Grouper Users - Open Discussion List

[Ryan Rumbaugh <>]

Not sure if I can attach images to this listserv or not, but I added a screenshot to Box here: https://nebraska.box.com/s/dt2q5atb0icxhtrboo1ffp61vcthae4c

 

Here are the configs for each:

 

changeLog.consumer.pspng_ad_lincoln.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_ad_lincoln.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_ad_lincoln.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_ad_lincoln.ldapPoolName = ad_lincoln

changeLog.consumer.pspng_ad_lincoln.isActiveDirectory = true

changeLog.consumer.pspng_ad_lincoln.memberAttributeName = member

changeLog.consumer.pspng_ad_lincoln.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_ad_lincoln.groupSearchBaseDn = OU=Grouper-ES,DC=adtest,DC=unl,DC=edu

changeLog.consumer.pspng_ad_lincoln.allGroupsSearchFilter = objectclass=group

changeLog.consumer.pspng_ad_lincoln.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name}))

changeLog.consumer.pspng_ad_lincoln.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group

changeLog.consumer.pspng_ad_lincoln.userSearchBaseDn = OU=people,DC=adtest,DC=unl,DC=edu

changeLog.consumer.pspng_ad_lincoln.userSearchFilter = unlUNCWID=${subject.id}

changeLog.consumer.pspng_ad_lincoln.userSearchAttributes = dn,cn,mail,sAMAccountName,objectclass,unlUNCWID

changeLog.consumer.pspng_ad_lincoln.grouperIsAuthoritative = true

 

 

changeLog.consumer.pspng_ad_nebraska.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_ad_nebraska.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_ad_nebraska.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_ad_nebraska.ldapPoolName = ad_nebraska

changeLog.consumer.pspng_ad_nebraska.isActiveDirectory = true

changeLog.consumer.pspng_ad_nebraska.memberAttributeName = member

changeLog.consumer.pspng_ad_nebraska.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_ad_nebraska.groupSearchBaseDn = OU=Grouper,DC=neadtest,DC=nebraska,DC=edu

changeLog.consumer.pspng_ad_nebraska.allGroupsSearchFilter = objectClass=group

changeLog.consumer.pspng_ad_nebraska.singleGroupSearchFilter = (&(objectClass=group)(cn=${group.name}))

changeLog.consumer.pspng_ad_nebraska.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectClass: group

changeLog.consumer.pspng_ad_nebraska.groupCreationBaseDn = OU=Grouper,DC=neadtest,DC=nebraska,DC=edu

changeLog.consumer.pspng_ad_nebraska.userSearchBaseDn = OU=People,DC=neadtest,DC=nebraska,DC=edu

changeLog.consumer.pspng_ad_nebraska.userSearchFilter = sAMAccountName=${subject.id}

changeLog.consumer.pspng_ad_nebraska.grouperIsAuthoritative = true

 

Thanks for your assistance!

 

--

Ryan Rumbaugh

Identity Management Specialist

Cybersecurity & Identity |ITS|

501 123.1, 68588-0203

University of Nebraska |nebraska.edu

Kearney|Lincoln|Omaha

402-472-0831 (o)

 

From: Bee-Lindgren, Bert <>
Sent: Thursday, July 26, 2018 3:42 PM
To: Ryan Rumbaugh <>;
Subject: Re: One group - multiple provisioners

 

Ryan,

 

Multiple provision_to assignments, indeed, mark a group/folder to be provisioned by the multiple pspng provisioners. As you noticed, pspng uses multi-assign, single-valued attributes for this.

 

Can you share the provisioner-config parts of grouper-loader.properties as well as gsh input for the attribute-setting or a gui view of the multiple assignments?

 

---

From: <> on behalf of Ryan Rumbaugh <>
Sent: Thursday, July 26, 2018 4:03 PM
To:
Subject: [grouper-users] One group - multiple provisioners

 

Hi all!

 

We have about five downstream pspng provisioners configured in our environment and the question came up about whether or not we could provision one Grouper group to multiple directories. Does anyone know if there is a method to do so?

 

We have experimented with setting multiple “provision_to” attributes with different configured grouper-loader.properties pspng assignment values, but that doesn’t seem to work. Additionally, we tried to set multiple assignment values, but received the following exception:

 

Error: Cannot add multiple values to a single valued attribute: AttributeDefName[name=etc:pspng:provision_to,uuid=fa0342415de04e52a87eddd913d049a4], Problem calling method assignAddValueSubmit on edu.internet2.middleware.grouper.grouperUi.serviceLogic.SimpleAttributeUpdate

 

Thanks!

--

Ryan Rumbaugh

Identity Management Specialist

Cybersecurity & Identity |ITS|

501 123.1, 68588-0203

University of Nebraska |nebraska.edu

Kearney|Lincoln|Omaha

402-472-0831 (o)