Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] loading nested groups from an LDAP source

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] loading nested groups from an LDAP source


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Rob Gorrell <>, "" <>
  • Subject: RE: [grouper-users] loading nested groups from an LDAP source
  • Date: Thu, 4 Aug 2016 00:14:51 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

An example is done:

 

https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP#Grouper-LoaderLDAP-ExampleofconvertingDNtosubjectIdorGroupname(institutionspecific)

 

https://bugs.internet2.edu/jira/browse/GRP-1354

 

There is a jar attached inside the zip in this email

 

Add the ldapGroupUserConverter.jar to the classpath (e.g. to lib/custom)

 

In the grouper-loader.properties, add the class

 

loader.ldap.el.classes = ldapGroupUserConverter.LdapGroupUserConverter

 

Set the Grouper loader LDAP subject _expression_ attribute to     ${ldapGroupUserConverter.convertDntoSubjectIdOrIdentifier(subjectId)}

 

Unset the subject source id

 

If the subjectId is a subjectId, then make sure Grouper loader LDAP subject ID type is "subjectIdOrIdentifier".  If it is a subjectIdentifier (more common), then you can set it as subjectIdentifier.

 

Log the conversions with this in log4j.properties

 

log4j.logger.ldapGroupUserConverter.LdapGroupUserConverter = DEBUG

 

Let me know how it goes!  J

 

Thanks

Chris

 

From: [mailto:] On Behalf Of Rob Gorrell
Sent: Monday, July 25, 2016 9:46 AM
To:
Subject: [grouper-users] loading nested groups from an LDAP source

 

I currently have an LDAP_GROUP_LIST loader job pulling groups from an Active Directory source. In AD, we use a lot of group nesting (group of groups). When the loader job executes, it only loads those *user* objects with direct memberships to each group skipping over any *group* objects that are also direct members. What I would like it to do is resolve each group member in Grouper's internal source so that the group nesting copies over to grouper. Grouper has all these groups, but apparently the memberships aren't being resolved as it would seem the only subject source being used is my one that contains people (uncg-person).

-Rob


--

Robert W. Gorrell
Systems Architect, Identity and Access Management

University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA

Attachment: ldapGroupUserConverter.zip
Description: ldapGroupUserConverter.zip


Archive powered by MHonArc 2.6.19.

Top of Page