware/downloads/detail?name=vt-ldap-3.3.4-dist.zip&can=2&q=

Here is a GSH script to add membership from an ldap filter to a group (note,
make sure there are no newlines that are not below (only after semicolon)).
Also note, you could turn this into Java for more flexibility too... :)


grouperSession = GrouperSession.startRootSession();

group = new
GroupSave(grouperSession).assignName("test:testGroup").assignCreateParentStemsIfNotExist(true).save();

ldapConfig = new
edu.vt.middleware.ldap.LdapConfig(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.url"),

edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.baseDn"));
ldapConfig.setBindDn(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.user"));
ldapConfig.setBindCredential(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.pass"));

factory = new edu.vt.middleware.ldap.pool.DefaultLdapFactory(ldapConfig);

pool = new edu.vt.middleware.ldap.pool.BlockingLdapPool(factory);

ldap = pool.checkOut();

results = ldap.search("ou=people,dc=school,dc=edu", new
edu.vt.middleware.ldap.SearchFilter("(|(uid=jsmith)(uid=tjones))"), new
String[]{"uid"});

while (results.hasNext())
{group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(),
true));}

pool.checkIn(ldap);


# check with this:
getMembers("test:testGroup");



-----Original Message-----
From:


[mailto:]
On Behalf Of Chris Hyzer
Sent: Friday, October 07, 2011 11:31 PM
To: Brigitte Wallaert Taquet
Cc: Tom Zeller;

Subject: RE: [grouper-users] sources.xml ldap and script groupershell

Yes, you can have a different sources.xml for gsh and ui. In Grouper 2.1
there is a loader from ldap:

https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP

I assume you cant wait a few months for this :) Or maybe you can get
something working now, and then migrate to the loader later and switch your
sources.xml back.

Another option is I can give you some code from 2.1 in a jar that you could
run temporarily until you upgrade to 2.1...

Thanks,
Chris

-----Original Message-----
From: Brigitte Wallaert Taquet
[mailto:]

Sent: Friday, October 07, 2011 2:42 PM
To: Chris Hyzer
Cc: Tom Zeller;

Subject: RE: [grouper-users] sources.xml ldap and script groupershell

Hello,

Yes, I need for my script GrouperShell (folder-grouper/bin/gsh.sh
myscript.gsh) to search all subjects for whom the attribute ldap
"ustlRole" is valued (ustlRole=*) and then attach these subjects to a
group named "ustlRoletemoin".

Initially, I ask first ldap with dircontext and after, I transform
each identifier received (uid) in subject Grouper (with findAll on
identifier "uid") but my administrator ldap says that I ask 2 times
for the same things so he doesn't agree.

So, I think use only findAll in my groupershell script to search on
attribute ustlRole=* instead on uid and displayName. But for LiteUi, I
need that the search for a subject (findAll too it seems ?) continue
to use uid and displayName attributes to do the search.

I hope it is more clearly ?

So, if I understand what you say, it's perhaps possible if I can have
2 sources.xml différents ; one for my script and one for LiteUi ? but
how ? Now, I do that but I have to modify sources.xml if I need to
deploy again Grouper-API for Grouper-UI, it is not very good I think !

Thanks for your help.

Cordialement
Brigitte



Quoting Chris Hyzer
<>:

> Not sure I completely understand, but findAll cannot have a
> parameter of where it is being called from, it is consistent. But
> you can have a slightly different sources.xml in your UI as opposed
> to WS or something else. Can you explain what you need in a
> different way? :)
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: Wallaert-Taquet Brigitte
> [mailto:]
> Sent: Friday, October 07, 2011 5:54 AM
> To: Chris Hyzer; Tom Zeller
> Cc:
>
> Subject: Re: [grouper-users] sources.xml ldap and script groupershell
>
> Hello,
>
> Thanks a lot for your indications : effectively, the logs show me the
> asks which was ok and finally, the administrator's ldap find that the
> attribute "ustlRole" was protected and my server wasn't the rights to
> bind with connection ldap anonyme.
>
> Are you using GrouperJndiSourceAdapter in sources.xml ?
>
> <source
> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"
> ...>
>
> Yes
>
> Now I have problem because if I modify the search in sources.xml for my
> groupershell, the LiteUI will not find the subject correctly (because
> ask on ustlRole attribute instead on uid/displayName attributes).
> So, do you think it is possible to parameter somewhere for
> SubjectFinder.findAll use another search defined in sources.xml (for
> example, I can define another searchType named "searchUstlRole" in my
> sources.xml) or to parameter LiteUI and AdminUi to use another searchType ?
>
> Thanks a lot !
> Brigitte
>
>
> Le 06/10/2011 05:34, Chris Hyzer a écrit :
>> Search is used in SubjectFinder.findAll e.g. on the UI when you do
>> a search for a subject...
>>
>> Thanks,
>> Chris
>>
>> -----Original Message-----
>> From:
>>
>>
>> [mailto:]
>> On Behalf Of
>> Wallaert-Taquet Brigitte
>> Sent: Wednesday, October 05, 2011 5:32 AM
>> To:
>>
>> Subject: [grouper-users] sources.xml ldap and script groupershell
>>
>> Hello,
>>
>> I make a script that have to populate a group (named "ustlroletemoin")
>> for people LDAP for whom attribute ldap "ustlRole" have a value.
>>
>> So, I modify sources.xml for the search asks on ustlRole attribute (I
>> don't know exactly when this search is used ?):
>>
>> <search>
>> <searchType>search</searchType>
>> <param>
>> <param-name>filter</param-name>
>> <param-value>
>> (ustlRole=%TERM%)
>> <--------------------------------------------------
>> </param-value>
>> </param>
>> <param>
>> <param-name>scope</param-name>
>> <param-value>
>> SUBTREE_SCOPE
>> </param-value>
>> </param>
>> <param>
>> <param-name>base</param-name>
>> <param-value>
>> ou=people,dc=univ-lille1,dc=fr
>> </param-value>
>> </param>
>> </search>
>>
>> But I don't find a method that ask with this search ? It seems that
>> SubjectFinder.findAll asks only on searchSubject in sources.xml ?
>>
>> Before to put "*" (!), I try this and I have no results although there
>> are persons who have ustlRole=IntranetTest-users :
>>
>> for (Subject sujet : SubjectFinder.findAll("IntranetTest-users")) {
>> groupetemoin.addMember(sujet,false); nbreusersajoutes+=1; } }
>>
>> result : entree and nbreuserajoutes=0
>>
>> Thanks a lot !
>>
>
>
> --
> Brigitte Wallaert-Taquet
> Ingénieure d'études
> Chargée d'étude
> Espace collaboratif de Documents
> Université Lille1
> Sciences et Technologies
>
>






Archive powered by MHonArc 2.6.16.

Top of Page