grouper-users - [grouper-users] RE: AD groups and sAMAccountname, colons
Subject: Grouper Users - Open Discussion List
List archive
- From: "Bryan E. Wooten" <>
- To: Chris Hyzer <>, "" <>
- Subject: [grouper-users] RE: AD groups and sAMAccountname, colons
- Date: Mon, 11 Mar 2013 21:33:36 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
|
Thanks, Looking at that, I am not sure how I make it substitute ‘-‘ for ‘:’ in the cn grouper is trying to populate. I tried this: group.attribute.validator.attributeName.0=cn group.attribute.validator.regex.0=s/:/-/g group.attribute.validator.vetoMessage.0=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces But it had no effect. This seems like an issue anyone trying to provision groups into AD will encounter. There must be an example out there somewhere. Apologies for regex being far from my strong suit. Thanks, Bryan From: Chris Hyzer [mailto:]
In the grouper.properties you can specify a regex for valid group extensions: ################################### ## Group attribute validation via regex ## You can attach a regex to an attribute name (including built ins) ## If none are registered, the built in hook will not be enabled ## The built ins are description, displayName, extension, displayExtension, name ## Configure a group.attribute.validator.attributeName.X for attribute name ## group.attribute.validator.regex.X for the regex ## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute) ## the X must be a sequential integer which groups the config entries together. ## do not repeat two config entries ################################### #Attach a regex validator by attribute name #group.attribute.validator.attributeName.0=extension #group.attribute.validator.regex.0=^[a-zA-Z0-9]+$ #group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics # #group.attribute.validator.attributeName.1=displayExtension #group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$ #group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces Thanks, Chris From:
[]
On Behalf Of Bryan E. Wooten When provisioning AD groups from the PSP the default example shows sAMAccountName being set to the CN. When the PSP provisions a group it seems to create 2 CNs. One like FolderID:GroupID and another that is just GroupID. Well AD doesn’t allow colons in sAMAccountName. I found this discussion: https://lists.internet2.edu/sympa/arc/grouper-dev/2012-07/msg00027.html This comment caught my eye: “ At Duke, we work around the colon issue and maintain uniqueness by converting the colons into hyphens and not allowing hyphens in group/folder names
in Grouper.” Is this something I can configure or do I have to dig into the source code to make the fix? -Bryan |
- [grouper-users] AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] AD groups and sAMAccountname, colons, Michael R. Gettes, 03/11/2013
- RE: [grouper-users] AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] AD groups and sAMAccountname, colons, Sebastien Gagne, 03/11/2013
- RE: [grouper-users] AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- [grouper-users] RE: AD groups and sAMAccountname, colons, Chris Hyzer, 03/11/2013
- [grouper-users] RE: AD groups and sAMAccountname, colons, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] AD groups and sAMAccountname, colons, Michael R. Gettes, 03/11/2013
Archive powered by MHonArc 2.6.16.