Grouper Users - Open Discussion List

[Gagné Sébastien <>]

I panicked too quickly, sorry about that. I did more tests and finally to 
clear an attribute you need to "not add"  anything (no empty string value) to 
the attribute. This use case was broken before in my first tests, but now 
with replaceValues="true" it's working as intended. See my example below 

  <resolver:AttributeDefinition     id="mail"     xsi:type="ad:Script">
    <resolver:Dependency ref="isDistributionGroup" />
    <resolver:Dependency ref="GroupWithoutMembershipsDataConnector" />
    <ad:Script><![CDATA[
        // Import Shibboleth attribute provider.
        
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);

        // Create the attribute to be returned.
        mail = new BasicAttribute("mail");

        if (isDistributionGroup.getValues().get(0).equals("Y")) {
           mail.getValues().add(extension.getValues().get(0)  + 
"@grdevsim.umontreal.ca");
        } else {
        //   Don't add a value to clear it
        }

    ]]></ad:Script>
  </resolver:AttributeDefinition>


-----Message d'origine-----
De : 

 
[mailto:]
 De la part de Gagné Sébastien
Envoyé : 1 mars 2013 11:20
À : Tom Zeller
Cc : 
;
 

Objet : RE: [grouper-users] PSP sync, clearing an attribute value in ldap

Hi,
I ran into a problem : defining an empty attribute value (e.g. 
mail.getValues().add("");) does clear an attribute value, but if the 
attribute is already empty I get an error saying the attribute has no value : 

<psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' 
status='failure' requestID='2013/03/01-11:05:23.807' error='customError'>
  <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' 
requestID='2013/03/01-11:05:24.360' error='customError'>
    <errorMessage>'mail' has no values.</errorMessage>
  </modifyResponse>
  <errorMessage>'mail' has no values.</errorMessage>
  <psp:id ID='acad:1601:Cours:H13_VIO3020-A'/>
</psp:syncResponse>

If I set a value to mail I don't have the error and the attribute is cleared, 
but then I'll get the error the next time the sync is done.

This leads me to believe that the "PSP Diff doer" thinks the "empty string" 
value is different than the "<not set>" attribute in AD so it tries to 
replace an empty value for another one. It seems so since the PSP fails for 
every single groups even though there are no other modification to sync.

Is it patchable ?

Thanks


-----Message d'origine-----
De : Tom Zeller 
[mailto:]
 Envoyé : 26 février 2013 17:15 À : Gagné Sébastien Cc : 
;
 

 Objet : Re: [grouper-users] PSP sync, clearing an attribute value in ldap

Probably something should be done to make the behavior clearer.

On Mon, Feb 25, 2013 at 1:25 PM, Gagné Sébastien 
<>
 wrote:
> Please forget the previous e-mail, I think I messed up my test.
>
>
>
> You CAN clear the attribute value if you set "replaceValues="true"" 
> and define an attribute with an empty value (e.g.
> scriptAttribute.getValues().add("")) . If replaceValues isn't set to 
> true you will get the "<errorMessage>'description' has no 
> values.</errorMessage>"
> message since it tries to add an empty value (instead of replacing it)
>
>
>
>
>
> De : 
> 
> [mailto:]
>  De la part de Gagné 
> Sébastien Envoyé : 22 février 2013 16:03 À :
> 
>  Cc : 
> 
>  Objet : 
> [grouper-users] PSP sync, clearing an attribute value in ldap
>
>
>
> Hi again,
>
> I have another question (again) : how do you clear an attribute value 
> in ldap ? My tests shows that if I define an attribute with an empty 
> value I get the error "'{attribute name}' has no values." (see below).
>
>
>
> I'm using a script where if an attribute has value "Y" set a value in 
> the attribute, otherwise set an empty value. This is an important use 
> case in our distribution group integration since we want users to be 
> able to mail-disable groups and that requires us to clear some ldap 
> attributes (mail, mailNickname, proxyAdresses, etc.)
>
>
>
> Is there a way to do that ?
>
> I tried setting replaceValues="true" but it didn't work and there 
> doesn't seem that there's any parameters to set that.
>
>
>
> Thanks
>
>
>
> Error message :
>
> <psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp'
> status='failure' requestID='2013/02/22-15:43:02.039' 
> error='customError'>
>
>   <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
> requestID='2013/02/22-15:43:02.279' error='customError'>
>
>     <errorMessage>'description' has no values.</errorMessage>
>
>   </modifyResponse>
>
>   <errorMessage>'description' has no values.</errorMessage>
>
>   <psp:id ID='acad:testGroup'/>
>
> </psp:syncResponse>
>
>
>
> Sébastien Gagné,     | Analyste en informatique
>
> 514-343-6111 x33844  | Université de Montréal,
>
>                      | Pavillon Roger-Gaudry, local X-100-11
>
>