Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] PSPNG and user-defined attributes

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] PSPNG and user-defined attributes


Chronological Thread 
  • From: Paul Engle <>
  • To: Michael R Gettes <>
  • Cc:
  • Subject: Re: [grouper-users] PSPNG and user-defined attributes
  • Date: Thu, 16 Feb 2017 15:01:00 -0600
  • Ironport-phdr: 9a23:DB+awBTuYK0MlxdTOMj8xQRU3Npsv+yvbD5Q0YIujvd0So/mwa69ZhGN2/xhgRfzUJnB7Loc0qyN4v2mATBLuMrd+Fk5M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG2oAnLqsUbjoRuJrs+xxbGv3BFZ/lYyWR0KFyJgh3y/N2w/Jlt8yRRv/Iu6ctNWrjkcqo7ULJVEi0oP3g668P3uxbDSxCP5mYHXWUNjhVIGQnF4wrkUZr3ryD3q/By2CiePc3xULA0RTGv5LplRRP0lCsKMSMy/WfKgcJyka1bugqsqQFhzY7aYI+bN/Rwca3SctwYWWVPUd1cVzBCD46mc4cDE+QMMOReooLgp1UOtxy+BQy0Ce310DBIm3v21rA13eQnHgHG2BIvFM8JvXTMstr1MqgSUeSrw6TT1zXDbu9Z1inn5IfWbx8hvOiBULRtesTS0UkiDx7JgkuTpID/MD6ZyP4Bv3aH4+Z9T+6jlnIrpxxprjSy2MshiZPFi40Lxlze6yl13Js5KcemREJnZ9OvDYFeuDuAN4RsR8MvW2Fotzg+yr0BoZO7ZDAKxIo9yx7FavyIb5aH7gj9W+mMPDd0nHNleLShiBau6UWs1/PwW8qu3FtFsCZJiMfAumwQ2xDJ98SLVuZx8l+k2TmV1gDT7u9EIVozlareM5Mh2qA/lpwcsUTHACD7g1/2jK6KeUo64OSn9fnoYqj+qp+GK4B0kh3+MrgpmsGnDuQ4KA8OX3WD+euizr3v5FD5QK5Ugf0sianUq5TaJcUApq6lGA9ZzJwv6xe5Dze6ztsYh38HI0xZeB6ZlYTmJUzBIO2rRcu41nGtmzdiyvSOBPXOD4nRI2OLxLL7cu0lw1ZH1Uw+wc0JtLxODbRUGPvuXgfcstPcA1dtKwGyzOLqIM983Y5YVG6SVPzKeJjOuEOFs7p8a9KHY5UY7W7w


Not quite what I'm shooting for. The value I'm wanting is a grouper
attribute, defined on a group. Take that value and provision it as an
LDAP attribute value for the members' entries. Sort of like isMemberOf
is done in the examples, but using something other than the group name.
(Specifically, this is all for trying to handle eduPersonEntitlement.)

I think I have it worked out. I didn't know I could just use plain ol'
java calls inside the expression language. So this worked:

changeLog.consumer.pspng_attributes_entitlement.class =
edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_attributes_entitlement.type =
edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner
...
changeLog.consumer.pspng_attributes_entitlement.provisionedAttributeName
= eduPersonEntitlement
changeLog.consumer.pspng_attributes_entitlement.provisionedAttributeValueFormat
=
${group.getAttributeValueDelegate().retrieveValueString('etc:attribute:eduperson:entitlement')}


That is successfully grabbing the value and putting it where I want.

I never had it working the way I really wanted it to in the psp, but it
looked like it should be easy enough to do in pspng. And it is!

Kudos to Bert on all the work put into this. So far, I'm really liking
the pspng.

-paul


On 2/16/2017 2:21 PM, Michael R Gettes wrote:
> Have tried something like ${ldapUser.getStringValue(“ATTRNAME”)} where
> ATTRNAME is the name of the LDAP attribute? Make sure ATTRNAME is also
> in the userSearchAttrbiutes list. I haven’t tested this yet but based on
> some
> other stuff done I think this should work. You could do
> ou=${ldapUser.getStringValue(“ATTRNAME”)}
> I’d be interested in your results.
>
> /mrg
>
>> On Feb 16, 2017, at 11:34 AM, Paul Engle
>> <>
>> wrote:
>>
>> All,
>>
>> I'm finally making some headway on trying to port our provisioning from
>> psp to pspng in preparation for the move to 2.3.0. I've got a pretty
>> good feel for how things work in the new config, but I'm hitting a wall.
>>
>> The scenario: We have groups with user-defined attributes on them. What
>> I would like is to have the value of that attribute be populated as an
>> LDAP attribute on the members' LDAP entries. But I'm having trouble
>> figuring out the magic to use for the provisionedAttributeValueFormat
>> property that will access a user-defined group attribute instead of the
>> built-ins, like ${group.name}. Has anyone done anything similar and can
>> offer any pointers?
>>
>> -paul
>>
>> --
>> Paul Engle
>> Office of Information Technology
>>
>> 713-348-4702
>
>

--
Paul Engle
Office of Information Technology

713-348-4702



Archive powered by MHonArc 2.6.19.

Top of Page