Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] LDAP loader and addIncludeExclude

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] LDAP loader and addIncludeExclude


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Scott Koranda <>, grouper-users <>
  • Subject: RE: [grouper-users] LDAP loader and addIncludeExclude
  • Date: Thu, 15 Aug 2013 20:40:01 +0000
  • Accept-language: en-US

Do you have include/exclude enabled in the grouper.properties?

grouperIncludeExclude.use = false

Does the type get applied to the group.

I don't think it matters if you make the group name end in _systemOfRecord...

Thanks,
Chris

-----Original Message-----
From:


[mailto:]
On Behalf Of Scott Koranda
Sent: Thursday, August 15, 2013 4:36 PM
To: grouper-users
Subject: [grouper-users] LDAP loader and addIncludeExclude

Hello,

I am loading groups from an LDAP directory using grouperLoaderLdapType
= LDAP_GROUPS_FROM_ATTRIBUTES. I would like to leverage the
addIncludeExclude functionality and have the composite groups
automatically created as part of the loader job.

I added

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupTypesName(),
"addIncludeExclude");

to the job. I also read this comment in the wiki:

"The reason this enhancement exists is so we can do a group list
filter and attach addIncludeExclude to the groups. Note, if you do
this (or use some requireGroups), the group name in the loader query
should end in the system of record suffix, which by default is
_systemOfRecord"

I take that to mean that the name of the group must end in
"_systemOfRecord" (or something else I can configure) in order to
trigger the addIncludeExclude and have the composite groups set up. Is
that correct?

If so, since the "names" of the groups do not end in _systemOfRecord,
I thought I would add

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(),
"groups:${groupAttribute}_systemOfRecord");

When I did that the loaded groups in Grouper did indeed end in
_systemOfRecord, but they were not part of any other created composite
groups and they had no memberships.

How can I take data out of the LDAP using LDAP_GROUPS_FROM_ATTRIBUTES
and wind up with the composite groups?

Thanks,

Scott



Archive powered by MHonArc 2.6.16.

Top of Page