grouper-users - [grouper-users] RE: AD groups and sAMAccountname, colons
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: "Bryan E. Wooten" <>, "" <>
- Subject: [grouper-users] RE: AD groups and sAMAccountname, colons
- Date: Mon, 11 Mar 2013 20:56:56 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
|
In the grouper.properties you can specify a regex for valid group extensions: ################################### ## Group attribute validation via regex ## You can attach a regex to an attribute name (including built ins) ## If none are registered, the built in hook will not be enabled ## The built ins are description, displayName, extension, displayExtension, name ## Configure a group.attribute.validator.attributeName.X for attribute name ## group.attribute.validator.regex.X for the regex ## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute) ## the X must be a sequential integer which groups the config entries together. ## do not repeat two config entries ################################### #Attach a regex validator by attribute name #group.attribute.validator.attributeName.0=extension #group.attribute.validator.regex.0=^[a-zA-Z0-9]+$ #group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics # #group.attribute.validator.attributeName.1=displayExtension #group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$ #group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces Thanks, Chris From: [mailto:]
On Behalf Of Bryan E. Wooten When provisioning AD groups from the PSP the default example shows sAMAccountName being set to the CN. When the PSP provisions a group it seems to create 2 CNs. One like FolderID:GroupID and another that is just GroupID. Well AD doesn’t allow colons in sAMAccountName. I found this discussion: https://lists.internet2.edu/sympa/arc/grouper-dev/2012-07/msg00027.html This comment caught my eye: “ At Duke, we work around the colon issue and maintain uniqueness by converting the colons into hyphens and not allowing hyphens in group/folder names
in Grouper.” Is this something I can configure or do I have to dig into the source code to make the fix? -Bryan |
- [grouper-users] AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] AD groups and sAMAccountname, colons, Michael R. Gettes, 03/11/2013
- RE: [grouper-users] AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] AD groups and sAMAccountname, colons, Sebastien Gagne, 03/11/2013
- RE: [grouper-users] AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- [grouper-users] RE: AD groups and sAMAccountname, colons, Chris Hyzer, 03/11/2013
- [grouper-users] RE: AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] AD groups and sAMAccountname, colons, Michael R. Gettes, 03/11/2013
Archive powered by MHonArc 2.6.16.