grouper-users - Re: [grouper-users] Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: "Bee-Lindgren, Bert" <>
- To: "" <>
- Cc: "" <>
- Subject: Re: [grouper-users] Grouper
- Date: Mon, 28 Jan 2019 19:30:09 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:2q0kRRffJAxZ3npRbXap21WWlGMj4u6mDksu8pMizoh2WeGdxcWzZx7h7PlgxGXEQZ/co6odzbaO4+a4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahYr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM38H/ZhNFsjKxVoxyhqR5ww4/Ib46aL/dxZL/RfdYASGZdQspcVSpMCZ68YYsVCOoBOP5Vo4fgqlQQsxSyHA+iBOLpyjBViX/2x7M10+I5HQrbwQEvAcgOsGjaoN7oM6odSv66zLPUzTnZdPxZxyny5JHMchAgp/GDQL1wcdDPxkkpDA7FiVSQqZD/MzOazOsNr3aU4PZgVe61lWEothxxryGpy8wxiYfJnpoYx1/Y+Slj3Yo5Od+1RFR6bNOnCpdcqj+WOo9uTs88QmxkpCQ3x7gIuZGgeCUG1JEqyhzCZPOcboSF5w/vWeiPLThmgX9qZrKyihep/kWlxO3xVse03VJPoydLk9TMuHAA2hnI5cWGRfZx4l+t2TiR2A3Q9u1JJEU5laTHJJE/2LE9k5kevEXHEyDsnUj7jq+belgq+uWt6enoeKnqqYGaOoRpkA/xKL4ulda6AekgMggBQWyb+eOk2bP74UD3R6lGg/IvnqTEqJ7XK90XpqmiDABLyIoj7Au/Dyu939QfgHkHKk9KdAifj4jzPFHOPO73Auujg1StlzdrwerKPrr8ApXRKnjDl7DhfbVn50FAzwozyMhT55NSCr4fPPL+QkD8uMDCAhMkLwC5wfzrBdR+248ERG6DHKuUPLvXsVCS5+IvJ+eMZJUSuDb4M/Uq/ODhjWUlmVMHZqamw4UYZGm8HvRnJUWWfHXsgs0fHmcMpQc+S+3qiEGYXT5cfXmyQ7wz6S07CI68E4jMW52tjKSb3CinBp1WenxGCleUHHfnbYWEXOoMaDqMLc97izAESKOhRJE71RG1rwL6z7tnLvHI+i0Dr57j1d515/HNmhEo8zx7Edid33+XQ25qg2wIWmx+4Kcq60V7xk2O+bVzmPceGNBOrbsdWwE2L5P00udhAJb/Vh+XLfmTT1PzCP+rDHQVT9Q9zMUDZQI1Mdi4klqLiyCnGaNTnbGGQZg19K7TxXX3D8F81zDJ3bUshFlgT8dSYz71zpVj/hTeUtaa236SkLynIPxGhnzE6XuDwGySvUpRTA93V+DfUGsCYlfN8omr/VvMGrmpD7lvchBMz8KPMONrUpXolh0HIZWrI9HCeyS0kma0CwyPw+aGYZD2PW8Q0WDZCU4InBoe+16BNBR4CS69rmneSjFiCAGnbg==
You're right that the BaseDn has to be above all groups, but the following should help:
1) you can/should search for groups by objectclass&gidNumber (which the template should define as the Grouper group index)
2) You can use jexl and commas in the dn of the template to create groups in the OUs you desire.
3) if this is an existing tree of groups, everything should be okay after you manually populate the gidNumbers somehow
What do you think?
--Bert
On Jan 25, 2019, at 8:48 PM, Andre Daniels <> wrote:
Hello,
I am a not sure how to best configure pspng to provision to an ldap ou that has a folder-like hierarchy and groups with similar names. The groupSearchBaseDn does not appear to accept a jexl _expression_, so how does one prevent name collision? If I set the baseDn to allGroups, how does the provisioner determine whether a given update is for the allGroups:groupA:admins or allGroups:groupB:admins?
Thanks,Andre
--
Andre DanielsSr. Developer/Security AnalystUniversity of California Santa Cruz(831) 459-1980
- [grouper-users] Grouper, Andre Daniels, 01/26/2019
- Re: [grouper-users] Grouper, Andre Daniels, 01/28/2019
- Re: [grouper-users] Grouper, Greg Haverkamp, 01/28/2019
- Re: [grouper-users] Grouper, Bee-Lindgren, Bert, 01/28/2019
- Re: [grouper-users] Grouper, Crawford, Jeffrey, 01/30/2019
Archive powered by MHonArc 2.6.19.