Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1903

With PSPNG, groupSelectionExpression that doesn't use pspng attributes

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • provisioning
    • None

    Description

      Hello,

      With PSPNG 2.3 Patch 21, a full sync deletes all provisioned attribute

      My config :

      ## Alimentation de l'attribut FrEduLilHabilitation dans la branche ou=ac-lille,ou=education,o=gouv,c=fr
      changeLog.consumer.pspng_attrFrEduLilHabilitation.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
      changeLog.consumer.pspng_attrFrEduLilHabilitation.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner
      changeLog.consumer.pspng_attrFrEduLilHabilitation.quartzCron = 0 * * * * ?
      changeLog.consumer.pspng_attrFrEduLilHabilitation.ldapPoolName = aclille
      changeLog.consumer.pspng_attrFrEduLilHabilitation.provisionedAttributeName = FrEduLilHabilitation
      changeLog.consumer.pspng_attrFrEduLilHabilitation.provisionedAttributeValueFormat = Grouper|${group.name}
      changeLog.consumer.pspng_attrFrEduLilHabilitation.userSearchBaseDn = ou=ac-lille,ou=education,o=gouv,c=fr
      changeLog.consumer.pspng_attrFrEduLilHabilitation.userSearchFilter = uid=${subject.id}
      changeLog.consumer.pspng_attrFrEduLilHabilitation.groupSelectionExpression = ${name.startsWith("app:") && name.contains(":habil:")}
      changeLog.consumer.pspng_attrFrEduLilHabilitation.grouperIsAuthoritative = true
      changeLog.consumer.pspng_attrFrEduLilHabilitation.allProvisionedValuesPrefix = Grouper|

      Incremental provisioning works well : adding/deleting someone in a group like app:habil:testa result in adding/deleting the provisioned attribute in the user ldap entry
      This problem occurs only with the full sync...

      For this config we use a specific groupSelectionExpression.

      I used gsh to evaluate Group selection and the result is empty :

      groovy:000> provisioner_name="pspng_attrFrEduLilHabilitation"
      ===> pspng_attrFrEduLilHabilitation
      groovy:000> gs=GrouperSession.startRootSession();
      ===> 15fb4e8176344454a3b63e1e5671156f,'GrouperSystem','application'
      groovy:000> provisioner=edu.internet2.middleware.grouper.pspng.ProvisionerFactory.createProvisioner(provisioner_name,false);
      ===> LdapAttributeProvisioner[pspng_attrFrEduLilHabilitation]
      groovy:000> provisioner.getAllGroupsForProvisioner();
      ===> []

      In the log :

      2018-09-19 15:34:57,558: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1520) -  - Looking for folders that match attribute etc:pspng:provision_to=pspng_attrFrEduLilHabilitation
      2018-09-19 15:34:57,605: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1522) -  - Looking for groups that match attribute etc:pspng:provision_to=pspng_attrFrEduLilHabilitation
      2018-09-19 15:34:57,637: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1532) -  - pspng_attrFrEduLilHabilitation: There are 0 folders that match etc:pspng:provision_to attribute
      2018-09-19 15:34:57,637: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1533) -  - pspng_attrFrEduLilHabilitation: There are 0 groups that match etc:pspng:provision_to attribute
      2018-09-19 15:34:57,638: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1520) -  - Looking for folders that match attribute etc:pspng:do_not_provision_to=pspng_attrFrEduLilHabilitation
      2018-09-19 15:34:57,677: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1522) -  - Looking for groups that match attribute etc:pspng:do_not_provision_to=pspng_attrFrEduLilHabilitation
      2018-09-19 15:34:57,715: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1532) -  - pspng_attrFrEduLilHabilitation: There are 0 folders that match etc:pspng:do_not_provision_to attribute
      2018-09-19 15:34:57,716: [main] DEBUG Provisioner.getAllGroupsForProvisioner(1533) -  - pspng_attrFrEduLilHabilitation: There are 0 groups that match etc:pspng:do_not_provision_to attribute

      Thanks,

      Yoann

       

      Attachments

        Activity

          People

            bert.beelindgren@at.internet2.edu Bert Bee-Lindgren (gatech.edu)
            ydelattre2 Yoann Delattre (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Smart Checklist