Grouper Users - Open Discussion List

[Drew Zebrowski <>]

We are working on a way to provision posixAccount objectclass attributes for users and are looking at using Grouper to see if we can do this. I am new to Grouper and don’t have much experience with using the PSPNG component.

 

Here is our end-goal: Provision out the following attributes to an LDAP Person Entry.

 

-          Generate objectclass: posixAccount

-          Generate uidNumber: <Random Number>

-          Generate gidNumber: <Random Number>

 

In grouper-loader.properties, I tried the following which defines multiple attribute/value pairs. It doesn’t appear as though Grouper handles this since the LDAP returns an ObjectClass Violation.

 

# User gidNumber Provisioning

changeLog.consumer.pspng_secsds_gidNumber.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_secsds_gidNumber.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner

changeLog.consumer.pspng_secsds_gidNumber.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_secsds_gidNumber.retryOnError = true

changeLog.consumer.pspng_secsds_gidNumber.ldapPoolName = secsds

changeLog.consumer.pspng_secsds_gidNumber.provisionedAttributeName = objectclass

changeLog.consumer.pspng_secsds_gidNumber.provisionedAttributeValueFormat = posixAccount

changeLog.consumer.pspng_secsds_gidNumber.provisionedAttributeName = gidNumber

changeLog.consumer.pspng_secsds_gidNumber.provisionedAttributeValueFormat = ${new(java.util.Random).nextInt()}

changeLog.consumer.pspng_secsds_gidNumber.provisionedAttributeName = uidNumber

changeLog.consumer.pspng_secsds_gidNumber.provisionedAttributeValueFormat = ${new(java.util.Random).nextInt()}

changeLog.consumer.pspng_secsds_gidNumber.userSearchBaseDn = cn=users,o=tjuh

changeLog.consumer.pspng_secsds_gidNumber.userSearchFilter = uid=${subject.id}

 

 

Is this a supported function of the loader? Can it provision objectclasses along with the required attributes through the attribute provisioner or is this not designed to work that way? Has anyone done this sort of thing and is willing to share their experience? Thanks.

 

Drew Zebrowski

Thomas Jefferson University

 

The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters.