Skip to Content.
Sympa Menu

grouper-users - [grouper-users] using AD extended schema attribute for anchor

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] using AD extended schema attribute for anchor


Chronological Thread 
  • From: "Guenther, Dean R." <>
  • To: "" <>
  • Subject: [grouper-users] using AD extended schema attribute for anchor
  • Date: Tue, 12 Jun 2018 18:10:27 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:+dOxqhwSVhIK6cnXCy+O+j09IxM/srCxBDY+r6Qd2ugUIJqq85mqBkHD//Il1AaPAd2Graocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HTbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRHolikJKiI5/m/UhMN+jaJUvB2uqgdlzILIZYGYLuZyc7nfcN4cWGFPXtxRVytEAo6kYYcBDvcBMvher4nhp1sBswG+CRGxD+3h1DBHnHn21rAm3eg7Hw3NwQstH90TsHvKqtX1KKcSXv6vzKTTwzTDdO5W1S3j54fVbxAsuPeBVq9zf8rJ0UQjCRnKgkmNpYHgIj+Zy/kBvm2V7+dvSe6jl2sqqw9vrTWv28shj4zEi4MJxlza7Sl0wYI4KcelREN6YNOoCpRduiCAO4drTM4uX3lkuCgkxbAFpZK2eS0HxZslyhPfbvGKc4yF7xL+W+uULzp1gG9qd6i6ihuz7UStxOLxW8+p21hQtCVFiMPDtnUV2hzT9MeHTvx981+51zuT0A7f9uFJLVk6m6TcJZMt27kwmYENvkjZGS/2hVn2g7SRdkU5/Oin9v7rYq38pp+bK497lB3xMrgvmsy4B+Q0KA8OX3WH+eS4073j+k75TK9Wgf0xl6nVqJHaJcIFqa6lGwJZzJws5wqiAzqjzdgUgGQLIVdLeB+Ik4TlJ1TDIP7mAvq/nlihlTJmyvHaMrH/GpnNK2LMkLblfbZz8U5czw8zwMhQ55JJFL4BJu7zWk/vu9zCFRI4PRe0w/v9BNpjy4weRHqDArWFP6PKrV+I+uUvLvGDZI8Pvzb9NuAl6OD0jXMghF8dZrem3YEMaH2jGvRmIl6ZYWb3gtsfC2sKvww+TPD0h12YVz5ceWqyU7wm6j4lFY2mENSLeof4yrOb2zqjE4cTe3tLEEukEHH0ep+CVutWLi+eP4UpxjMeUqW5RpVkyAqjrhTSyrx7I/DS9zFC85/vyY4myffUkER42iF5Cdid3nvJB015l2VAfXl8lPRwvEF71leOy4BnmOEeGNBOsaAaGjwmPILRmrQpQ+v5XRjMK4+E
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

I have an Active Directory extended schema attribute wsuExternalSystemID which contains a unique ID for each person. Its similar to what you might find in employeeID. This attribute is a confidential attribute, and I have granted my ldap.pspng_activedirectory.user to have full access to this extended AD attribute. For my Grouper groups I build them with the SQL query

 

            select wsuExternalSystemID as subject_id from oraclepersonregistry where employeerole like ā€˜%Hourly%ā€™

 

and this successfully builds my group in Grouper. And each person it finds has the Unique ID with their wsuExternalSystemID as Iā€™d expect.

 

My question is, am I going to have any problem with using PSPNG to build a group in AD when the users are being referenced by an extended schema AD attribute? These are my userSearch values:

 

changelog.consumer.pspng_activedirectory.userSearchBaseDn = ou=people,dc=testingAD,dc=wsu,dc=edu

changelog.consumer.pspng_activedirectory.userSearchFilter = wsuExternalSystemID=${subject.id}

changelog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,wsuexternalsystemid,userprincipalname,objectclass

 

 

 

 

Dean Guenther                          
Washington State University    Phone:    509 335-0433
Pullman, WA. 99164-1222        fax:      509 335-0540
Identity and Access Management Manager

 




Archive powered by MHonArc 2.6.19.

Top of Page