Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] sources.xml ldap and script groupershell

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] sources.xml ldap and script groupershell


Chronological Thread 
  • From: Brigitte Wallaert Taquet <>
  • To: Chris Hyzer <>
  • Cc: Tom Zeller <>, "" <>
  • Subject: RE: [grouper-users] sources.xml ldap and script groupershell
  • Date: Sat, 08 Oct 2011 08:47:56 +0200

Hello,

Sorry, I don't view this message, I'll try that. I am in 1.6.3.

Thanks !
Quoting Chris Hyzer
<>:

Are you on 2.0?

Here is a script that will do what you want, and doesn't depend on sources.xml findAll()...

First add these properties to the grouper.properties file:

ldap.url = ldaps://someldap.school.edu:636
ldap.baseDn = dc=school,dc=edu
ldap.user = uid=user,ou=people,dc=school,dc=edu
ldap.pass = xxxxxx

Then, add the vt-ldap.jar to the classpath (lib dir?)

http://code.google.com/p/vt-middleware/downloads/detail?name=vt-ldap-3.3.4-dist.zip&can=2&q=

Here is a GSH script to add membership from an ldap filter to a group (note, make sure there are no newlines that are not below (only after semicolon)). Also note, you could turn this into Java for more flexibility too... :)


grouperSession = GrouperSession.startRootSession();

group = new GroupSave(grouperSession).assignName("test:testGroup").assignCreateParentStemsIfNotExist(true).save();

ldapConfig = new edu.vt.middleware.ldap.LdapConfig(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.url"), edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.baseDn"));
ldapConfig.setBindDn(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.user"));
ldapConfig.setBindCredential(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.pass"));

factory = new edu.vt.middleware.ldap.pool.DefaultLdapFactory(ldapConfig);

pool = new edu.vt.middleware.ldap.pool.BlockingLdapPool(factory);

ldap = pool.checkOut();

results = ldap.search("ou=people,dc=school,dc=edu", new edu.vt.middleware.ldap.SearchFilter("(|(uid=jsmith)(uid=tjones))"), new String[]{"uid"});

while (results.hasNext()) {group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(), true));}

pool.checkIn(ldap);


# check with this:
getMembers("test:testGroup");



-----Original Message-----
From: [mailto:] On Behalf Of Chris Hyzer
Sent: Friday, October 07, 2011 11:31 PM
To: Brigitte Wallaert Taquet
Cc: Tom Zeller;

Subject: RE: [grouper-users] sources.xml ldap and script groupershell

Yes, you can have a different sources.xml for gsh and ui. In Grouper 2.1 there is a loader from ldap:

https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP

I assume you cant wait a few months for this :) Or maybe you can get something working now, and then migrate to the loader later and switch your sources.xml back.

Another option is I can give you some code from 2.1 in a jar that you could run temporarily until you upgrade to 2.1...

Thanks,
Chris

-----Original Message-----
From: Brigitte Wallaert Taquet
[mailto:]
Sent: Friday, October 07, 2011 2:42 PM
To: Chris Hyzer
Cc: Tom Zeller;

Subject: RE: [grouper-users] sources.xml ldap and script groupershell

Hello,

Yes, I need for my script GrouperShell (folder-grouper/bin/gsh.sh
myscript.gsh) to search all subjects for whom the attribute ldap
"ustlRole" is valued (ustlRole=*) and then attach these subjects to a
group named "ustlRoletemoin".

Initially, I ask first ldap with dircontext and after, I transform
each identifier received (uid) in subject Grouper (with findAll on
identifier "uid") but my administrator ldap says that I ask 2 times
for the same things so he doesn't agree.

So, I think use only findAll in my groupershell script to search on
attribute ustlRole=* instead on uid and displayName. But for LiteUi, I
need that the search for a subject (findAll too it seems ?) continue
to use uid and displayName attributes to do the search.

I hope it is more clearly ?

So, if I understand what you say, it's perhaps possible if I can have
2 sources.xml différents ; one for my script and one for LiteUi ? but
how ? Now, I do that but I have to modify sources.xml if I need to
deploy again Grouper-API for Grouper-UI, it is not very good I think !

Thanks for your help.

Cordialement
Brigitte



Quoting Chris Hyzer
<>:

Not sure I completely understand, but findAll cannot have a
parameter of where it is being called from, it is consistent. But
you can have a slightly different sources.xml in your UI as opposed
to WS or something else. Can you explain what you need in a
different way? :)

Thanks,
Chris

-----Original Message-----
From: Wallaert-Taquet Brigitte
[mailto:]
Sent: Friday, October 07, 2011 5:54 AM
To: Chris Hyzer; Tom Zeller
Cc:

Subject: Re: [grouper-users] sources.xml ldap and script groupershell

Hello,

Thanks a lot for your indications : effectively, the logs show me the
asks which was ok and finally, the administrator's ldap find that the
attribute "ustlRole" was protected and my server wasn't the rights to
bind with connection ldap anonyme.

Are you using GrouperJndiSourceAdapter in sources.xml ?

<source
adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"
...>

Yes

Now I have problem because if I modify the search in sources.xml for my
groupershell, the LiteUI will not find the subject correctly (because
ask on ustlRole attribute instead on uid/displayName attributes).
So, do you think it is possible to parameter somewhere for
SubjectFinder.findAll use another search defined in sources.xml (for
example, I can define another searchType named "searchUstlRole" in my
sources.xml) or to parameter LiteUI and AdminUi to use another searchType ?

Thanks a lot !
Brigitte


Le 06/10/2011 05:34, Chris Hyzer a écrit :
Search is used in SubjectFinder.findAll e.g. on the UI when you do
a search for a subject...

Thanks,
Chris

-----Original Message-----
From:

[mailto:]
On Behalf Of
Wallaert-Taquet Brigitte
Sent: Wednesday, October 05, 2011 5:32 AM
To:

Subject: [grouper-users] sources.xml ldap and script groupershell

Hello,

I make a script that have to populate a group (named "ustlroletemoin")
for people LDAP for whom attribute ldap "ustlRole" have a value.

So, I modify sources.xml for the search asks on ustlRole attribute (I
don't know exactly when this search is used ?):

<search>
<searchType>search</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(ustlRole=%TERM%)
<--------------------------------------------------
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=univ-lille1,dc=fr
</param-value>
</param>
</search>

But I don't find a method that ask with this search ? It seems that
SubjectFinder.findAll asks only on searchSubject in sources.xml ?

Before to put "*" (!), I try this and I have no results although there
are persons who have ustlRole=IntranetTest-users :

for (Subject sujet : SubjectFinder.findAll("IntranetTest-users")) {
groupetemoin.addMember(sujet,false); nbreusersajoutes+=1; } }

result : entree and nbreuserajoutes=0

Thanks a lot !



--
Brigitte Wallaert-Taquet
Ingénieure d'études
Chargée d'étude
Espace collaboratif de Documents
Université Lille1
Sciences et Technologies












Archive powered by MHonArc 2.6.16.

Top of Page