grouper-users - Re: [grouper-users] PSP Provision LDAP and AD Group members
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: "" <>
- Subject: Re: [grouper-users] PSP Provision LDAP and AD Group members
- Date: Thu, 21 Mar 2013 16:34:53 -0500
- Authentication-results: sfpop-ironport03.merit.edu; dkim=pass (signature verified)
You can ignore the TODO to "support QueryClause other than our own",
it's an spml detail.
I don't think the PSOIdentifier comes from sources.xml, because in
psp-services.xml you defined the ldapPoolIdSource as "spring", not
"grouper".
You sent me psp-services.xml, go ahead and pm or post sanitized
psp.xml, psp-resolver.xml, and your psp-vt-ldap-*.xml files. Otherwise
I'm guessing.
On Thu, Mar 21, 2013 at 3:14 PM, Bryan E. Wooten
<>
wrote:
> I finally decided to download the source and really dig into why I can’t
> make this work.
>
>
>
> The symptom is this line from the log file:
>
>
>
> 2013-03-21 13:32:08,943: [main] DEBUG LdapSpmlTarget.execute(596) - -
> Target 'ad' - Searching
> 'SearchRequestWithQueryClauseNamespaces[query=Query[hasReference=HasReference[toPsoID=PSOIdentifier[id='unid=u0105078,ou=people,o
>
> =utah.edu',targetID=ldap,containerID=<null>],typeOfReference=member],basePsoID=PSOIdentifier[id='CN=g1id,OU=UofU2id,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu',targetID=ad,containerID=<null>],scope=pso,targetID=ad],return
>
> Data=identifier,maxSelect=0,requestID=2013/03/21-13:32:08.938]'
>
>
>
> The PSOIdentifier is valid for the LDAP target and not the AD target. From
> experimentation I know this comes from the sources.xml file. My sources.xml
> has two entries on named “ldap” and the other named “ad”.
>
>
>
> So looking at the code I see this (LdapSpmlTarget.java, 2.1.3 tag):
>
>
>
> /**
> {@inheritDoc}
> */
>
> public void execute(SearchRequest searchRequest, SearchResponse
> searchResponse) {
>
>
>
> // query
>
> Query query = searchRequest.getQuery();
>
>
>
> // query filter
>
> // TODO support QueryClause other than our own
>
> String filter = null;
>
> for (QueryClause queryClause : query.getQueryClauses()) {
>
> if (queryClause instanceof HasReference) {
>
> HasReference hasReference = (HasReference) queryClause;
>
> if (hasReference.getTypeOfReference() != null &&
> hasReference.getToPsoID() != null
>
> && hasReference.getToPsoID().getID() != null) {
>
> filter = "(" + hasReference.getTypeOfReference() + "=" +
> hasReference.getToPsoID().getID() + ")";
>
> // TODO what do we do with
> hasReference.getReferenceData(); ?
>
>
>
> The comments (// TODO support QueryClause other than our own) lead me to
> believe that what I am trying to do is just not possible because the code
> never looks at my “ad” section in sources.xml:
>
>
>
> <source
> adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdapter">
>
> <id>ad</id>
>
> <name>ADSourceAdapter</name>
>
>
>
> Can someone confirm this?
>
>
>
> Thanks,
>
>
>
> Bryan
>
>
>
>
- [grouper-users] PSP Provision LDAP and AD Group members, Bryan E. Wooten, 03/21/2013
- Re: [grouper-users] PSP Provision LDAP and AD Group members, Tom Zeller, 03/21/2013
Archive powered by MHonArc 2.6.16.