Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Making PSPNG authoritative for all values of an attribute

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Making PSPNG authoritative for all values of an attribute

Chronological Thread 
  • From: Paul Engle <>
  • To:
  • Subject: [grouper-users] Making PSPNG authoritative for all values of an attribute
  • Date: Mon, 20 Feb 2017 11:16:04 -0600
  • Ironport-phdr: 9a23:9Yojnx3ME3ra4oVgsmDT+DRfVm0co7zxezQtwd8Zse0XKfad9pjvdHbS+e9qxAeQG96KtrQd0aGH7ujJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhDexe65+IAu5oQjVtsQdnJdvJLs2xhbVuHVDZv5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnMURGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LptRRT1iikIKiQ5/XnJhMJwkaxVoxyvqBJwzIHIb4+YL+Z+c6HHcN8GWWZMUMRcWipcCY28dYsPCO8BMP5CoYbnulsOqQa1CwaqBOPgzj9HmGL90Koi0+s/FwHG0wggEMwVvXTOrdX6KLkdXfqrw6bV0DXOdvVb0ir+5ojQah0tvO+AULFqfcfe10UjDR3JgkmNpYD/Ij+ZyvkBv3CG4+Z+Vu+jkWEqpx9rrjSx2ssgl5PFipwJxl3C6C532pw6JceiR05+edOkEIVftyWdN4ZuWsMiW39ktDwgyr0HpZG0YjIGx4o6yB7Cc/CHco6I7Qz/VOuJPDt0mnFodKiwihqs60Ss1PHwWtSu3FpXsiZJj8HAtnUX2BzS7siHROF9/kCk2TuXzwDc9OdEIU8wlaXFMJMh2L8wmYYNvkjZACD5hVj2gLeMdko44uio9/jnYrL+q5+TLY90jRz+MrwwlcylGOg4LxMOUHaB+eSnz7Dj+Uz5QK5Wjv0tjKXVqpHaJcIHpqGnGQ9V1Jgs6wqhAzu8ztsXgGQHfxp5f0eIlY/0I1zUZe3jAO2kq1WqjDpxwf3aZPvsDoieAGLEleLZdKt5o2Naxw4+hYRH6pRbDrwpOvP4Vwn8uMGOXUxxCBC93+uyUIY17YgZQ2/aWqI=

I understand how to make Grouper authoritative for prefixed values of an
LDAP attribute using the LdapAttributeProvisioner and setting a value
for the grouperIsAuthoritative & allProvisionedAttributePrefix
properties. But how can I do so for _all_ values of an attribute,
without a prefix?

Up to now, we've had isMemberOf populated from the group name, so they
don't all share a common prefix. Introducing a prefix at this stage
would break several applications that are already using the existing
values. I thought I could be clever and put in a string like '*:',
making the resultant LDAP filter be (isMemberOf=*:*). But apparently
later on during the reconciliation, the prefix is made part of a regex,
so the asterisk blows it up.

Is there any way to specify an empty string for the property? If not,
can that be a feature request? If I can get this one issue solved, then
I think I will have a fully functional pspng equivalent of our existing
psp config.


Paul Engle
Office of Information Technology


Archive powered by MHonArc 2.6.19.

Top of Page