Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Making PSPNG authoritative for all values of an attribute

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Making PSPNG authoritative for all values of an attribute

Chronological Thread 
  • From: Paul Engle <>
  • To: "Bee-Lindgren, Bert" <>, "" <>
  • Subject: Re: [grouper-users] Making PSPNG authoritative for all values of an attribute
  • Date: Wed, 8 Mar 2017 11:45:53 -0600
  • Ironport-phdr: 9a23:fCilBR/NLSW+/v9uRHKM819IXTAuvvDOBiVQ1KB31uocTK2v8tzYMVDF4r011RmSDNidt64P0rKM+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFIiTanbr5/Ixq6oRjNusUInIBvNrs/xhzVr3VSZu9Y33loJVWdnxb94se/4ptu+DlOtvwi6sBNT7z0c7w3QrJEAjsmNXs15NDwuhnYUQSP/HocXX4InRdOHgPI8Qv1Xpb1siv9q+p9xCyXNtD4QLwoRTiv6bpgRQT2gykbKTE27GDXitRxjK1FphKhuwd/yJPQbI2MKfZyYr/RcdYcSGFcXMheSjZBD5uhYYURAeoPPeVWoYfzqFQBrxSxGQaiCfjzyjJKnHL6wbE23uohHAzAwQcuH8gOsHPRrNjtLqkdS/21zK3VxjvMafNW1jP955bVeR0mufGDQ7RwccXVyUYxDA7FlFSQppD7MD+PyOsCrnWb4vNmWOmyiGAnsxl8riWxysovkIXEiZwZxkra+Sll3Yo5P8C0RFJnbdK8DZdcqSKXO5F5T888WW1kpjo2xqActZKlYSQHzoksyQTFZPydaYeI5wruVOaPLjd8g3JoYKq/hw6v/US60O38V9W730hQoiVbj9bMq2gB1x3V6seZVvtw5lqt1SiM2gzJ5exIP1o4mbTHJ5I82LI8i4YfvVjbEi/zgkr2jauWdks++uiv7uTqeq3mqYGaN497jgHxLL8jmta+AeskLAcCRXaU9vmh1LH75032XK1KjuEqkqneqJ3aKt4bpqmkAw9NzIkj8Q+zDyq90NsGh3kHN0lIeBaGj4jyJ1HOO+70Ae2+g1SqjDdk2erGPrv/DZXRMHTPiqnucqtg6x0U9A1mh/pS6tdwC7cNL+j+XAu5ntHCElVxZwa52fqhAthwk4cfX26AGKKfGKTTrRmH7/4iKOnKaYMI7nK1Yfc/4OP2gGV8hEQQZ7KB3J0LZWq+E+g8ZUiVfDCk1tgbFnoSsxB7UffnkkaqUDhPamy0Ur5moDw3FdT1I53EQ9WViaGFlAq9EZlbLjReB1aDFXrAbYSPVrEBZD/EcZwpqSANSbX0E9xp7hqprgKvjuM/duc=

Thanks, Bert!


On 3/8/2017 10:38 AM, Bee-Lindgren, Bert wrote:
> Paul,
> Thanks for the documentation fix. I've created GRP-1495 <http://GRP-1495
> - PSPNG - Attribute Provisioning - Full control of destination
> attribute> to capture this request and will update that ticket as I
> address it with a patch.
> --Bert
> ------------------------------------------------------------------------
> *From:*
> <>
> on behalf of Paul Engle
> <>
> *Sent:* Thursday, February 23, 2017 10:39 AM
> *To:*
> *Subject:* Re: [grouper-users] Making PSPNG authoritative for all values
> of an attribute
> Slight correction to this. The property is actually
> allProvisionedValuesPrefix for the attribute provisioner. I fixed it in
> the wiki.
> Thinking about this some more, I can understand the logic of wanting to
> require a prefix when the authoritative switch is thrown to keep it from
> blowing away values from other sources. But does it seem reasonable to
> have a new boolean property, provisionedValuesPrefixIsNull or somesuch
> to trigger the case when there really should be an empty prefix? That
> would prevent an admin from accidentally turning on the authoritative
> behavior and not specifying a prefix explicitly. Either the prefix
> property contains a string or the isNull property is true. Does that
> make sense?
> -paul
> On 2/20/2017 11:16 AM, Paul Engle wrote:
>> I understand how to make Grouper authoritative for prefixed values of an
>> LDAP attribute using the LdapAttributeProvisioner and setting a value
>> for the grouperIsAuthoritative & allProvisionedAttributePrefix
>> properties. But how can I do so for _all_ values of an attribute,
>> without a prefix?
>> Up to now, we've had isMemberOf populated from the group name, so they
>> don't all share a common prefix. Introducing a prefix at this stage
>> would break several applications that are already using the existing
>> values. I thought I could be clever and put in a string like '*:',
>> making the resultant LDAP filter be (isMemberOf=*:*). But apparently
>> later on during the reconciliation, the prefix is made part of a regex,
>> so the asterisk blows it up.
>> Is there any way to specify an empty string for the property? If not,
>> can that be a feature request? If I can get this one issue solved, then
>> I think I will have a fully functional pspng equivalent of our existing
>> psp config.
>> -paul
> --
> Paul Engle
> Office of Information Technology
> 713-348-4702

Paul Engle
Office of Information Technology


Archive powered by MHonArc 2.6.19.

Top of Page