grouper-users - Re: [grouper-users] Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: "Crawford, Jeffrey" <>
- To: "" <>, "" <>
- Subject: Re: [grouper-users] Grouper
- Date: Wed, 30 Jan 2019 16:30:45 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:X5l5ChwHGVY0nlTXCy+O+j09IxM/srCxBDY+r6Qd2uMWIJqq85mqBkHD//Il1AaPAd2Lraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRHolikJKiI5/m/UhMx+jq1boQ6uqBNkzoHOfI2VMeBzcr/Bcd4YQ2dKQ8ZfVzZGAoO5d4YDAfQMPfxCoIjzqVsOqgG+ChS0COjyzjFHmHH23aMg0+s/EQDK0hErEtUMsHvIttX6LqkTUe6yzKnS0DrOdPJW2Svn5IjVbh8hpeuDUahufsXM1EkiDgXIhUiTp4z9Jz6Y2fgBv3KG4+Z8V++jkW0qpxxrrjSy2ssglpHFipwUx1zY9yh0xYg1KcGlREJnZNOoDoVfuiCfOoZ2WMwvRnxntSI6x7AJvJO0ZiYHxZQkyhPaaPGLb4qF4hzmWeuSOzh1h29pdKqxhxms8kWs1ujxW8y60FpXoCpJj9zBu34N2hHX7sWKT+By80Wi1DuA0g3e6P1ILV4vmqfdNpUv2KQ/loAJvkTGBiL2mFv5jKuRdkg84ual9+Ppbqn7qpOFKoJ7iB/yPr0pmsOkH+s0KA8OX3WH+eun073j4Ev5T6hQgv0uiKnZt4zaKtoHqa6lAg9V1YAj5wy4Dze7zNQYmX4HLFVGeB6dk4fpPFTOLOj5Dfe5nVusjC9myv/aMrH7H5nBMnrOnK3icLpg8UJQ1RY/wcxH65JREL4BIfbzWkHrtNzfCx80Kw60zPr9CNpn2IIeV2WPArWEP67JsF+I+vgjI/SQa48RojnxMeYq6OPzjXMhg18SYbGp3YcLaHC/BvlmLF+ZYX3xgtcZD2gKpBMyTPHxiFKcSz5TfG2/X6Y95jEgFIKmFp3PRoGrgLydwii7BJtWaX5aClySC3vnaZiLW+pfIB6Vd4VolDAeWJC8QJQqkxyiqUWyn7NhIvDZ0jATrpml2dRosamb3x4o8iFsAt7YznqAVXpcn2UUSiUw0bwl50Fx1x3LhadihOFAGMYW+uhESBwSNJjAwvZ8BsyoHA/NY4HaZkyhR4DsKis4Udw22dNKK2RwFdu4gwGJl36oCKUciLKMHpAc876awnP1LoBwx2uQh/pptEUvXsYabT7uvaV47QWGX9STwUyEi6anc7gd1yfR9WCFiHCDp1xcTBUuDffeRX5KYEzQoJy5/U7EQ7K0QZUfegpagY/nSONRb8Hxy1BPRfPtItPbNmC6gW6vCxGSypuNcMz3cGEUmijRFRtMng==
|
Hi Andre,
So are you trying to create a provisioner and keep the group list flat? But have a distinct provisioner for different folders in the structure? In that case, when you are creating the changelog entries i.e. a provisioning point like pspsng_GroupA as “changelog.consumer.pspng_GroupA…” and then apply the etc:pspng:provision_to attribute with the value pspng_GroupA to structure in grouper were you want it to start provisioning.
Then add the a second provisioner entry for pspng_GroupB like above and apply the provision_to attribute to the other folder in the grouper org. Then each of the changelog.consumer.pspng_GroupA.groupSearchBaseDN = ou=groupa,ou=groups,… and changelog.consumer.pspng_GroupA.groupSearchBaseDN = ou=groupb,ou=groups,… We assume the other configuration points would otherwise be the same between the GroupA and GroupB loader definitions.
As an example of how to apply the attributes in a grouper shell, (not sure we should be attaching images here for how to do this on the ui) would look something like: grouperSession = GrouperSession.startRootSession(); attributeDefName = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true); stem = StemFinder.findByName(grouperSession, "path:to:GroupA"); stem.getAttributeDelegate().assignAttribute(attributeDefName); stem.getAttributeValueDelegate().assignValueString(attributeDefName.getName(), "pspng_GroupA"); stem = StemFinder.findByName(grouperSession, "path:to:GroupB"); stem.getAttributeDelegate().removeAttribute(attributeDefName); stem.getAttributeDelegate().assignAttribute(attributeDefName); stem.getAttributeValueDelegate().assignValueString(attributeDefName.getName(), "pspng_GroupB");
Jeffrey C.
From: <> on behalf of Andre Daniels <>
Hello,
I am a not sure how to best configure pspng to provision to an ldap ou that has a folder-like hierarchy and groups with similar names. The groupSearchBaseDn does not appear to accept a jexl _expression_, so how does one prevent name collision? If I set the baseDn to allGroups, how does the provisioner determine whether a given update is for the allGroups:groupA:admins or allGroups:groupB:admins?
Thanks, Andre
-- Andre Daniels Sr. Developer/Security Analyst University of California Santa Cruz (831) 459-1980
|
- [grouper-users] Grouper, Andre Daniels, 01/26/2019
- Re: [grouper-users] Grouper, Andre Daniels, 01/28/2019
- Re: [grouper-users] Grouper, Greg Haverkamp, 01/28/2019
- Re: [grouper-users] Grouper, Bee-Lindgren, Bert, 01/28/2019
- Re: [grouper-users] Grouper, Crawford, Jeffrey, 01/30/2019
Archive powered by MHonArc 2.6.19.