grouper-users - Re: [grouper-users] changelog psp problem

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] changelog psp problem

From: Tom Zeller <>
To: Francesco <>
Cc:
Subject: Re: [grouper-users] changelog psp problem
Date: Thu, 31 May 2012 21:11:43 -0500

Yes, your configuration (sent off-list) is advanced, you are
provisioning groups from two stems to multiple targets with two ldap
representations, simple and samba, based on the stem. Good work !

I will probably have more comments later, but for now ...

If you want to provision a memberUid attribute when a member is added
or removed from a group, you will need to add an <attribute
name="memberUid" ... /> element to the group membership provisioned
service objects :


<pso id="groupMembership1">
<attribute
name="memberUid"
ref="changeLogMembershipSubjectId" />

and you will need to add the attribute definition to psp-resolver.xml,
so you might try (unsuccessfully) :


<resolver:AttributeDefinition
id="changeLogMembershipSubjectId"
xsi:type="ad:Simple"
sourceAttributeID="subjectId">
<resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
<resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
</resolver:AttributeDefinition>

However, the above will not work because memberUid will be provisioned
for your simple as well as samba groups, and I think you want
memberUid provisioned for samba groups only.

Take a look at the "changeLogMembershipLdapSubjectId" attribute
definition. You will want to return the subject ids of members if the
group name of a membership change log entry starts with
"unimore:domains". I think the attribute definition below will work,
but I did not try it. I think lastIndexOf is the emca script
equivalent of startsWith.


<resolver:AttributeDefinition
id="changeLogMembershipSambaSubjectId"
xsi:type="ad:Script">
<resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
<resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
<ad:Script><![CDATA[
// Import Shibboleth attribute provider.

importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

// Create the attribute to be returned.
changeLogMembershipSambaSubjectId = new
BasicAttribute("changeLogMembershipSambaSubjectId");

// Return 'subjectId' attribute values if the 'groupName'
starts with 'unimore:domains'.
if (typeof groupName != "undefined" && groupName != null ){
if (groupName.getValues().get(0).lastIndexOf("unimore:domains",
0) >= 0) {
if (typeof subjectId != "undefined" && subjectId != null ){

changeLogMembershipSambaSubjectId.getValues().add(subjectId.getValues().get(0));
}
}
}
]]></ad:Script>
</resolver:AttributeDefinition>

The sourceAttributeID below should be "groupName" (not "groupsNames")
to match the add and delete membership change log entries.

Hope this helps, let us know.

> Note the following from psp-resolver.xml:
> <resolver:AttributeDefinition
> id="changeLogMembershipGroupName"
> xsi:type="grouper:FilteredName"
> sourceAttributeID="groupName">
> this is wrong, because the sourceAttributeID should be 'groupsNames'.
>
> With this wrong definition provisioning works fine short the provisioning of
> the memberUid field (at group creation it works, but when a member is added
> only hasMember and member are updated).

[grouper-users] changelog psp problem, Francesco Malvezzi, 05/28/2012
- Re: [grouper-users] changelog psp problem, Tom Zeller, 05/28/2012
  - Re: [grouper-users] changelog psp problem, Francesco Malvezzi, 05/29/2012
    - Re: [grouper-users] changelog psp problem, Tom Zeller, 05/29/2012
      - Re: [grouper-users] changelog psp problem, Tom Zeller, 05/31/2012
        
        Re: [grouper-users] changelog psp problem, Francesco, 05/31/2012
        
        Re: [grouper-users] changelog psp problem, Tom Zeller, 05/31/2012
  - Re: [grouper-users] changelog psp problem, Francesco Malvezzi, 05/29/2012

List archive

Re: [grouper-users] changelog psp problem