Grouper Users - Open Discussion List

[Siju Jacob <>]

Hi Team,

     We are using grouper 2.3.0. I am trying to do bushy provisioning of all the groups in grouper stem ds:rad:orgs to active directory.

 

One of the example group with in the ds:rad:orgs stem is as below

 

Root à ds:rad:orgs:10056:10059:ru-FASN - Biological Sciences_Faculty

 

Folder in Active directory to provision all the groups is OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

 

Expected hierarchy in active directory is 

CN=ru-FASN - Biological Sciences_Faculty,OU=10059,OU=10056,OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

Somehow its provisioning to active directory as below

 

CN=ru-FASN - Biological Sciences_Faculty,

OU=10059,OU=10056,OU=orgs,OU=rad,OU=ds,OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

How could I avoid the OU=orgs,OU=rad,OU=ds from the dn name while being provisioned to active directory and achieve the

below name as dn. Basiaclly how could I avaoid the owner folder name value from dn

CN=ru-FASN - Biological Sciences_Faculty,OU=10059,OU=10056,OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

Below is my grouper loader.properties entry

 

####################################                                                                                              

## PSPNG                                                                                                                           

####################################                                                                                              

# Active Directory Changelog Consumer -- Group Provisioner

changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_activedirectory.ldapPoolName = rutgers

changeLog.consumer.pspng_activedirectory.memberAttributeName = member

changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_activedirectory.groupAttributeName = memberOf

changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Orgs,OU=Groups,DC=TestRad,DC=Rutgers,DC=Edu

changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group

changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${grouperUtil.extensionFromName(name)}))

changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: ${utils.bushyDn(group.name,"cn","ou")}||cn: ${grouperUtil.extensionFromName(name)}||objectclass: group

changeLog.consumer.pspng_activedirectory.userSearchBaseDn = OU=people,DC=TestRad,DC=rutgers,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id}

changeLog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,distinguishedName,uid,uidNumber,mail,samAccountName,objectclass,employeeID

changeLog.consumer.pspng_activedirectory.isActiveDirectory = true

# Active Directory Changelog Consumer -- User Attribute Provisioner

changeLog.consumer.pspng_attributes.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_attributes.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner

changeLog.consumer.pspng_attributes.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_attributes.retryOnError = true

changeLog.consumer.pspng_attributes.ldapPoolName = rutgers

changeLog.consumer.pspng_attributes.provisionedAttributeName = memberOf

changeLog.consumer.pspng_attributes.provisionedAttributeValueFormat = ${grouperUtil.extensionFromName(name)}

changeLog.consumer.pspng_attributes.userSearchBaseDn = OU=people,DC=TestRad,DC=rutgers,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id}

changeLog.consumer.pspng_attributes.userSearchAttributes = dn,cn,distinguishedName,uid,uidNumber,mail,samAccountName,objectclass,employeeID

changeLog.consumer.pspng_attributes.isActiveDirectory = true

 

 

Below is my provision to attribute definition

 

 

     Any advice or guidance will be of great help and would be greatly appreciated..!

 

Thanks,

Siju Jacob