Grouper Users - Open Discussion List

[Chris Hyzer <>]

I tried in 1.6 and it works fine.  One tweak though, change this line

FROM:
while (results.hasNext()) 
{group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(),
 true));}

TO:
while (results.hasNext()) 
{group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("pennname").get(),
 true), false);}

This will fail if a subject isn't resolvable, but will not fail if the 
subject is already in the group.

Thanks,
Chris

-----Original Message-----
From: Brigitte Wallaert Taquet 
[mailto:]
 
Sent: Saturday, October 08, 2011 2:48 AM
To: Chris Hyzer
Cc: Tom Zeller; 

Subject: RE: [grouper-users] sources.xml ldap and script groupershell

Hello,

Sorry, I don't view this message, I'll try that. I am in 1.6.3.

Thanks !
Quoting Chris Hyzer 
<>:

> Are you on 2.0?
>
> Here is a script that will do what you want, and doesn't depend on   
> sources.xml findAll()...
>
> First add these properties to the grouper.properties file:
>
> ldap.url = ldaps://someldap.school.edu:636
> ldap.baseDn = dc=school,dc=edu
> ldap.user = uid=user,ou=people,dc=school,dc=edu
> ldap.pass = xxxxxx
>
> Then, add the vt-ldap.jar to the classpath (lib dir?)
>
> http://code.google.com/p/vt-middleware/downloads/detail?name=vt-ldap-3.3.4-dist.zip&can=2&q=
>
> Here is a GSH script to add membership from an ldap filter to a   
> group (note, make sure there are no newlines that are not below   
> (only after semicolon)).  Also note, you could turn this into Java   
> for more flexibility too...  :)
>
>
> grouperSession = GrouperSession.startRootSession();
>
> group = new   
> GroupSave(grouperSession).assignName("test:testGroup").assignCreateParentStemsIfNotExist(true).save();
>
> ldapConfig = new   
> edu.vt.middleware.ldap.LdapConfig(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.url"),
>    
> edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.baseDn"));
> ldapConfig.setBindDn(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.user"));
> ldapConfig.setBindCredential(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.pass"));
>
> factory = new edu.vt.middleware.ldap.pool.DefaultLdapFactory(ldapConfig);
>
> pool = new edu.vt.middleware.ldap.pool.BlockingLdapPool(factory);
>
> ldap = pool.checkOut();
>
> results = ldap.search("ou=people,dc=school,dc=edu", new   
> edu.vt.middleware.ldap.SearchFilter("(|(uid=jsmith)(uid=tjones))"),   
> new String[]{"uid"});
>
> while (results.hasNext())   
> {group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(),
>    
> true));}
>
> pool.checkIn(ldap);
>
>
> # check with this:
> getMembers("test:testGroup");
>
>
>
> -----Original Message-----
> From: 
> 
>    
> [mailto:]
>  On Behalf Of Chris Hyzer
> Sent: Friday, October 07, 2011 11:31 PM
> To: Brigitte Wallaert Taquet
> Cc: Tom Zeller; 
> 
> Subject: RE: [grouper-users] sources.xml ldap and script groupershell
>
> Yes, you can have a different sources.xml for gsh and ui.  In   
> Grouper 2.1 there is a loader from ldap:
>
> https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP
>
> I assume you cant wait a few months for this :)  Or maybe you can   
> get something working now, and then migrate to the loader later and   
> switch your sources.xml back.
>
> Another option is I can give you some code from 2.1 in a jar that   
> you could run temporarily until you upgrade to 2.1...
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: Brigitte Wallaert Taquet 
> [mailto:]
> Sent: Friday, October 07, 2011 2:42 PM
> To: Chris Hyzer
> Cc: Tom Zeller; 
> 
> Subject: RE: [grouper-users] sources.xml ldap and script groupershell
>
> Hello,
>
> Yes, I need for my script GrouperShell (folder-grouper/bin/gsh.sh
> myscript.gsh) to search all subjects for whom the attribute ldap
> "ustlRole" is valued (ustlRole=*) and then attach these subjects to a
> group named "ustlRoletemoin".
>
> Initially, I ask first ldap with dircontext and after, I transform
> each identifier received (uid) in subject Grouper (with findAll on
> identifier "uid") but my administrator ldap says that I ask 2 times
> for the same things so he doesn't agree.
>
