Grouper Users - Open Discussion List

[Chris Hyzer <>]

Ok, I put this as an option that defaults to not toLowerCase...  but you need 
the config in there or you should get a log entry...

v2.1.1: Add this for ldap or jndi sources in the sources.xml

<init-param>
  <param-name>SubjectID_formatToLowerCase</param-name>
  <param-value>false</param-value>
</init-param>

The jar is updated if someone wants to test it (I don't have an ldap 
source)... :)

http://www.internet2.edu/grouper/release/2.1.1/subject.jar

Thanks,
Chris


-----Original Message-----
From: Jim Fox 
[mailto:]
 
Sent: Tuesday, March 27, 2012 5:56 PM
To: Chris Hyzer
Cc: Scott Koranda; Gagné Sébastien; grouper-users
Subject: RE: [grouper-users] testing sources.xml in Grouper 2.1.0 API



I suppose I lowercase these things out of habit, as mixed upper and
lower case identifiers almost always causes trouble.  Things after
the '@' are usually insensitive to case, for instance.  So you get
two distinct identifiers, 
''
 and 
'',
 which one
would expect to be the same identity.

That said, I'm fine with making the lowercasing optional.
Anyone already using the new adapter already might be expecting
the lowercasing and should be told to set the option.

Jim


On Tue, 27 Mar 2012, Chris Hyzer wrote:

> Date: Tue, 27 Mar 2012 13:05:29 -0700
> From: Chris Hyzer 
> <>
> To: Scott Koranda 
> <>,
>     Gagné Sébastien 
> <>
> Cc: grouper-users 
> <>
> Subject: RE: [grouper-users] testing sources.xml in Grouper 2.1.0 API
> 
>
> Regarding the lower case part, Im looking at
>
> LdapSourceAdapter line 450:
>
>            subjectID   = ((String)attribute.get()).toLowerCase();
>
> Maybe TomZ or JimF can comment on if we can not toLowerCase it, or make it 
> an option which defaults to off if some people want it, I would think we 
> wouldn't want to change case by default, maybe we do...
>
> About the subject finding and grouper session, the subject filter (which is 
> optional) needs the grouper session so it can know who is querying to see 
> if the caller is allowed to see the results.  We could not fail if no 
> session if there is no filter, though I think we should require it since 
> you might add a filter later and we can see where the gaps are.  The hard 
> part is you need to bootstrap it.  If you want a session started as a non 
> root user, you need to start a root session, find that subject, and start 
> as that subject, and run the search.  I added Jira GRP-766 which will make 
> this easier.  Also I changed the error message to suggest using a root 
> session.
>
> Thanks,
> Chris
>
>
>
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Scott Koranda
> Sent: Tuesday, March 27, 2012 3:53 PM
> To: Gagné Sébastien
> Cc: grouper-users
> Subject: Re: [grouper-users] testing sources.xml in Grouper 2.1.0 API
>
>> Try  this, it worked for me in my last installation :
>>
>> GrouperSession.startRootSession()
>
> Thanks (and also to Tom Z.). After starting a root session I
> can query for the subject, but it brings up another question:
>
> gsh 1% 
> findSubject("")
> subject: 
> '
>  type='person' source='ligo' name='Scott Koranda'
>
> The output is not the same as with Grouper 1.6.3, specifically
> the id has lowercase '@ligo.org' but previously it was
> '@LIGO.ORG'.
>
> Since I have configured sources.xml with krbPrincipalName as
> the attribute to use for searching in both
>
> <searchType>searchSubject</searchType>
>
> and
>
> <searchType>searchSubjectByIdentifier</searchType>
>
> I expect to get back the Kerberos principal name, which is
>
> 
>
> Why the change in case?
>
> Should I be concerned that when I import the state from my
> 1.6.3 production deployment the subjects will not be
> recognized?
>
> Thanks,
>
> Scott
>