Skip to Content.
Sympa Menu

grouper-users - [grouper-users] More PSP-NG: custom user attributes in userSearchFilter

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] More PSP-NG: custom user attributes in userSearchFilter


Chronological Thread 
  • From: "Coleman, Erik C" <>
  • To: "" <>
  • Subject: [grouper-users] More PSP-NG: custom user attributes in userSearchFilter
  • Date: Mon, 4 Jun 2018 20:44:23 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:WXQRbRAdIyNu1jN3EEDDUyQJP3N1i/DPJgcQr6AfoPdwSPT7pcbcNUDSrc9gkEXOFd2Cra4c1qyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhDexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoJNyA3/nzLisJ+j6xboQ6uqBNkzoHOfI2ZKOBzcr/Bcd8EQ2dKQ8ZfVzZGAoO5d4YDAfQMPeFcr4bjolsBtx2+CRGxD+3g0D9Ih3z21rAk3ugvDArL2xIvEM4Sv3nPrdX1MKMSUeGzzKnPzDXDdOla1ing54jVax0sp+yHU7FoccfJ1EUiEx3Jgk+NpYHnJT+Y1foBv3Ka4udkTe6jlmoqpx9rrjSyxMogkIfEipwPxlzZ6yl12Ig1KsO7RUJnZNOpFZ9duiWEOIZzQ84tXnpntSI/x7IcpZG2fzYFxZE5yBHDdfCKfY6F6Q/5WumLOzd3nndldaq/hxms9UigzfXxVsiw0FZOrypFlN7MtnEW1xDJ9MeIV+Z98l+g2TaJyQ/T9vlJLV0wmKbFMZIt37w9moAQvEjdBCP7mUH7gLeTdko+++io7+rnYq/hpp+ZL4J7lB3xPbg1l8y+BeQ4NgkOX26c+eS9z73v51P2T6hXjvEuiKnWrIjaJdgHpq6+GwJV3Zwj6xGiDze+ztsYh2ALLE9eeB2ZlYjpIErDIPT5Dfekn1Ssiylny+rHPr3nHpXCMGLDkLH/crZh9UJQ0hQ8ws1C58EcNrZUav3pXVLpucadEwQ0KRecwuD7Bc97259EH2+DH+XRZKzItkKQ6/hqPvKBfpQ9uTDhJuIj6uK0y3I1hAlOU7Ou2M5dQ3e8E/FvJQHRTGDtgZ8qWy9eswE1ZO3ujFyEVj9IIXu+QvRvtXkAFIu6ANKbFciWi7ub0XLjEw==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hello,

 

As a follow-up to my two subject sources scenario, I’m having trouble with custom subject attributes. I now have PSP-NG turned on, and it successfully syncs groups that are set with the provision_to attribute, but when it comes time to add members, I’m getting this error in the logs:

 

grouper-api;grouper_error.log;2018-06-04 19:36:59,091: [uofi_urbana-FullSync-Thread] ERROR Provisioner.evaluateJexlExpression(556) - - Jexl _expression_ samAccountName=${subject.getAttributeValue("samAccountName")} could not be evaluated for subject ''650000001'/'person'/'uofinetid'/null' and group 'null/null' which used variableMap '{userSearchBaseDn=ou=people,dc=ad,dc=uillinois,dc=edu, provisionerType=LdapGroupProvisioner, groupCreationBaseDn=ou=AuthMan,ou=CITES-Services,ou=CITES,ou=Urbana,dc=ad,dc=uillinois,dc=edu, utils=edu.internet2.middleware.grouper.pspng.PspJexlUtils@4f7f3b36, subject='650000001'/'person'/'uofinetid', provisionerName=uofi_urbana, groupSearchBaseDn=ou=AuthMan,ou=CITES-Services,ou=CITES,ou=Urbana,dc=ad,dc=uillinois,dc=edu}'

 

Here’s what I have set in grouper-loader.properties:

 

changeLog.consumer.uofi_urbana.userSearchFilter = samAccountName=${subject.getAttributeValue("samAccountName")}

 

This used to work in our older “pre-TIER” test environment. I’ve considered alternatives:

 

samAccountName=${subject.id}  -- won’t work because we specify subject id using our own uiucEduUIN attribute as specified in the subject.properties.

 

uiucEduUIN=${subject.id} – won’t work because one of my subject sources doesn’t use uiucEduUIN for subject id, it uses samAccountName.

 

Switching to use samAccountName for subject id won’t work, because we have too many people changing netids quite often.

 

A look at my personal subject record in Grouper appears to have everything it’s trying to evaluate:

 

Unique ID:

650000001

 

Name:

Coleman, Erik C

 

Description:

Coleman, Erik C

 

uiuceduuin:        650000001

dn:        CN=ecc,ou=People,dc=ad,dc=uillinois,dc=edu

displayname:     Coleman, Erik C

department:      Technology Services

distinguishedname:              CN=ecc,OU=People,DC=ad,DC=uillinois,DC=edu

samaccountname:          ecc

Member ID:       6fe2e751a0e14e41b896ee6cb8e23e02

Source ID:          uofinetid

Source name:    UOFI AD People

 

Why is the JEXL _expression_ getting an error? What’s the right JEXL syntax for referencing a “custom” attribute in a subject?

 

Thanks!

 

Erik Coleman

University of Illinois at Urbana-Champaign

 

 


Archive powered by MHonArc 2.6.19.

Top of Page