Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Yoann Delattre <>, "" <>
  • Subject: RE: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute
  • Date: Tue, 4 Nov 2014 13:58:17 +0000
  • Accept-language: en-US

The thought with the changelog wasn’t to have an event for every change, but to have fewer events than that, and things can be implied.

For instance, the group display name has changed if the display extension or the parent stem has changed.  Dave says the PSP cant work like this, so we can add that change log event for display name.  Its not consistent with folders, and other things where it has fewer events, but its ok.

 

https://bugs.internet2.edu/jira/browse/GRP-1068

 

https://github.com/Internet2/grouper/commit/afaf8c37cb968b119c4509445ff8be1ef07ea21c

 

Nice job figuring out the patch J

 

Thanks,

Chris

 

From: Yoann Delattre [mailto:]
Sent: Tuesday, November 04, 2014 3:00 AM
To: Chris Hyzer;
Subject: Re: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute

 

No problem :)

I use Grouper 2.2.0.

a diff is ok ?

--- comp/grouper.api-2.2.0/src/grouper/edu/internet2/middleware/grouper/Group.java      2014-07-05 17:58:52.000000000 +0200
+++ Group.java  2014-11-04 08:56:45.000000000 +0100
@@ -6294,11 +6294,12 @@
               ChangeLogLabels.GROUP_UPDATE.parentStemId.name(), this.getParentUuid(),
               ChangeLogLabels.GROUP_UPDATE.displayName.name(), this.getDisplayName(),
               ChangeLogLabels.GROUP_UPDATE.description.name(), this.getDescription()),
-          GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION),
+          GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION, FIELD_DISPLAY_NAME),
           GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.name.name(),
               ChangeLogLabels.GROUP_UPDATE.parentStemId.name(),
               ChangeLogLabels.GROUP_UPDATE.description.name(),
-              ChangeLogLabels.GROUP_UPDATE.displayExtension.name()));
+              ChangeLogLabels.GROUP_UPDATE.displayExtension.name(),
+                 ChangeLogLabels.GROUP_UPDATE.displayName.name()));

     }
   }

Thanks for your answer,
Yoann.

 

Le 03/11/2014 23:21, Chris Hyzer a écrit :

Also please include what version of Grouper J  Thanks, Chris

 

From: [] On Behalf Of Chris Hyzer
Sent: Monday, November 03, 2014 5:20 PM
To: Yoann Delattre;
Subject: RE: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute

 

Can you tell me what line you edited, what it used to be, and what it is now?

 

Thanks,

Chris

 

From: [] On Behalf Of Yoann Delattre
Sent: Monday, November 03, 2014 6:00 AM
To:
Subject: [grouper-users] PSP - Provisionning group displayName into an LDAP attribute

 

Hi everyone,

few days ago, we decided to populate "ou" LDAP attribute with the group displayName.
so, i added this in psp.xml, in pso id="group" :

<!-- The ldap group "description" attribute. -->
    <attribute
      name="ou"
      ref="groupDisplayName" />



and this, in psp-resolver.xml :

    <!-- The value of the group "ou" attribute is the group displayExtension. -->
  <resolver:AttributeDefinition
    id="groupDisplayName"
    xsi:type="ad:Simple"
    sourceAttributeID="displayName">
    <resolver:Dependency ref="GroupWithoutMermbershipsDataConnector" />
    <resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
  </resolver:AttributeDefinition>


 
    <!-- Returns change log attributes representing the changing of a group's displayExtension. -->
  <resolver:DataConnector
    id="UpdateGroupDisplayNameChangeLogDataConnector"
    xsi:type="psp-grouper-changelog:ChangeLogDataConnector">
    <!-- The AND filter matches both child filters. -->
    <grouper:Filter xsi:type="grouper:AND">
      <!-- The ChangeLogEntry filter matches change log entries with the given category and action. -->
      <grouper:Filter
        xsi:type="psp-grouper-changelog:ChangeLogEntry"
        category="group"
        action=""updateGroup"" />
      <!-- The ChangeLogExactAttribute filter matches change log entries with the given attribute and value. -->
      <grouper:Filter
        xsi:type="psp-grouper-changelog:ChangeLogExactAttribute"
        name="propertyChanged"
        value="displayName" />
    </grouper:Filter>
  </resolver:DataConnector>


  <!-- The value of the "groupNameInStem" attribute is the name of a group. The name of the group is returned only if the
    group is a child of the stem whose name is the edu.internet2.middleware.psp.baseStem property. If the edu.internet2.middleware.psp.baseStem
    property is the root stem, groups under the "etc" stem are omitted. -->
  <resolver:AttributeDefinition
    id="groupNameInStem"
    xsi:type="grouper:FilteredName"
    sourceAttributeID="name">
    <!-- Dependencies which return a "name" attribute whose value is the group name. -->
    <resolver:Dependency ref="GroupWithoutMermbershipsDataConnector" />
    <resolver:Dependency ref="DeleteGroupChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
    <resolver:Dependency ref="GroupAttributeAssignValueChangeLogDataConnector" />  
    <!-- The MINUS filter matches stems which match the first child filter and not the second. -->
    <grouper:Filter xsi:type="grouper:MINUS">
      <!-- The NameInStem filter matches names which are children of the given stem. -->
      <grouper:Filter
        xsi:type="grouper:NameInStem"
        name="${edu.internet2.middleware.psp.baseStem}"
        scope="SUB" />
    <grouper:Filter xsi:type="grouper:OR">   
        <grouper:Filter
          xsi:type="grouper:NameInStem"
          name="etc"
          scope="SUB" />
        <grouper:Filter
          xsi:type="grouper:NameInStem"
          name="services"
          scope="SUB" />
      </grouper:Filter>
    </grouper:Filter>
  </resolver:AttributeDefinition>

