Grouper Users - Open Discussion List

[Dominique Petitpierre <>]

Hello again,

has to have some kind of mapping student to target student, and employee to target employee

for such a selection what could be used  are properties analogous to groupSelectionExpression and allGroupsSearchFilter:

subjectSelectionExpression to select the subjects of a Grouper group to consider for synchronizing
e.g. ${subject.attributes("employeeType").equals("student")}

allMembersSearchFilter to select which target members can be mapped to subjects and to exclude members that should not be removed from the target group
e.g. (employeeType=student)

With something like this many provisioners could provision the same group.
Each provisioner would only synchronize the subset of the Grouper members they care for, thus avoiding the expensive one to zero correspondence check.

This, together with a method containsAttribute, would allow to do what I was describing in my original post (cf. [grouper-users] PSPNG: synchronize one Grouper group member to two target directory group members?):
Two provisioners, one taking care of the student members and the other of the staff members in the same target group could be configured with the following properties:

changeLog.consumer.activedirectory_student.subjectSelectionExpression: ${subject.attributes.containsAttribute("employeeType","student")}
changeLog.consumer.activedirectory_student.allMembersSearchFilter: (employeeType=student)

changeLog.consumer.activedirectory_staff.subjectSelectionExpression: ${subject.attributes.containsAttribute("employeeType","staff")}
changeLog.consumer.activedirectory_staff.allMembersSearchFilter: (employeeType=staff)
    The configured selections insure a one to one correspondence of the
    members in each provisioner (in the target directory student and
    staff persons have separate entries, each either student or staff
    but not both).
    This preserves the current behaviour of PSPNG that does not handle
    one to many correspondances . But it allows the resulting target
    group to have one to many correspondences with members of the
    Grouper group.

If feasible and sound, I propose this as a Request For Enhancement for PSPNG, as a fallback alternative to the one to many correspondences RFE proposed in my recent post (Re: [grouper-users] PSPNG: synchronize one Grouper group member to two target directory group members?).

- Is anybody interested as well?

Regards.

On 14.09.20 10:02, Dominique Petitpierre wrote:

Hello,

On 10.09.20 04:07, Dominique Petitpierre wrote:

Alternatively,
- is it possible to have two provisioners, one taking care of the student members and the other of the staff members in the same target directory group?
(I don't quite see how full sync would work but asking just in case I am missing something!)

- Is it possible to select which Grouper group members should be synchronized? (eg. only students or only staff members)

If both source and target members could be selected, then such two provisioners could work.

-- 
Mr Dominique Petitpierre, user=Dominique.Petitpierre domain=unige.ch
IT Division, University of Geneva, Switzerland