Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Grouper


Chronological Thread 
  • From: Greg Haverkamp <>
  • To: Andre Daniels <>
  • Cc: Grouper-Users <>
  • Subject: Re: [grouper-users] Grouper
  • Date: Mon, 28 Jan 2019 09:45:00 -0800
  • Ironport-phdr: 9a23:w8zCQRFumF7LVC7QZ7S2HZ1GYnF86YWxBRYc798ds5kLTJ7zo86wAkXT6L1XgUPTWs2DsrQY07qQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zTZ9MaQXdKUNhXWSJPH4iwa5IDAuoEMetesoLzpUYBrQGmCAajCuPgyD9GiHH106MnzeouDRrL0xY8E98UqnnYsMn5OaUUXOuozKfI1zLDb/ZO1Dn88ojHbB8hquyOU71qb8re11MvFwDfgVWVsYzuIjSY1usXvGib9eVgS/ygi3Qkqw5rpziv3twhio3SiYIR0FzE+iJ5wJgsKNC+VUV1b9mkEJ5KuCGbMYt7WswiQ3tvuCYn0r0Ko5i7czIPyJs5wRPUdv+Jc5CQ7x7+WuudPC10iGxqdb+xnRq+71asx+7mWsS03ltGtjRJnsXIu3wX1BHe6tKLRuZ880qjwzqDygTe5+NCLEspj6TUMYQhzaQ1lpcLsUTMACv2mELuga+YaEop9fKk6+D8bbXivJOcOIh0ih/mPqQvnMywH/g4PxATU2WV5OiwzqPv8EL3TblQkPE6jKrUvIraKMkVvqK5BhVa0ocn6xaxFTem19EYkGEILF1feBKIlZbpNE/UIPD7F/i/hkysnSxvx//dOr3tGJrNLn/dkLv5Z7Zy91ZcyBYvzdBY/59UBasBIPXuWk/pqtPYFAY1MxGvw+n5EtV9zZgTWWaOAq+CLKPSqkWE5uMpI+mQeoAVojD9JOY55/Lwl3M2h0ISfbT6lacQPVm+Eu5ra2mQZ3vhhsxJRW4MshAzZPHhk1bEXDJOMSWcRaU5sx4hBY3uLY7dS5quibmZlHO0F51feG1cCVmJCV/sfYHCVPASPnHBavR9myAJAODyA7Qq0guj4Uqjk+dq

I've got a structure that I think is what you described (other than that I use cn as the branch item, rather than ou, but I don't think that's relevant to the implementation).

I added an additional CN to each group with the full group name:
changeLog.consumer.pspng_app.groupCreationLdifTemplate = dn: ${utils.bushyDn(group.name, "cn", "cn")}||objectClass: groupOfNames||cn: ${group.extension}||cn: ${group.name}||description: ${group.description}

Then my singleGroupSearchFilter can filter on the group name:
changeLog.consumer.pspng_app.singleGroupSearchFilter = (&(objectClass=groupOfNames)(cn=${group.name}))

Greg

On Fri, Jan 25, 2019 at 5:48 PM Andre Daniels <> wrote:
Hello,

I am a not sure how to best configure pspng to provision to an ldap ou that has a folder-like hierarchy and groups with similar names. TheĀ groupSearchBaseDn does not appear to accept a jexl _expression_, so how does one prevent name collision? If I set the baseDn to allGroups, how does the provisioner determine whether a given update is for the allGroups:groupA:admins or allGroups:groupB:admins?

Thanks,
Andre

--
Andre DanielsĀ 
Sr. Developer/Security Analyst
University of California Santa Cruz
(831) 459-1980



Archive powered by MHonArc 2.6.19.

Top of Page