  <!-- The group objectclass attribute. If a change log entry is resolved, do not return dependencies from the static data
    connector unless the change log entry is a membership change. -->
  <resolver:AttributeDefinition
    id="groupObjectclass"
    xsi:type="ad:Script">
    <resolver:Dependency ref="StaticDataConnector" />
    <resolver:Dependency ref="AddMembershipChangeLogDataConnector" />
    <resolver:Dependency ref="DeleteMembershipChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
    <resolver:Dependency ref="posixGroupObjectclass" />
    <resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDisplayNameChangeLogDataConnector" />
    <resolver:Dependency ref="GroupAttributeAssignValueChangeLogDataConnector" />
    <ad:Script><![CDATA[
        // Import Shibboleth attribute provider.
        importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
       
        // Create the attribute to be returned.
        groupObjectclass = new BasicAttribute("groupObjectclass");
       
        // Include values from 'staticGroupObjectClass' if the change log category is 'membership'.
        if (typeof changeLogCategory != "undefined" && changeLogCategory != null) {
            if (changeLogCategory.getValues().contains("membership")) {         
                groupObjectclass.getValues().addAll(staticGroupObjectclass.getValues());
            }
        // Include values from 'staticGroupObjectClass' if a change log entry is not being processed.
        } else {
            groupObjectclass.getValues().addAll(staticGroupObjectclass.getValues());
        }

        // Include values from 'posixGroupObjectclass' attribute.
        if (typeof posixGroupObjectclass != "undefined" && posixGroupObjectclass != null) {
            if (!posixGroupObjectclass.getValues().isEmpty()) {
                groupObjectclass.getValues().addAll(posixGroupObjectclass.getValues());
            }  
        }          
    ]]></ad:Script>
  </resolver:AttributeDefinition>


First, i tryed a psp sync :

./gsh -psp -sync etab-pub:test

Everything is OK.

Then i tried with the changelog by moving a group in the UI : the OU LDAP attribute was not update with the new displayName.

i checked the change log entry (grouper_change_log_entry_v) for this event, and this what i found :

1415010180701000    group    updateGroup    634292    id    e50c8ca8b8bc4ddd88478a604de805d3    name    etab-priv:test    parentStemId    5d57efaafd874278af28d2aa05fc3644    displayName    Etablissements prives:test    description    (null)    propertyChanged    parentStemId    propertyOldValue    d58ea1ea9054435e9fcc25227dc8012f    propertyNewValue    5d57efaafd874278af28d2aa05fc3644    (null)    (null)    (null)    (null)    (null)    (null)    (null)    (null)    7c3c349103db43dea2f8b8f8c310450d    fc046fb8359e4bfa8f9086bb33802651

1415010180699000    group    updateGroup    634291    id    e50c8ca8b8bc4ddd88478a604de805d3    name    etab-priv:test    parentStemId    5d57efaafd874278af28d2aa05fc3644    displayName    Etablissements prives:test    description    (null)    propertyChanged    name    propertyOldValue    etab-pub:test    propertyNewValue    etab-priv:test    (null)    (null)    (null)    (null)    (null)    (null)    (null)    (null)    7c3c349103db43dea2f8b8f8c310450d    fc046fb8359e4bfa8f9086bb33802651

there is no propertyChanged displayName, that's why it's not working.


So i changed the onPreUpdate method in Group class :

    } else {
      //change log into temp table
      ChangeLogEntry.saveTempUpdates(ChangeLogTypeBuiltin.GROUP_UPDATE,
          this, this.dbVersion(),
          GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.id.name(),this.getUuid(),
              ChangeLogLabels.GROUP_UPDATE.name.name(), this.getName(),
              ChangeLogLabels.GROUP_UPDATE.parentStemId.name(), this.getParentUuid(),
              ChangeLogLabels.GROUP_UPDATE.displayName.name(), this.getDisplayName(),
              ChangeLogLabels.GROUP_UPDATE.description.name(), this.getDescription()),
          GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION),
          GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.name.name(),
              ChangeLogLabels.GROUP_UPDATE.parentStemId.name(),
              ChangeLogLabels.GROUP_UPDATE.description.name(),
              ChangeLogLabels.GROUP_UPDATE.displayExtension.name()));   
     
    }

Now, it's works. But i don't know if it's a correct fix and if it's enought to solve the problem. :-/

Thanks for your help,
Yoann.

--

Yoann Delattre

03 20 95 69 61

Équipe SIAD (Systèmes d'Information et Aide à la Décision)
DSI de l'académie de Lille (Direction des Systèmes d'Information)
110 avenue Gaston Berger - 59000 Lille

 

 




Archive powered by MHonArc 2.6.16.

Top of Page