Grouper Users - Open Discussion List

[Chris Hyzer <>]

Yes, that is possible, I think memphis did this (aat least with group names), right TomZ?  Do you have the hook that made that possible?  If not we can add a new one…

 

You can make sure no group extensions are the same as other extensions or subject ids, and then I assume when you create subjects you make sure there is another not another group with that extension…

 

Thanks,

Chris

 

 

From: [mailto:] On Behalf Of Gagné Sébastien
Sent: Thursday, January 19, 2012 2:40 PM
To:
Subject: [grouper-users] Globally unique extension/identifier in Grouper

 

Hi again,

We have a requirement here that Groups should have their sAMAccountName equal to their CN. LDAPPCNG was configured to provision the sAMAccountName attribute to Groups in our Active Directory using the Extension attribute. We are using a bushy DN structure so we cannot have stem1:stem2:GroupName as the CN or sAMAccountName.

 

This configuration causes problems because two groups can have the same extension (ID in the UI) if they are in different stems . In that case their name (ID Path in UI) will be different :

-          Name: stem1:groupABC, extension : groupABC

-          Name: stem2:groupABC, extiension: groupABC

 

When trying to provision something like that to AD grouper will receive an error code from AD (LDAP: error code 68, ENTRY_EXISTS) since both of them will have “sAMAccountName=groupABC” even if they are in different OUs. This is also a problem if a group has the same ID as an AD user (sAMAccountName is our Subject ID).

 

My question (or request) is : is it possible for Grouper to enforce an unique group extension throughout all of its stems and maybe even including the SubjectIDs ?

 

I’m glad we have naming conventions here, but you never know when someone might manually create a conflicting entry

 

Thank you

 

 

Sébastien Gagné,     | Analyste en informatique

514-343-6111 x33844  | Université de Montréal,

                     | Pavillon Roger-Gaudry, local X-100-11