Grouper Users - Open Discussion List

[Philippe CHANTRY <>]

Thanks for your message.

My answers below.

Best regards,

Philippe Chantry  ♢ Ingénieur DSIN ♢ Toulouse INP ♢ (05 34 32) 30 83

---

De: "Hyzer, Chris" <>
À: , "Philippe Chantry" <>
Envoyé: Mercredi 26 Janvier 2022 18:14:24
Objet: Re: [grouper-users] ldap subject source issue

You will get better support on slack instead of email FYI.

Can you send your exported subject source config (you can export from UI under configuration).

Here is the exported subject.properties file for my ldap2 subject source:

subjectApi.source.ldap2.adapterClass = edu.internet2.middleware.grouper.subj.GrouperLdapSourceAdapter2_5
subjectApi.source.ldap2.attribute.0.name = uid
subjectApi.source.ldap2.attribute.0.translationType = sourceAttributeSameAsSubjectAttribute
subjectApi.source.ldap2.attribute.1.name = name
subjectApi.source.ldap2.attribute.1.sourceAttribute = cn
subjectApi.source.ldap2.attribute.1.translationType = sourceAttribute
subjectApi.source.ldap2.attribute.2.name = mail
subjectApi.source.ldap2.attribute.2.subjectIdentifier = true
subjectApi.source.ldap2.attribute.2.translationType = sourceAttributeSameAsSubjectAttribute
subjectApi.source.ldap2.attribute.3.name = description
subjectApi.source.ldap2.attribute.3.translation.elConfig = ${subject_attribute__cn + ' (' +source_attribute__uid + ') - ' + source_attribute__businesscategory + ' - ' + source_attribute__edupersonaffiliation}
subjectApi.source.ldap2.attribute.3.translationType = translation
subjectApi.source.ldap2.extraAttributesFromSource = businessCategory, eduPersonAffiliation
subjectApi.source.ldap2.id = ldap2
subjectApi.source.ldap2.name = ldap local
subjectApi.source.ldap2.numberOfAttributes = 4
subjectApi.source.ldap2.param.Description_AttributeType.value = description
subjectApi.source.ldap2.param.Name_AttributeType.value = name
subjectApi.source.ldap2.param.SubjectID_AttributeType.value = uid
subjectApi.source.ldap2.param.emailAttributeName.value = mail
subjectApi.source.ldap2.param.findSubjectByIdOnCheckConfig.value = true
subjectApi.source.ldap2.param.findSubjectByIdentifiedOnCheckConfig.value = true
subjectApi.source.ldap2.param.findSubjectByStringOnCheckConfig.value = true
subjectApi.source.ldap2.param.ldapServerId.value = ldapLocal
subjectApi.source.ldap2.param.netId.value = mail
subjectApi.source.ldap2.param.stringToFindOnCheckConfig.value = jo
subjectApi.source.ldap2.param.subjectIdToFindOnCheckConfig.value = aanderson
subjectApi.source.ldap2.param.subjectIdentifierToFindOnCheckConfig.value =
subjectApi.source.ldap2.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%))(objectclass=person))
subjectApi.source.ldap2.search.searchSubject.param.base.value = ou=People,dc=example,dc=edu
subjectApi.source.ldap2.search.searchSubject.param.filter.value = (uid=%TERM%)
subjectApi.source.ldap2.search.searchSubject.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap2.search.searchSubjectByIdentifier.param.filter.value = (mail=%TERM%)
subjectApi.source.ldap2.searchAttribute.0.attributeName = description
subjectApi.source.ldap2.searchAttributeCount = 1
subjectApi.source.ldap2.sortAttribute.0.attributeName = name
subjectApi.source.ldap2.sortAttributeCount = 1
subjectApi.source.ldap2.types = person

Are any of your data values null?  Maybe that is an issue?  I tried a similar thing and it worked fine

To avoid null values, I created another subject source based on openldap-dinkel-grouper external LDAP system.

But with translation script as shown above, the disgnostics tool says:

ERROR: Exception thrown when finding subject by id in 4ms: 'aanderson'
         with SubjectFinder.findByIdAndSource("aanderson", "ldap2", false)
java.lang.RuntimeException: Error substituting string: '() -  -'
...

Caused by: java.lang.RuntimeException: Script must be ${script}: '() -  -'

Translation for my_description: ${subject_attribute__my_new_id + ' (' +source_attribute__name + ') - ' + source_attribute__entity_id + ' - ' + source_attribute__my_id}

---

From: <> on behalf of pchantry <>
Sent: Wednesday, January 26, 2022 5:00 AM
To: <>
Subject: [grouper-users] ldap subject source issue

 

Hello,

I just installed grouper 2.5.59.3 and defined a Ldap subject source through UI
> Miscellaneous > Subject sources > Add subject source.

All is fine except the setting of one attribute with "translation type" =
translation. The translation script is not recognized. I tried different
values, and I got some errors when I run the diagnostics tool :
- script value = ${subject_attribute__cn + ' (' +source_attribute__uid + ') -
' + source_attribute__edupersonprimaryaffiliation}
- error in diagnostics :
ERROR: Exception thrown when finding subject by id in 33ms: 'glagaffe'
         with SubjectFinder.findByIdAndSource("my_uid", "ldap", false)
java.lang.RuntimeException: Error substituting string: '() -'
...
Caused by: java.lang.RuntimeException: Script must be ${script}: '() -'

- script value = ${subject_attribute__mail}
- diagnostics : no error, but says : Subject attribute 'namewithstatus' has 1
value: ''  (i.e. the value is unexpectedly empty)

In our previous Grouper instance, 2.3, we had defined this attribute in
grouper.apiBinary-2.3.0/conf/sources.xml like this:
     <init-param>
      <param-name>subjectVirtualAttribute_0_nameWithStatus</param-name>
      <param-value>$
{subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('sn').toUpperCase(),
"")}, $
{subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('givenName'),
"")} ${subject.getAttributeValueOrCommaSeparated('eduPersonAffiliation') ==
null ? "" :
subjectUtils.defaultIfBlank('('+subject.getAttributeValueOrCommaSeparated('eduPersonAffiliation').toLowerCase()
+')', "")}</param-value>
    </init-param>

So my question is : how to set up such a parameter in Grouper 2.5 ?

Thank you,
Philippe