> So, I think use only findAll in my groupershell script to search on
> attribute ustlRole=* instead on uid and displayName. But for LiteUi, I
> need that the search for a subject (findAll too it seems ?) continue
> to use uid and displayName attributes to do the search.
>
> I hope it is more clearly ?
>
> So, if I understand what you say, it's perhaps possible if I can have
> 2 sources.xml différents ; one for my script and one for LiteUi ? but
> how ? Now, I do that but I have to modify sources.xml if I need to
> deploy again Grouper-API for Grouper-UI, it is not very good I think !
>
> Thanks for your help.
>
> Cordialement
> Brigitte
>
>
>
> Quoting Chris Hyzer 
> <>:
>
>> Not sure I completely understand, but findAll cannot have a
>> parameter of where it is being called from, it is consistent.  But
>> you can have a slightly different sources.xml in your UI as opposed
>> to WS or something else.  Can you explain what you need in a
>> different way?  :)
>>
>> Thanks,
>> Chris
>>
>> -----Original Message-----
>> From: Wallaert-Taquet Brigitte 
>> [mailto:]
>> Sent: Friday, October 07, 2011 5:54 AM
>> To: Chris Hyzer; Tom Zeller
>> Cc: 
>> 
>> Subject: Re: [grouper-users] sources.xml ldap and script groupershell
>>
>> Hello,
>>
>> Thanks a lot for your indications : effectively, the logs show me the
>> asks which was ok and finally, the administrator's ldap find that the
>> attribute "ustlRole" was protected and my server wasn't the rights to
>> bind with connection ldap anonyme.
>>
>> Are you using GrouperJndiSourceAdapter in sources.xml ?
>>
>>   <source
>> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"
>> ...>
>>
>> Yes
>>
>> Now I have problem because if I modify the search in sources.xml for my
>> groupershell, the LiteUI will not find the subject correctly (because
>> ask on ustlRole attribute instead on uid/displayName attributes).
>> So, do you think it is possible to parameter somewhere for
>> SubjectFinder.findAll use another search defined in sources.xml (for
>> example, I can define another searchType named "searchUstlRole" in my
>> sources.xml) or to parameter LiteUI and AdminUi to use another searchType ?
>>
>> Thanks a lot !
>> Brigitte
>>
>>
>> Le 06/10/2011 05:34, Chris Hyzer a écrit :
>>> Search is used in SubjectFinder.findAll e.g. on the UI when you do
>>> a search for a subject...
>>>
>>> Thanks,
>>> Chris
>>>
>>> -----Original Message-----
>>> From: 
>>> 
>>> [mailto:]
>>>  On Behalf Of
>>> Wallaert-Taquet Brigitte
>>> Sent: Wednesday, October 05, 2011 5:32 AM
>>> To: 
>>> 
>>> Subject: [grouper-users] sources.xml ldap and script groupershell
>>>
>>> Hello,
>>>
>>> I make a script that have to populate a group (named "ustlroletemoin")
>>> for people LDAP for whom attribute ldap "ustlRole" have a value.
>>>
>>> So, I modify sources.xml for the search asks on ustlRole attribute (I
>>> don't know exactly when this search is used ?):
>>>
>>> <search>
>>> <searchType>search</searchType>
>>> <param>
>>> <param-name>filter</param-name>
>>> <param-value>
>>>                   (ustlRole=%TERM%)
>>> <--------------------------------------------------
>>> </param-value>
>>> </param>
>>> <param>
>>> <param-name>scope</param-name>
>>> <param-value>
>>>                   SUBTREE_SCOPE
>>> </param-value>
>>> </param>
>>> <param>
>>> <param-name>base</param-name>
>>> <param-value>
>>>                   ou=people,dc=univ-lille1,dc=fr
>>> </param-value>
>>> </param>
>>> </search>
>>>
>>> But I don't find a method that ask with this search ? It seems that
>>> SubjectFinder.findAll asks only on searchSubject in sources.xml ?
>>>
>>> Before to put "*" (!), I try this and I have no results although there
>>> are persons who have ustlRole=IntranetTest-users :
>>>
>>> for (Subject sujet : SubjectFinder.findAll("IntranetTest-users")) {
>>> groupetemoin.addMember(sujet,false); nbreusersajoutes+=1; } }
>>>
>>> result : entree and nbreuserajoutes=0
>>>
>>> Thanks a lot !
>>>
>>
>>
>> --
>> Brigitte Wallaert-Taquet
>> Ingénieure d'études
>> Chargée d'étude
>> Espace collaboratif de Documents
>> Université Lille1
>> Sciences et Technologies
>>
>>
>
>
>
>