grouper-users - [grouper-users] PSPNG and groupSelectionExpression
Subject: Grouper Users - Open Discussion List
List archive
- From: Sean Mason <>
- To: "" <>
- Subject: [grouper-users] PSPNG and groupSelectionExpression
- Date: Fri, 27 May 2016 15:27:18 +0000
- Accept-language: en-CA, en-US
|
Hi All, I’m attempting to give PSPNG a spin, and am having some difficulty with the default groupSelectionExpression. The goal is to provision a single security group to an active directory service. I’m using Grouper 2.3.0, and the matching PSPNG. If I have no groups or folders assigned the attribute “provision_to”, nothing gets provisioned to the active directory target as expected. If I have at least one group or folder assigned the “provision_to” attribute with the target name as a value, ALL groups get provisioned to the active directory target. If I have one group assigned the “provision_to” attribute with target name, and “do_not_provision_to” attribute with target name assigned to all other groups, ALL groups get provisioned to the active directory (including those assigned
do_not_provision_to). Have I missed a step, or mis-understood something? Somewhat sanitized configuration below: #### PSPNG Config #### # Nexus Active Directory Groups ldap.AD.ldapUrl = ldap://example.com:389 ldap.AD.bindDn = !! ldap.AD.bindCredential = XXXXX changeLog.consumer.pspng_nexus.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_nexus.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner changeLog.consumer.pspng_nexus.quartzCron = 0 * * * * ? changeLog.consumer.pspng_nexus.ldapPoolName = AD changeLog.consumer.pspng_nexus.memberAttributeName = member changeLog.consumer.pspng_nexus.memberAttributeValueFormat = ${ldapUser.getDn()} changeLog.consumer.pspng_nexus.groupSearchBaseDn = OU=Security Groups,DC=Example,DC=com changeLog.consumer.pspng_nexus.allGroupsSearchFilter = objectclass=group changeLog.consumer.pspng_nexus.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name})) changeLog.consumer.pspng_nexus.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group changeLog.consumer.pspng_nexus.userSearchBaseDn = OU=people,DC=example,DC=com changeLog.consumer.pspng_nexus.userSearchFilter = samAccountName=${subject.id} changeLog.consumer.pspng_nexus.isActiveDirectory = TRUE changeLog.psp.fullSync.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter changeLog.psp.fullSync.quartzCron = 0 0 * * * ? changeLog.psp.fullSync.runAtStartup = true Thanks, Sean. |
- [grouper-users] PSPNG and groupSelectionExpression, Sean Mason, 05/27/2016
- [grouper-users] Re: PSPNG and groupSelectionExpression, Bee-Lindgren, Bert A, 05/27/2016
Archive powered by MHonArc 2.6.16.