Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Grouper


Chronological Thread 
  • From: "Crawford, Jeffrey" <>
  • To: "" <>, "" <>
  • Subject: Re: [grouper-users] Grouper
  • Date: Wed, 30 Jan 2019 16:30:45 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:X5l5ChwHGVY0nlTXCy+O+j09IxM/srCxBDY+r6Qd2uMWIJqq85mqBkHD//Il1AaPAd2Lraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRHolikJKiI5/m/UhMx+jq1boQ6uqBNkzoHOfI2VMeBzcr/Bcd4YQ2dKQ8ZfVzZGAoO5d4YDAfQMPfxCoIjzqVsOqgG+ChS0COjyzjFHmHH23aMg0+s/EQDK0hErEtUMsHvIttX6LqkTUe6yzKnS0DrOdPJW2Svn5IjVbh8hpeuDUahufsXM1EkiDgXIhUiTp4z9Jz6Y2fgBv3KG4+Z8V++jkW0qpxxrrjSy2ssglpHFipwUx1zY9yh0xYg1KcGlREJnZNOoDoVfuiCfOoZ2WMwvRnxntSI6x7AJvJO0ZiYHxZQkyhPaaPGLb4qF4hzmWeuSOzh1h29pdKqxhxms8kWs1ujxW8y60FpXoCpJj9zBu34N2hHX7sWKT+By80Wi1DuA0g3e6P1ILV4vmqfdNpUv2KQ/loAJvkTGBiL2mFv5jKuRdkg84ual9+Ppbqn7qpOFKoJ7iB/yPr0pmsOkH+s0KA8OX3WH+eun073j4Ev5T6hQgv0uiKnZt4zaKtoHqa6lAg9V1YAj5wy4Dze7zNQYmX4HLFVGeB6dk4fpPFTOLOj5Dfe5nVusjC9myv/aMrH7H5nBMnrOnK3icLpg8UJQ1RY/wcxH65JREL4BIfbzWkHrtNzfCx80Kw60zPr9CNpn2IIeV2WPArWEP67JsF+I+vgjI/SQa48RojnxMeYq6OPzjXMhg18SYbGp3YcLaHC/BvlmLF+ZYX3xgtcZD2gKpBMyTPHxiFKcSz5TfG2/X6Y95jEgFIKmFp3PRoGrgLydwii7BJtWaX5aClySC3vnaZiLW+pfIB6Vd4VolDAeWJC8QJQqkxyiqUWyn7NhIvDZ0jATrpml2dRosamb3x4o8iFsAt7YznqAVXpcn2UUSiUw0bwl50Fx1x3LhadihOFAGMYW+uhESBwSNJjAwvZ8BsyoHA/NY4HaZkyhR4DsKis4Udw22dNKK2RwFdu4gwGJl36oCKUciLKMHpAc876awnP1LoBwx2uQh/pptEUvXsYabT7uvaV47QWGX9STwUyEi6anc7gd1yfR9WCFiHCDp1xcTBUuDffeRX5KYEzQoJy5/U7EQ7K0QZUfegpagY/nSONRb8Hxy1BPRfPtItPbNmC6gW6vCxGSypuNcMz3cGEUmijRFRtMng==

Hi Andre,

 

So are you trying to create a provisioner and keep the group list flat? But have a distinct provisioner for different folders in the structure? In that case, when you are creating the changelog entries i.e. a provisioning point like pspsng_GroupA as “changelog.consumer.pspng_GroupA…” and then apply the etc:pspng:provision_to attribute with the value pspng_GroupA to structure in grouper were you want it to start provisioning.

 

Then add the a second provisioner entry for pspng_GroupB like above and apply the provision_to attribute to the other folder in the grouper org. Then each of the changelog.consumer.pspng_GroupA.groupSearchBaseDN = ou=groupa,ou=groups,… and changelog.consumer.pspng_GroupA.groupSearchBaseDN = ou=groupb,ou=groups,… We assume the other configuration points would otherwise be the same between the GroupA and GroupB loader definitions.

 

As an example of how to apply the attributes in a grouper shell, (not sure we should be attaching images here for how to do this on the ui) would look something like:

grouperSession = GrouperSession.startRootSession();

attributeDefName = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);

stem = StemFinder.findByName(grouperSession, "path:to:GroupA");

stem.getAttributeDelegate().assignAttribute(attributeDefName);

stem.getAttributeValueDelegate().assignValueString(attributeDefName.getName(), "pspng_GroupA");

stem = StemFinder.findByName(grouperSession, "path:to:GroupB");

stem.getAttributeDelegate().removeAttribute(attributeDefName);

stem.getAttributeDelegate().assignAttribute(attributeDefName);

stem.getAttributeValueDelegate().assignValueString(attributeDefName.getName(), "pspng_GroupB");

 

Jeffrey C.

 

From: <> on behalf of Andre Daniels <>
Reply-To: "" <>
Date: Friday, January 25, 2019 at 5:48 PM
To: "" <>
Subject: [grouper-users] Grouper

 

Hello,

 

I am a not sure how to best configure pspng to provision to an ldap ou that has a folder-like hierarchy and groups with similar names. The groupSearchBaseDn does not appear to accept a jexl _expression_, so how does one prevent name collision? If I set the baseDn to allGroups, how does the provisioner determine whether a given update is for the allGroups:groupA:admins or allGroups:groupB:admins?

 

Thanks,

Andre

 

--

Andre Daniels 

Sr. Developer/Security Analyst

University of California Santa Cruz

(831) 459-1980




Archive powered by MHonArc 2.6.19.

Top of Page