grouper-users - Re: [grouper-users] More than one schema entity found
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Francesco Malvezzi <>
- Cc: "" <>
- Subject: Re: [grouper-users] More than one schema entity found
- Date: Sun, 26 Feb 2012 19:14:19 -0600
- Authentication-results: mr.google.com; spf=pass (google.com: domain of designates 10.180.101.200 as permitted sender) ; dkim=pass
First, let me apologize for misspelling the name of your institution
in a previous message. I was mobile and too flippant.
As of right now, no, a filter based on group type (e.g. GroupType
returned from Group.getTypes()) does not exist and would need to be
written. The following xml element filters groups by an attribute
named "type", not the group type. And, the attribute would need to be
an old-style not new-attribute-framework attribute :
<grouper:GroupFilter xsi:type="grouper:ExactAttribute"
name="type" value="sambaGroupMapping" />
An old-style attribute is created via :
GroupType type = GroupType.createType(grouperSession, "groupType");
type.addAttribute(grouperSession, "attr", AccessPrivilege.VIEW,
AccessPrivilege.UPDATE, false);
while a new-sylte attribute is created via :
Stem etcAttribute =
StemFinder.findByName(GrouperSession.staticGrouperSession(),
"etc:attribute", true);
AttributeDef attributeDef =
etcAttribute.addChildAttributeDef("mailLocalAddressAttributeDef",
AttributeDefType.attr);
attributeDef.setAssignToGroup(true);
attributeDef.setMultiValued(true);
attributeDef.setValueType(AttributeDefValueType.string);
attributeDef.store();
etcAttribute.addChildAttributeDefName(attributeDef,
"mailLocalAddress", "mailLocalAddress");
Yes, filters may be nested. The and, or, and minus filters model the
intersection, union, and complement filters of grouper which model the
algebra of sets, or, what I refer to as "group math". There is no
"not" filter in grouper, so I did not try to implement one. The
following is an example of nested filters :
<!--
The StemDataConnector returns attributes representing the stem whose
name is the principal name. The returned stem must be a child of the
stem whose name is the edu.internet2.middleware.psp.baseStem property.
The "etc" stem and all children are omitted.
-->
<resolver:DataConnector id="StemDataConnector"
xsi:type="grouper:StemDataConnector">
<grouper:Filter xsi:type="grouper:MINUS">
<grouper:Filter xsi:type="grouper:StemInStem"
name="${edu.internet2.middleware.psp.baseStem}" scope="SUB"/>
<grouper:Filter xsi:type="grouper:OR">
<grouper:Filter xsi:type="grouper:StemInStem" name="etc" scope="SUB"/>
<grouper:Filter xsi:type="grouper:StemNameExact" name="etc"/>
</grouper:Filter>
</grouper:Filter>
</resolver:DataConnector>
I do not find this example particularly clear nor exceedingly
desirable, but it is what it is and is available at :
http://anonsvn.internet2.edu/viewvc/viewvc.py/i2mi/java-provisioning-provider/trunk/psp-example-grouper-to-ldap/src/test/resources/psp-resolver.xml
If you need a group type filter, let me know, it should be easy enough
to write one. Although I was reluctant at first because I was not sure
if the usage of group type had fallen out of favor.
Oh, and, as of version 2.1.0 the syntax for filters has changed : I
replaced <grouper:GroupFilter /> with <grouper:Filter />. I did this
because the and, or, and minus filters are also applicable to stems,
in addition to groups. Let this be a reminder to myself for the
release notes.
TomZ
On Fri, Feb 24, 2012 at 6:59 AM, Francesco Malvezzi
<>
wrote:
> Il 23/02/2012 00:15, Tom Zeller ha scritto:
>> Could you reply with the <identifyingAttribute/> elements of all
>> <object>s in your configuration, ldappcng.xml, please ?
>>
> [...]
>>
>> I just added more text to the <identifyingAttribute/> documentation on
>> the real-time provisioning wiki page.
>
> Thank you for the clarifications: I am now checking again configurations
> from the very start, because I realize I'm not sure what most of the
> parameters mean, so I'm not ready to send you the ldappcng.xml.
>
> I believe the error was triggered by the clash between two types of
> group (please see your answer at mail with subject 'Provision groups
> with different rules' - 12/02/2010 - on this ML), not clash between
> groups and members, but your explanation holds.
>
> I was trying to re-write the filter rules. Is it possible to filter by
> type in ldappc-resolver.xml?
>
> This naive example doesn't work:
> <resolver:DataConnector id="SambaGroupDataConnector"
> xsi:type="grouper:GroupDataConnector">
> <grouper:GroupFilter xsi:type="grouper:ExactAttribute"
> name="type" value="sambaGroupMapping" />
> <grouper:Attribute id="members" />
> <grouper:Attribute id="groups" />
> </resolver:DataConnector>
>
> From the
> https://spaces.internet2.edu/display/Grouper/Grouper+and+Shibboleth+Integration
> page I read that to build a NOT condition I should use a
> MinusGroupFilter. There is not a NotGroupFilter, correct? Filters can be
> nested?
>
> Thank you again,
>
> Francesco
- [grouper-users] More than one schema entity found, Francesco Malvezzi, 02/20/2012
- Re: [grouper-users] More than one schema entity found, Tom Zeller, 02/20/2012
- Re: [grouper-users] More than one schema entity found, Francesco Malvezzi, 02/21/2012
- Re: [grouper-users] More than one schema entity found, Tom Zeller, 02/22/2012
- Re: [grouper-users] More than one schema entity found, Francesco Malvezzi, 02/24/2012
- Re: [grouper-users] More than one schema entity found, Tom Zeller, 02/26/2012
- Re: [grouper-users] More than one schema entity found - solved, Francesco Malvezzi, 02/28/2012
- Re: [grouper-users] More than one schema entity found, Tom Zeller, 02/26/2012
- Re: [grouper-users] More than one schema entity found, Francesco Malvezzi, 02/24/2012
- Re: [grouper-users] More than one schema entity found, Tom Zeller, 02/22/2012
- Re: [grouper-users] More than one schema entity found, Francesco Malvezzi, 02/21/2012
- Re: [grouper-users] More than one schema entity found, Tom Zeller, 02/20/2012
Archive powered by MHonArc 2.6.16.