Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] ChangeLogMembershipGroupName with extentison and flat PSP provisionning

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] ChangeLogMembershipGroupName with extentison and flat PSP provisionning


Chronological Thread 
  • From: Tom Zeller <>
  • To: Gagné Sébastien <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] ChangeLogMembershipGroupName with extentison and flat PSP provisionning
  • Date: Thu, 1 Nov 2012 18:12:47 -0500

If I remember correctly, names are included in change log entries,
while extensions (by themselves) are not, and this is hardcoded. I
would usually turn up logging in the psp change log data connector to
debug or trace to see the data included in the change log entries.

It might be simpler to write an attribute definition which extracts an
extension from a name, and then use that as a dependency for other
attribute definitions.

When I wrote those script attribute definitions, I thought they should
eventually be replaced by custom java objects, as I suggest above, but
it was not high priority.

Writing attribute definitions is reasonably straightforward, once
spring is wired. The existing code should provide enough to work from,
as well as :

https://wiki.shibboleth.net/confluence/display/SHIB2/IdPDevCustomExtension

Of course, the above will change with IdPv3, but that is a whole other story.

On Thu, Nov 1, 2012 at 1:42 PM, Gagné Sébastien
<>
wrote:
> Hi,
>
> We are now provisionning our AD target with a flat structure. This structure
> uses only the extension so we don’t have the whole folder path in the
> group’s name (we have group unicity).
>
>
>
> I was having trouble with ChangeLog membership changes: it couldn’t match
> the Grouper group to the AD group, so I changed the script a little in
> psp-resolver to extract the group’s extension out of the Group name, see
> yellow in #1 below. Looking at the grouper-to-tivoli example (which uses a
> flat structure) I see a different and simpler attribute definition, see #2.
> Is there a way to get the group’s extension in a changelogdataconnector ?
>
>
>
> My question boils down to : could I have done better or simpler ?
>
>
>
> === #1 ===
>
> <resolver:AttributeDefinition
>
> id="changeLogMembershipGroupName"
>
> xsi:type="ad:Script">
>
> <resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
>
> <resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
>
> <ad:Script><![CDATA[
>
> // Import Shibboleth attribute provider.
>
>
> importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
>
>
>
> // Create the attribute to be returned.
>
> changeLogMembershipGroupName = new
> BasicAttribute("changeLogMembershipGroupName")
>
>
>
> // Return the group name if it is a child of the base stem to be
> provisioned, omitting 'etc'.
>
> if (typeof groupName != "undefined" && groupName != null ) {
>
> // The name of the base stem to be provisioned.
>
> var scriptBaseStem = "${edu.internet2.middleware.psp.baseStem}";
>
>
>
> // If the base stem is the root stem, ignore groups under the
> 'etc' stem.
>
> if (scriptBaseStem.length == 0) {
>
> if (groupName.getValues().get(0).lastIndexOf("etc:", 0) ===
> -1) {
>
>
> changeLogMembershipGroupName.getValues().add(groupName.getValues().get(0)
> .substring(groupName.getValues().get(0).lastIndexOf(":")+1));
>
> }
>
> // Return the group name if it starts with the base stem to be
> provisioned.
>
> } else {
>
> if (groupName.getValues().get(0).lastIndexOf(scriptBaseStem
> + ":", 0) != -1) {
>
>
> changeLogMembershipGroupName.getValues().add(groupName.getValues().get(0).substring(groupName.getValues().get(0).lastIndexOf(":")+1));
>
> }
>
> }
>
> }
>
> ]]></ad:Script>
>
> </resolver:AttributeDefinition>
>
>
>
> === #2 ===
>
> <resolver:AttributeDefinition
>
> id="changeLogMembershipGroupName"
>
> xsi:type="grouper:FilteredName"
>
> sourceAttributeID="groupName">
>
> <resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
>
> <resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
>
> <!-- The MINUS filter matches stems which match the first child filter
> and not the second. -->
>
> <grouper:Filter xsi:type="grouper:MINUS">
>
> <!-- The NameInStem filter matches names which are children of the
> given stem. -->
>
> <grouper:Filter
>
> xsi:type="grouper:NameInStem"
>
> name="${edu.internet2.middleware.psp.baseStem}"
>
> scope="SUB" />
>
> <grouper:Filter
>
> xsi:type="grouper:NameInStem"
>
> name="etc"
>
> scope="SUB" />
>
> </grouper:Filter>
>
> </resolver:AttributeDefinition>
>
>
>
>
>
> Sébastien Gagné, | Analyste en informatique
>
> 514-343-6111 x33844 | Université de Montréal,
>
> | Pavillon Roger-Gaudry, local X-100-11
>
>



Archive powered by MHonArc 2.6.16.

Top of Page