Skip to Content.
Sympa Menu

grouper-users - [grouper-users] PSP - Provisionning group displayName into an LDAP attribute

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] PSP - Provisionning group displayName into an LDAP attribute


Chronological Thread 
  • From: Yoann Delattre <>
  • To: "" <>
  • Subject: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute
  • Date: Mon, 03 Nov 2014 11:59:47 +0100
Hi everyone,

few days ago, we decided to populate "ou" LDAP attribute with the group displayName.
so, i added this in psp.xml, in pso id="group" :

<!-- The ldap group "description" attribute. -->
    <attribute
      name="ou"
      ref="groupDisplayName" />


and this, in psp-resolver.xml :

    <!-- The value of the group "ou" attribute is the group displayExtension. -->
  <resolver:AttributeDefinition
    id="groupDisplayName"
    xsi:type="ad:Simple"
    sourceAttributeID="displayName">
    <resolver:Dependency ref="GroupWithoutMermbershipsDataConnector" />
    <resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
  </resolver:AttributeDefinition>

 
    <!-- Returns change log attributes representing the changing of a group's displayExtension. -->
  <resolver:DataConnector
    id="UpdateGroupDisplayNameChangeLogDataConnector"
    xsi:type="psp-grouper-changelog:ChangeLogDataConnector">
    <!-- The AND filter matches both child filters. -->
    <grouper:Filter xsi:type="grouper:AND">
      <!-- The ChangeLogEntry filter matches change log entries with the given category and action. -->
      <grouper:Filter
        xsi:type="psp-grouper-changelog:ChangeLogEntry"
        category="group"
        action="updateGroup" />
      <!-- The ChangeLogExactAttribute filter matches change log entries with the given attribute and value. -->
      <grouper:Filter
        xsi:type="psp-grouper-changelog:ChangeLogExactAttribute"
        name="propertyChanged"
        value="displayName" />
    </grouper:Filter>
  </resolver:DataConnector>

  <!-- The value of the "groupNameInStem" attribute is the name of a group. The name of the group is returned only if the
    group is a child of the stem whose name is the edu.internet2.middleware.psp.baseStem property. If the edu.internet2.middleware.psp.baseStem
    property is the root stem, groups under the "etc" stem are omitted. -->
  <resolver:AttributeDefinition
    id="groupNameInStem"
    xsi:type="grouper:FilteredName"
    sourceAttributeID="name">
    <!-- Dependencies which return a "name" attribute whose value is the group name. -->
    <resolver:Dependency ref="GroupWithoutMermbershipsDataConnector" />
    <resolver:Dependency ref="DeleteGroupChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
    <resolver:Dependency ref="GroupAttributeAssignValueChangeLogDataConnector" />  
    <!-- The MINUS filter matches stems which match the first child filter and not the second. -->
    <grouper:Filter xsi:type="grouper:MINUS">
      <!-- The NameInStem filter matches names which are children of the given stem. -->
      <grouper:Filter
        xsi:type="grouper:NameInStem"
        name="${edu.internet2.middleware.psp.baseStem}"
        scope="SUB" />
    <grouper:Filter xsi:type="grouper:OR">   
        <grouper:Filter
          xsi:type="grouper:NameInStem"
          name="etc"
          scope="SUB" />
        <grouper:Filter
          xsi:type="grouper:NameInStem"
          name="services"
          scope="SUB" />
      </grouper:Filter>
    </grouper:Filter>
  </resolver:AttributeDefinition>

  <!-- The group objectclass attribute. If a change log entry is resolved, do not return dependencies from the static data
    connector unless the change log entry is a membership change. -->
  <resolver:AttributeDefinition
    id="groupObjectclass"
    xsi:type="ad:Script">
    <resolver:Dependency ref="StaticDataConnector" />
    <resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
    <resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
    <resolver:Dependency ref="posixGroupObjectclass" />
    <resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
    <resolver:Dependency ref="GroupAttributeAssignValueChangeLogDataConnector" />
    <ad:Script><![CDATA[
        // Import Shibboleth attribute provider.
        importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
       
