Can you tell me what line you edited, what it used to be, and what it is now?
Thanks,
Chris
From: [mailto:]
On Behalf Of Yoann Delattre
Sent: Monday, November 03, 2014 6:00 AM
To:
Subject: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute
Hi everyone,
few days ago, we decided to populate "ou" LDAP attribute with the group displayName.
so, i added this in psp.xml, in pso id="group" :
<!-- The ldap group "description" attribute. -->
<attribute
name="ou"
ref="groupDisplayName" />
and this, in psp-resolver.xml :
<!-- The value of the group "ou" attribute is the group displayExtension. -->
<resolver:AttributeDefinition
id="groupDisplayName"
xsi:type="ad:Simple"
sourceAttributeID="displayName">
<resolver:Dependency ref="GroupWithoutMermbershipsDataConnector" />
<resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
</resolver:AttributeDefinition>
<!-- Returns change log attributes representing the changing of a group's displayExtension. -->
<resolver:DataConnector
id="UpdateGroupDisplayNameChangeLogDataConnector"
xsi:type="psp-grouper-changelog:ChangeLogDataConnector">
<!-- The AND filter matches both child filters. -->
<grouper:Filter xsi:type="grouper:AND">
<!-- The ChangeLogEntry filter matches change log entries with the given category and action. -->
<grouper:Filter
xsi:type="psp-grouper-changelog:ChangeLogEntry"
category="group"
action=""updateGroup"" />
<!-- The ChangeLogExactAttribute filter matches change log entries with the given attribute and value. -->
<grouper:Filter
xsi:type="psp-grouper-changelog:ChangeLogExactAttribute"
name="propertyChanged"
value="displayName" />
</grouper:Filter>
</resolver:DataConnector>
<!-- The value of the "groupNameInStem" attribute is the name of a group. The name of the group is returned only if the
group is a child of the stem whose name is the edu.internet2.middleware.psp.baseStem property. If the edu.internet2.middleware.psp.baseStem
property is the root stem, groups under the "etc" stem are omitted. -->
<resolver:AttributeDefinition
id="groupNameInStem"
xsi:type="grouper:FilteredName"
sourceAttributeID="name">
<!-- Dependencies which return a "name" attribute whose value is the group name. -->
<resolver:Dependency ref="GroupWithoutMermbershipsDataConnector" />
<resolver:Dependency ref="DeleteGroupChangeLogDataConnector" />
<resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
<resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
<resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
<resolver:Dependency ref="GroupAttributeAssignValueChangeLogDataConnector" />
<!-- The MINUS filter matches stems which match the first child filter and not the second. -->
<grouper:Filter xsi:type="grouper:MINUS">
<!-- The NameInStem filter matches names which are children of the given stem. -->
<grouper:Filter
xsi:type="grouper:NameInStem"
name="${edu.internet2.middleware.psp.baseStem}"
scope="SUB" />
<grouper:Filter xsi:type="grouper:OR">
<grouper:Filter
xsi:type="grouper:NameInStem"
name="etc"
scope="SUB" />
<grouper:Filter
xsi:type="grouper:NameInStem"
name="services"
scope="SUB" />
</grouper:Filter>
</grouper:Filter>
</resolver:AttributeDefinition>
<!-- The group objectclass attribute. If a change log entry is resolved, do not return dependencies from the static data
connector unless the change log entry is a membership change. -->
<resolver:AttributeDefinition
id="groupObjectclass"
xsi:type="ad:Script">
<resolver:Dependency ref="StaticDataConnector" />
<resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
<resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
<resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
<resolver:Dependency ref="posixGroupObjectclass" />
<resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
<resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
<resolver:Dependency ref="GroupAttributeAssignValueChangeLogDataConnector" />
<ad:Script><![CDATA[
// Import Shibboleth attribute provider.
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
// Create the attribute to be returned.
groupObjectclass = new BasicAttribute("groupObjectclass");
// Include values from 'staticGroupObjectClass' if the change log category is 'membership'.
if (typeof changeLogCategory != "undefined" && changeLogCategory != null) {
if (changeLogCategory.getValues().contains("membership")) {
groupObjectclass.getValues().addAll(staticGroupObjectclass.getValues());
}
// Include values from 'staticGroupObjectClass' if a change log entry is not being processed.
} else {
groupObjectclass.getValues().addAll(staticGroupObjectclass.getValues());
}
// Include values from 'posixGroupObjectclass' attribute.
if (typeof posixGroupObjectclass != "undefined" && posixGroupObjectclass != null) {
if (!posixGroupObjectclass.getValues().isEmpty()) {
groupObjectclass.getValues().addAll(posixGroupObjectclass.getValues());
}
}
]]></ad:Script>
</resolver:AttributeDefinition>
First, i tryed a psp sync :
./gsh -psp -sync etab-pub:test
Everything is OK.
Then i tried with the changelog by moving a group in the UI : the OU LDAP attribute was not update with the new displayName.
i checked the change log entry (grouper_change_log_entry_v) for this event, and this what i found :
1415010180701000 group updateGroup 634292 id e50c8ca8b8bc4ddd88478a604de805d3 name etab-priv:test parentStemId 5d57efaafd874278af28d2aa05fc3644 displayName Etablissements prives:test description (null) propertyChanged
parentStemId propertyOldValue d58ea1ea9054435e9fcc25227dc8012f propertyNewValue 5d57efaafd874278af28d2aa05fc3644 (null) (null) (null) (null) (null) (null) (null) (null) 7c3c349103db43dea2f8b8f8c310450d fc046fb8359e4bfa8f9086bb33802651
1415010180699000 group updateGroup 634291 id e50c8ca8b8bc4ddd88478a604de805d3 name etab-priv:test parentStemId 5d57efaafd874278af28d2aa05fc3644 displayName Etablissements prives:test description (null)
propertyChanged name propertyOldValue etab-pub:test propertyNewValue etab-priv:test (null) (null) (null) (null) (null) (null) (null) (null) 7c3c349103db43dea2f8b8f8c310450d fc046fb8359e4bfa8f9086bb33802651
there is no propertyChanged displayName, that's why it's not working.
So i changed the onPreUpdate method in Group class :
} else {
//change log into temp table
ChangeLogEntry.saveTempUpdates(ChangeLogTypeBuiltin.GROUP_UPDATE,
this, this.dbVersion(),
GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.id.name(),this.getUuid(),
ChangeLogLabels.GROUP_UPDATE.name.name(), this.getName(),
ChangeLogLabels.GROUP_UPDATE.parentStemId.name(), this.getParentUuid(),
ChangeLogLabels.GROUP_UPDATE.displayName.name(), this.getDisplayName(),
ChangeLogLabels.GROUP_UPDATE.description.name(), this.getDescription()),
GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION),
GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.name.name(),
ChangeLogLabels.GROUP_UPDATE.parentStemId.name(),
ChangeLogLabels.GROUP_UPDATE.description.name(),
ChangeLogLabels.GROUP_UPDATE.displayExtension.name()));
}
Now, it's works. But i don't know if it's a correct fix and if it's enought to solve the problem. :-/
Thanks for your help,
Yoann.
--
|
Yoann Delattre
|
✆
|
03 20 95 69 61
|
✉
|
|
|
Équipe SIAD (Systèmes d'Information et Aide à la Décision)
DSI de l'académie de Lille (Direction des Systèmes d'Information)
110 avenue Gaston Berger - 59000 Lille
|
