Grouper Users - Open Discussion List

["Waldbieser, Carl" <>]

You need to use:

  ${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}

as tyour Grouper loader LDAP subject expression.

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

----- Original Message -----
From: 

To: 

Sent: Tuesday, July 25, 2017 2:49:39 PM
Subject: [grouper-users] filter results of a grouperLoaderLdap job

I'm putting together a demo of grouper working with my universities ad ldap
and I can't figure out how to create groups with the ldap loader. I have been
trying to adapt the LDAP_SIMPLE example from your page
https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP
with the main differences being the hasMember attribute from the example LDAP
holds only subject IDs whereas the equivalent in our LDAP is member and it
holds dns with a cn of subject id. I have tried several ways, and the script I
have runs successfully but inserts no members, although it should be returning
something like 1500. I am pretty sure the only problem is that it is trying to
match the subjectId from my source in sources.xml (which I know works) to the
dn held in the group ldap that I am filtering. For example subjectId from
sources is 'serie' when subjectId from server is
'CN=serie,OU=userAccounts,DC=ua,DC=ad,DC=alaska,DC=edu'.
I have tried several ways to filter the dn to get a subjectId to no avail.
Even storing the subject dn as the subjectIdentifier, which must have not
worked because of case of the string returned, or the fact that I am
completely misunderstanding something about how this should work. If there
were just some way to output the values this job is actually attempting to
compare , or the server filter is pulling out, I think I'd get it. Here is my
adapted script that runs but inserts no member, any advice would really help:

grouperSession = GrouperSession.startRootSession();
group = new
GroupSave(grouperSession).assignName("students:UafStudents").assignCreateParen
tStemsIfNotExist(true).save();
attributeAssign =
group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdap
AttributeDefName()).getAttributeAssign();
attributeAssign = group.getAttributeDelegate().retrieveAssignment(null,
LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapTypeName(), "LDAP_SIMPLE");
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapFilterName(), "CN=UAF_Students");
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapQuartzCronName(), "0 * * * * ?");
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapSearchDnName(), "OU=Groups");
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapServerIdName(), "personLdap");
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapSourceIdName(), "AD");
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapSearchScopeName(), "SUBTREE_SCOPE");

# my last attempt of many (more than shown) to parse dn before comparing
attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapSubjectAttributeName(),
"${loaderLdapElUtils.convertDnToSpecificValue(member)}");

# original way I was trying that I think would return dn 
#attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.group
erLoaderLdapSubjectAttributeName(), "member");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.groupe
rLoaderLdapSubjectIdTypeName(), "subjectId");
# another failed attempt at parsing dn, I think this would filter it too late
#attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.group
erLoaderLdapSubjectExpressionName(),
"${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}");

loaderRunOneJob(group);