Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] RE: Grouper ldap loader

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] RE: Grouper ldap loader


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Rahul Doshi <>, Gagné Sébastien <>, "" <>
  • Subject: RE: [grouper-users] RE: Grouper ldap loader
  • Date: Mon, 30 Jul 2012 16:21:51 +0000
  • Accept-language: en-US

Thanks!

 

I will genericize this and put into grouper at some point…

 

https://bugs.internet2.edu/jira/browse/GRP-826

 

Regards,

Chris

 

From: Rahul Doshi [mailto:]
Sent: Monday, July 30, 2012 9:25 AM
To: Gagné Sébastien; Chris Hyzer;
Subject: Re: [grouper-users] RE: Grouper ldap loader

 

Yes, I ran into same issues but was able to get it to work by following suggestions in the link.  Below is the code 

 

 

  public static String convertDnToSpecificValue(String dn) {

   

    //e.g. ,OU=Groups,DC=dev,DC=umontreal,DC=ca

    String adGroupSuffix = GrouperLoaderConfig.getPropertyString("cmu.group.suffix", true);

   

    //not sure why this would happen

    if (dn == null) {

      return dn;

    }

   

    if (dn.toLowerCase().endsWith(adGroupSuffix.toLowerCase())) {

      String cn = dn.substring(0, dn.length()-adGroupSuffix.length());

     

      if (StringUtils.countMatches(cn, "=") != 1) {

        throw new RuntimeException("Why is there not 1 equals in this CN??? '" + cn + "'");

      }

     

      //this should be CN=groupName, convert to groupName

      cn = GrouperUtil.prefixOrSuffix(cn, "=", false);

     

      //e.g. umontreal.grouper.ad.group.prefix = umontreal:adgroups:

      String grouperGroupPrefix = GrouperLoaderConfig.getPropertyString("cmu.group.prefix", true);

      

      String groupName = grouperGroupPrefix + cn;

      

      Group group = GrouperDAOFactory.getFactory().getGroup().findByName(groupName, false, null) ;

      

      if (group != null) {

   

  return group.getId();

      }

      else {

   

  group = new GroupSave(GrouperSession.staticGrouperSession()).assignName(groupName).assignCreateParentStemsIfNotExist(true).save();

   

  return group.getId();

      }

 

     }

    //not a group

    return LoaderLdapElUtils.convertDnToSpecificValue(dn);

  }

}

 

Thanks,

Rahul

 

From: Gagné Sébastien <>
Date: Monday, July 30, 2012 9:15 AM
To: Chris Hyzer <>, Rahul Doshi <>, "" <>
Subject: RE: [grouper-users] RE: Grouper ldap loader

 

We had a similar problem (it’s me in the link) : when creating “somestem:admins” it tries to add the group member “someotherstem:admins” but if it doesn’t exist in Grouper it won’t be added because it doesn’t find it. We had to add a “create missing groups” feature to our “translate AD CN in Group’s member to Grouper Group IDs”

 

You also have to be careful with what you are searching (Ids or Identifiers), because in source g:gsa (group adapter) Group ID are the generated UUIDs (e.g. 30bb5405f55942129948b4ee924331ea) while Group identifier are, I believe, the group name (e.g. somestem:admins)

 

I haven’t tried the loader ldap with a flat structure, so there might be a problem translating “member=cn=someotherstem:admins, ou=group, dc= example, dc = org” to the proper group id “baseStem:someotherstem:admins”

 

 

De : [] De la part de Chris Hyzer
Envoyé : 26 juillet 2012 16:23
À : Rahul Doshi;
Objet : [grouper-users] RE: Grouper ldap loader

 

Actually, is this an LDAP_GROUP_LIST job, and is cn=someotherstem:admins, ou=group, dc= example, dc = org one of the groups that is returns from the ldap filter (as well as a member of a group).  If so, then with the link below, you can do what you want to do.  If that member which is a group is not managed by the loader, so we can do this with a tweak to grouper or an EL tweak.  Let me know

 

Thanks,

Chris

 

From: Chris Hyzer
Sent: Thursday, July 26, 2012 4:16 PM
To: 'Rahul Doshi';
Subject: RE: Grouper ldap loader

 

I hadn’t really considered that case when creating the loader, but I think it can be done fairly easily with some EL and a java class.  It is very similar to this email, except that the group will be created perhaps in EL…

 

https://lists.internet2.edu/sympa/arc/grouper-users/2012-05/msg00026.html

 

Want me to try to send you an example?

 

Thanks,

Chris

 

 

From: [] On Behalf Of Rahul Doshi
Sent: Thursday, July 26, 2012 4:03 PM
To:
Subject: [grouper-users] Grouper ldap loader

 

Hello,

 

I am trying to use grouper loader to load all the existing groups from our ldap environment.  It seems to load the groups fine except that it is ignoring the nested group membership.  For hypothetical group below if I run the loader job,  I only see somstem:admins group created in grouper with member xyz.  What I would have expected to see is two groups somestem:admins and someotherstem:admins created in grouper and someotherstem:admins also be the member of some stem:admins.  Is there something that I am missing in my configuration? 

 

Groupname

cn=somestem:admins, ou=group, dc=example, dc=org

member=uid=xyz, ou=person,dc=example,dc=org

member=cn=someotherstem:admins, ou=group, dc= example, dc = org

 

Thanks,

Rahul


Archive powered by MHonArc 2.6.16.

Top of Page