        // Create the attribute to be returned.
        groupObjectclass = new BasicAttribute("groupObjectclass");
       
        // Include values from 'staticGroupObjectClass' if the change log category is 'membership'.
        if (typeof changeLogCategory != "undefined" && changeLogCategory != null) {
            if (changeLogCategory.getValues().contains("membership")) {         
                groupObjectclass.getValues().addAll(staticGroupObjectclass.getValues());
            }
        // Include values from 'staticGroupObjectClass' if a change log entry is not being processed.
        } else {
            groupObjectclass.getValues().addAll(staticGroupObjectclass.getValues());
        }

        // Include values from 'posixGroupObjectclass' attribute.
        if (typeof posixGroupObjectclass != "undefined" && posixGroupObjectclass != null) {
            if (!posixGroupObjectclass.getValues().isEmpty()) {
                groupObjectclass.getValues().addAll(posixGroupObjectclass.getValues());
            }  
        }          
    ]]></ad:Script>
  </resolver:AttributeDefinition>


First, i tryed a psp sync :

./gsh -psp -sync etab-pub:test

Everything is OK.

Then i tried with the changelog by moving a group in the UI : the OU LDAP attribute was not update with the new displayName.

i checked the change log entry (grouper_change_log_entry_v) for this event, and this what i found :

1415010180701000    group    updateGroup    634292    id    e50c8ca8b8bc4ddd88478a604de805d3    name    etab-priv:test    parentStemId    5d57efaafd874278af28d2aa05fc3644    displayName    Etablissements prives:test    description    (null)    propertyChanged    parentStemId    propertyOldValue    d58ea1ea9054435e9fcc25227dc8012f    propertyNewValue    5d57efaafd874278af28d2aa05fc3644    (null)    (null)    (null)    (null)    (null)    (null)    (null)    (null)    7c3c349103db43dea2f8b8f8c310450d    fc046fb8359e4bfa8f9086bb33802651

1415010180699000    group    updateGroup    634291    id    e50c8ca8b8bc4ddd88478a604de805d3    name    etab-priv:test    parentStemId    5d57efaafd874278af28d2aa05fc3644    displayName    Etablissements prives:test    description    (null)    propertyChanged    name    propertyOldValue    etab-pub:test    propertyNewValue    etab-priv:test    (null)    (null)    (null)    (null)    (null)    (null)    (null)    (null)    7c3c349103db43dea2f8b8f8c310450d    fc046fb8359e4bfa8f9086bb33802651

there is no propertyChanged displayName, that's why it's not working.


So i changed the onPreUpdate method in Group class :

    } else {
      //change log into temp table
      ChangeLogEntry.saveTempUpdates(ChangeLogTypeBuiltin.GROUP_UPDATE,
          this, this.dbVersion(),
          GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.id.name(),this.getUuid(),
              ChangeLogLabels.GROUP_UPDATE.name.name(), this.getName(),
              ChangeLogLabels.GROUP_UPDATE.parentStemId.name(), this.getParentUuid(),
              ChangeLogLabels.GROUP_UPDATE.displayName.name(), this.getDisplayName(),
              ChangeLogLabels.GROUP_UPDATE.description.name(), this.getDescription()),
          GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION),
          GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.name.name(),
              ChangeLogLabels.GROUP_UPDATE.parentStemId.name(),
              ChangeLogLabels.GROUP_UPDATE.description.name(),
              ChangeLogLabels.GROUP_UPDATE.displayExtension.name()));   
     
    }

Now, it's works. But i don't know if it's a correct fix and if it's enought to solve the problem. :-/

Thanks for your help,
Yoann.

--
Yoann Delattre 03 20 95 69 61
Équipe SIAD (Systèmes d'Information et Aide à la Décision)
DSI de l'académie de Lille (Direction des Systèmes d'Information)
110 avenue Gaston Berger - 59000 Lille

Archive powered by MHonArc 2.6.16.

Top of Page