Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: GrouperJndiSourceAdapter questions...

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: GrouperJndiSourceAdapter questions...


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: "Black, Carey M." <>, "" <>
  • Subject: [grouper-users] RE: GrouperJndiSourceAdapter questions...
  • Date: Wed, 5 Apr 2017 13:00:26 +0000
  • Accept-language: en-US
  • Authentication-results: osu.edu; dkim=none (message not signed) header.d=none;osu.edu; dmarc=none action=none header.from=isc.upenn.edu;
  • Ironport-phdr: 9a23:UaIlPx+83eW7Xf9uRHKM819IXTAuvvDOBiVQ1KB+0+4XIJqq85mqBkHD//Il1AaPBtSFraoewLeI+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFJiTanfb9+Mhq6oAXQu8ILnYZsN6E9xwfTrHBVYepW32RoJVySnxb4+Mi9+YNo/jpTtfw86cNOSL32cKskQ7NWCjQmKH0169bwtRbfVwuP52ATXXsQnxFVHgXK9hD6XpP2sivnqupw3TSRMMPqQbwoXzmp8rxmQwH0higZKzE58XnXis1ug6JdvBKhvAF0z4rNbI2IKPZyYqbRcNUHTmRDQ8lRTTRMDIOiYYUSE+oPM+VWr4f/qFsPsRSxChKhC/nzxjNUnHL6wbE23/onHArb3AIgBdUOsHHModn7NqkTUeG0w7fSzTnbcvhbxzf96JLJchA6r/2HQLV9cc/NxkkvFwLEj0ufqZb+MjOUzeQCr3KX7/d4Ve2xjW4nrRt9rSayyccxk4TEgJ8exF7D9SV82ok1JNu4RVZ6Yd6iDJtfqTuaN41oTcM+XW1kojg1xaAbuZKjcygKyYgnxx7Ca/OcaYSH/hXjVOOXLDxlh3xlYKqyiwio/kS81+HxU9S43EtXoidAnNnBuWwB2wDW58WFVPRw8USs1DOK2gzN9u1IP1g4mbfVJpI92LI9kocfvV7dEiPrnEj6lrKae0cl9+Wu9u/peK/ppoWGOI9xkgz+Mrohmsi4AekgKgYDQ2+V9fiy2bH640D3WahGguQxkqbCrp/WP8MbprOlAwBO1YYj9hC/ACq83NQAh3kHK05FdwybgIj1OlHOJ/b4Ae24g1SxjDdrw/fGPrriApnXMnfDl7Lhca58605a1gUz0chS64xOBb0dPf7+X1L9uMHFAhI8PQy5zPrrBMl4244cR22CDayUPabXvFOW+u4jPfGAZIoPtzb8L/gl6eTujXg8mVIFeKmmwZsXaXC5H/t4OUWUenvsgswdHmsQowo+VPLliFuEUTJJeXm9Qr886ikhCI26FYfDWpytgLuZ0Se0BJ1WYX1GCkiSHnfybomERuwMZzyIIs96iTEEUbmhS5Q91RG1qgP20btnLuzI+iIGr5Lj0sZ65/HNmR0o6zN7EtmdgCmxSDQ+tGcBTDxylIt2u0FsgnLFm+AsifhRHt8VvqkSegAhKNjRw/EsT5i4VRjGY8+EUhO7Wdi8GhkwSM482dkDfxw7Ftm/xFiX0DCtHqcYjfmWH5Eu6Yrd2WT8PcBw1yyA2aU82QoIWMxKYCeGl7xy7UybLI7Tkl7T3/KvfqQNziPX3GaYxiyTpExeVkh9XbiTDiNXXVffsdmsvhCKdLSpE7lyd1IZkcM=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

I opened this jira:

 

https://bugs.internet2.edu/jira/browse/GRP-1510

 

Are you a java programmer?  Can you give me two methods that take a string and return a string, one that formats the subject id when reading from ldap, and one that formats a search string for querying LDAP.

 

Note, I think this might not work as you want… i.e. when doing a search, it might not find subjectId since it will only format the filters when looking by subjectId but not during searches…  but I can add that if you like…

 

Thanks

Chris

 

From: Black, Carey M. [mailto:]
Sent: Tuesday, April 04, 2017 6:57 PM
To: Hyzer, Chris <>;
Subject: RE: GrouperJndiSourceAdapter questions...

