Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAPPCNG configuration with Active Directory

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAPPCNG configuration with Active Directory


Chronological Thread 
  • From: Tom Zeller <>
  • To: Gagné Sébastien <>
  • Cc:
  • Subject: Re: [grouper-users] LDAPPCNG configuration with Active Directory
  • Date: Thu, 19 Jan 2012 19:12:08 -0600
Oh. If you are provisioning a stem, you will need to add the
StemDataConnector as a dependency. For example

<resolver:AttributeDefinition xsi:type="Script"
xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName"
sourceAttributeID="extension">
   <resolver:Dependency ref="GroupDataConnector" />
   <resolver:Dependency ref="StemDataConnector" />
...

And the script should check variables, for example

if (typeof extension != "undefined" && extension != null ){
value = extension.getValues().get(0);
...

I did not think that stems, which usually are provisioned as OUs, had
sAMAccountName since they are not "security" objects in AD, like
groups can be.

2012/1/19 Gagné Sébastien
<>:
> Exactly.
>
> When I provision a group it works :
> $GROUPER_HOME/bin/gsh.sh -ldappcng -sync UdeM:SubStem:LalalaHumansteps
>
> But if I delete the SubStem OU from ad and run
> $GROUPER_HOME/bin/gsh.sh -ldappcng -sync UdeM:SubStem
>
> It fails with error :
> 2012-01-19 13:57:12,934: [main] ERROR
> ScriptedAttributeDefinition.doResolve(134) -  -
> ScriptletAttributeDefinition sAMAccountName unable to execute script
> com.sun.phobos.script.util.ExtendedScriptException:
> org.mozilla.javascript.EcmaError: ReferenceError: "extension" is not
> defined. (<Unknown Source>#4) in <Unknown Source> at line number 4
>
> My attribute definition is :
>
> <resolver:AttributeDefinition xsi:type="Script"
> xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName"
> sourceAttributeID="extension">
>    <resolver:Dependency ref="GroupDataConnector" />
>    <Script><![CDATA[
>      // Import Shibboleth attribute provider
>      
> importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
>
>      value = extension.getValues().get(0);
>
>      value = value.replaceAll("\\/", "_");
>      value = value.replaceAll("\\/", "_");
>      value = value.replaceAll("\\[", "_");
>      value = value.replaceAll("\\]", "_");
>      value = value.replaceAll("\\:", "_");
>      value = value.replaceAll("\\;", "_");
>      value = value.replaceAll("\\|", "_");
>      value = value.replaceAll("\\=", "_");
>      value = value.replaceAll("\\,", "_");
>      value = value.replaceAll("\\+", "_");
>      value = value.replaceAll("\\*", "_");
>      value = value.replaceAll("\\?", "_");
>
>      sAMAccountName = new BasicAttribute("sAMAccountName");
>      sAMAccountName.getValues().add(value);
>      ]]></Script>
>  </resolver:AttributeDefinition>
>
>
> Maybe it has something to do with the import not importing all the
> variables ?
>
>
> -----Message d'origine-----
> De :
>
>
> [mailto:]
> De la part de Tom Zeller
> Envoyé : 19 janvier 2012 13:49
> À : Gagné Sébastien
> Cc :
>
> Objet : Re: [grouper-users] LDAPPCNG configuration with Active Directory
>
>> I tried changing definition to use sourceAttributeID="extension", but
>> there was some exception while provisioning stems (javascript variable
>> "name" wasn't defined, tried putting extension in the script with no luck)
>
> You changed
>
>  <resolver:AttributeDefinition ... id="sAMAccountName"
> sourceAttributeID="name">
>  ...
>  value = name.getValues().get(0);
>
> to
>
>  <resolver:AttributeDefinition ... id="sAMAccountName"
> sourceAttributeID="extension">
>  ...
>  value = extension.getValues().get(0);
>
> and the script fails ? That seems buggy.

Archive powered by MHonArc 2.6.16.

Top of Page