grouper-users - Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG
Chronological Thread
- From: Dominique Petitpierre <>
- To: <>
- Subject: Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG
- Date: Tue, 15 Sep 2020 19:59:57 +0200
- Organization: University of Geneva
We are moving from grouper PSP 2.3 to grouper 2.3 PSPNG to provision large reference group with more than 100 K members to Active Directory and LDAP.
With PSPNG we are setting the gidNumber attribute to the groups in RAD. Most of these groups already exist in RAD created by PSP, without the gidNumber attribute.
Is there a way to add the gidNumber attribute to existing groups using PSPNG?
If you don't have any gidNumber already set in the directory, you
could use the same value as in the example in
PSPNG bushy at Penn
https://spaces.at.internet2.edu/display/Grouper/PSPNG+bushy+at+Penn
i.e. add the following pattern at the end of the property
changeLog.consumer.yourprovisionername.groupCreationLdifTemplate :
||gidNumber: ${group.idIndex}Of course until all synchronized groups have their gidNumber set, you cannot use that attribute to identify target groups in the singleGroupSearchFilter property like in the example above.
But if you have some groups in your directory that have a
gidNumber independently assigned, then you have to avoid gidNumber
value collisions somehow.
Hence my question:
- How is the Grouper group idIndex generated?, i.e. what is its
possible range?
From what I have observed it looks like it is assigned from a sequential counter that starts at 10000. I.e the range seems to be [10000 , 10000 + number of groups and stems ever created].
- Correct? Can we be sure it is not going to change to a
different generation algorithm (random or larger start values, or
even change format to something else than a decimal number)?
I hope so!: because there are other groups with a gidNumber value
in our directory and, in order to avoid value collisions the
gidNumber attribute, it is set with an offset of 2000000:
||gidNumber: ${group.idIndex + 2000000}
Thanks in advance for a confirmation!
-- Mr Dominique Petitpierre, user=Dominique.Petitpierre domain=unige.ch IT Division, University of Geneva, Switzerland
- [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG, Siju Jacob, 09/15/2020
- RE: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG, Black, Carey M., 09/15/2020
- Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG, Dominique Petitpierre, 09/15/2020
- Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG, Jeffrey Williams, 09/17/2020
- Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG, Dominique Petitpierre, 09/17/2020
- Re: [grouper-users] Is there a way to add the gidNumber attribute to existing Active Directory groups using PSPNG, Jeffrey Williams, 09/17/2020
Archive powered by MHonArc 2.6.19.