 

Chris,

 

>> Does this adapter support using Base64 encoded attributes as the SubjectID attribute?

> 

> I don’t think that is currently possible, if you need it please open a descriptive jira about it.  I assume that when searching the ID will need to be encoded before running the filter?

 

It is actually more “odd” than that… but yes, the value needs decoded  (from Base64) before it is stored then “encoded” before the search can work.

                If you take the value in HEX then escape all of the digits then the ldap filter works.

 

                Example: (HEX form of the value)  4e99cb365b5dfc4998b74e99cb365b5d

                                  (valid filter )   (attribute=\4e\99\cb\36\5b\5d\fc\49\98\b7\4e\99\cb\36\5b\5d)

 

 

My motivation is to use a “system generated” value that I have never seen the LDAP system allow to have a duplicate. All other values are “mostly unique”, but I suspect that the system generated attribute that is stored in this “odd way” is system protected from being “non-unique” and is a very opaque value too. J

 

The only issue is that grouper does not appear read to deal with this type of data from an LDAP source. L

 

 

 

 

 

RE: setting email value

 

I already have this in my config. (But it is not working) Any other ideas of what I might be doing wrong?

<init-param>

       <param-name>emailAttributeName</param-name>

       <param-value>mail</param-value>

</init-param>

 

The LDAP source has a value for the attribute “mail” that is an email address. (example: )

 

When I use the Subject API diagnostics page I see this in the output for my Subject ID:

Subject attribute 'mail' has 1 value: ''

  - with subject.getAttributeValue("mail")

 

REF: https://github.com/Internet2/grouper/blob/master/subject/conf/ldap.sources.xml.example

 

I do not see a sample for “emailAttributeName” and the format looks more like “Name_AttributeType”…..

 

REF: https://github.com/Internet2/grouper/blob/GROUPER_2_3_0-branch/subject/tests/edu/internet2/middleware/subject/provider/JNDISourceAdapterTest.java

                Only test for “SubjectID_AttributeType”, “Name_AttributeType” and “Description_AttributeTyp”.

                No email attribute looking value.

 

Is this just a “miss” in this API? (Or am I not seeing something?)

 

--

Carey Matthew

 

From: Hyzer, Chris []
Sent: Tuesday, April 4, 2017 3:17 PM
To: Black, Carey M. <>;
Subject: RE: GrouperJndiSourceAdapter questions...

 

> Does this adapter support using Base64 encoded attributes as the SubjectID attribute?

 

I don’t think that is currently possible, if you need it please open a descriptive jira about it.  I assume that when searching the ID will need to be encoded before running the filter?

 

> How do I map an attribute from this SourceAdaptor to the email value for the subject?

 

Just make an attribute, e.g. “emailAddress”, and then set this:

 

     <!-- If using emails and need email addresses in sources, set which attribute has the email address in this source -->

     <init-param>

       <param-name>emailAttributeName</param-name>

       <param-value>emailAddress</param-value>

     </init-param>

 

Thanks

Chris

 

From: [] On Behalf Of Black, Carey M.
Sent: Tuesday, April 04, 2017 2:26 AM
To:
Subject: [grouper-users] GrouperJndiSourceAdapter questions...

 

Hello,

 

First a bit about how I am currently configuring this subject API. ( in case it matters.)

  I am altering the sources.xml file.

 

 

Does this adapter support using Base64 encoded attributes as the SubjectID attribute?

                I am trying to tie to our IDM system and would like to use an operational attribute that is base64 encoded as the Subject ID for this data set.

                However, the system does not appear to “automatically know” that it needs to decode the value being returned from our ldap server.

                Is there a way to “give it a clue” so that it will do that for the attribute?

                If in include the attribute in the list of “attribute” to display when doing a search I see

 

How do I map an attribute from this SourceAdaptor to the email value for the subject? (or is intended to be dealt with some other way than the subject API?

                I was expecting something like, but I am not finding it in any of the docs.

<init-param>

       <param-name>Mail_AttributeType</param-name>

       <param-value>mail</param-value>

     </init-param>

 

--

Carey Matthew

 




Archive powered by MHonArc 2.6.19.

Top of Page