Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Trying to use PSPNG for bushy provisioning to Active Directory. Grouper version 2.3.0

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Trying to use PSPNG for bushy provisioning to Active Directory. Grouper version 2.3.0


Chronological Thread 
  • From: Siju Jacob <>
  • To: " Mailing List" <>
  • Cc: Omer Almatary <>, Nazeer Syed <>, Cyril Phillips <>
  • Subject: [grouper-users] Trying to use PSPNG for bushy provisioning to Active Directory. Grouper version 2.3.0
  • Date: Mon, 13 Aug 2018 22:05:11 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:Jm6I4xTeDhIyrL9Ys7AepEY7mtpsv+yvbD5Q0YIujvd0So/mwa6zYxaN2/xhgRfzUJnB7Loc0qyK6/6mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbJ/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRBDI2icoUPE+QPM+VZr4bhqFQDtgG+CRWwCO711jNEmn370Ksn2OohCwHG2wkgEsoTvnTVrtX1KboZX+Svw6bUyjXMdO5d1DDm6IjKcB0tve+AUKl3ccrQ1UkjDRnFjkiMqYzqITyVzP8Nv3KF4OV9SOKikmgqoBxyrDi33soglJPGip4Ixl3B6Cl13Zs5KNi2SEN0fdKoDJ5dty+EOIZ5Qs4vRmRltSQmxrAEoZK3YTYGxZc9yxPecfCKfYqF7gj+WOqPITp0nHxld6y8ihqu9EWtz+P8W8m13VlWqydInNnBtn4P2hHW68WKSOFy8Vuk1DuPywzc9vtLLEYpnqTBMZEh2KQ/lp8LvETDACD2nEL2gbeOeEg4/eak9/rrbqz4q5CeKoN4kwb+Pb8wlcClBuQ4LxQOUHOc+eSh0r3s4Ff1QK1Qjv0xjqnWrozVJdgapq6+BQ9ZyIEj6wujDzei19QYmnoHIEhZdxKAiojlI1DOIPbmAvejm1mgji1ky+zbMrDkH5nBM2XPnbLvfbty90JQ1A8+zd5B6J9bCrwMJff+V03tuNHaFhM5Nha7w+fjCNVzzIMeXmePD7eCMKPQs1KE+vwjLvKLZI8UpDbxMeIl5+PyjX82h1AdZ7Kp0YEJZ3+lA/RqO1+Zbmb0gtcdDWcKuRIzTOPwiF2FTD5Tf2i9X7gl6jEmE4KpE53DRpu2jbyF3Se7BYFWZntYBlyWEHfocZmEVOkWaCKUPMBhjiIIWaK/RIA8yBH9/DP9nvBoNO3J4iAC8I/42cJuz+zViRwo8zFoVYKQ33zFamh1mmIOSHcS3btj6wQpxU2EzLB1mblFDtFJ/NtIVBs3L5jR07Y8BtzvDFHvZNCMHW2nQMjuIzg6Sdh5l8QMPB4nM9KjklbZwjalDqUO0bGHGcpnoernw3HtKpMlmD793647ggxjG5MXbzf0j7Nj9wXVG4/CmlmYkKDvb6kHwSrR7znfn3GWshReVwh9GeXeUHYTa1GejOyx51iKDtrMQa8iLhMHzMeDLqVQbdi8llcZHK3LP9XCJXish2i9Hw3Oy7+RP8Ln
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi Team,

     We are using grouper 2.3.0. I am trying to do bushy provisioning of all the groups in grouper stem ds:rad:orgs to active directory.

 

One of the example group with in the ds:rad:orgs stem is as below

 

Root à ds:rad:orgs:10056:10059:ru-FASN - Biological Sciences_Faculty

 

Folder in Active directory to provision all the groups is OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

 

Expected hierarchy in active directory is 

CN=ru-FASN - Biological Sciences_Faculty,OU=10059,OU=10056,OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

Somehow its provisioning to active directory as below

 

CN=ru-FASN - Biological Sciences_Faculty,

OU=10059,OU=10056,OU=orgs,OU=rad,OU=ds,OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

How could I avoid the OU=orgs,OU=rad,OU=ds from the dn name while being provisioned to active directory and achieve the

below name as dn. Basiaclly how could I avaoid the owner folder name value from dn

CN=ru-FASN - Biological Sciences_Faculty,OU=10059,OU=10056,OU=orgs,OU=Groups,DC=rad,DC=rutgers,DC=edu

 

Below is my grouper loader.properties entry

 

####################################                                                                                              

## PSPNG                                                                                                                           

####################################                                                                                              

# Active Directory Changelog Consumer -- Group Provisioner

changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_activedirectory.ldapPoolName = rutgers

changeLog.consumer.pspng_activedirectory.memberAttributeName = member

changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_activedirectory.groupAttributeName = memberOf

changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Orgs,OU=Groups,DC=TestRad,DC=Rutgers,DC=Edu

changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group

changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${grouperUtil.extensionFromName(name)}))

changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: ${utils.bushyDn(group.name,"cn","ou")}||cn: ${grouperUtil.extensionFromName(name)}||objectclass: group

changeLog.consumer.pspng_activedirectory.userSearchBaseDn = OU=people,DC=TestRad,DC=rutgers,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id}

changeLog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,distinguishedName,uid,uidNumber,mail,samAccountName,objectclass,employeeID

changeLog.consumer.pspng_activedirectory.isActiveDirectory = true

# Active Directory Changelog Consumer -- User Attribute Provisioner

changeLog.consumer.pspng_attributes.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_attributes.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner

changeLog.consumer.pspng_attributes.quartzCron = 0 * * * * ?

changeLog.consumer.pspng_attributes.retryOnError = true

changeLog.consumer.pspng_attributes.ldapPoolName = rutgers

changeLog.consumer.pspng_attributes.provisionedAttributeName = memberOf

changeLog.consumer.pspng_attributes.provisionedAttributeValueFormat = ${grouperUtil.extensionFromName(name)}

changeLog.consumer.pspng_attributes.userSearchBaseDn = OU=people,DC=TestRad,DC=rutgers,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id}

changeLog.consumer.pspng_attributes.userSearchAttributes = dn,cn,distinguishedName,uid,uidNumber,mail,samAccountName,objectclass,employeeID

changeLog.consumer.pspng_attributes.isActiveDirectory = true

 

 

Below is my provision to attribute definition

 

 

     Any advice or guidance will be of great help and would be greatly appreciated..!

 

Thanks,

Siju Jacob

 

 

 




Archive powered by MHonArc 2.6.19.

Top of Page