Versions Compared

Old Version 13

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

compared with

New Version 14

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration section: Do you have entity attributes not in the subject source?  True/False (default false)

If true:

Config itemValueShow ifDescription
Global
Show entity attribute
resolverscheckboxes to select which global attribute resolvers
resolvertrue/false
See global attribute resolvers below


Resolve attributes with SQLtrue/falseshowEntityAttributeResolver == 'true'If true show the next section
Use global SQL resolvertrue/falseshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'		(default false), if true then use a global resolver
Global SQL resolvermyPeopleResolvershowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'true'		Drop down of global SQL resolvers
SQL config idwarehouseshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		Drop down with SQL config ids
(useGlobalResolver='false')
Table or view namemy_peopleshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		Table of user data, must have a subject source (optional), and matching/search col (required), and columns with single valued
attributes  (useGlobalResolver='false')
attributes
Subject source id columnsubject_source_idshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		The subject source id column (optional
) (useGlobalResolver='false'
)
Subject search / matching columnemployee_idshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		Column that searches and matches an entity
(useGlobalResolver='false')
SQL mapping typeentityAttribute / translationshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		Drop down of the mapping type
(useGlobalResolver='false')
SQL mapping entity attributesubjectIdshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		If this is an entity attribute mapping type, pick the entity attribute from a drop down
(useGlobalResolver='false')
SQL mapping expression${grouperProvisioningEntity.retrieveAttributeValueString('uid')}showEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		If this is a translation write the expression (unescaped) (useGlobalResolver='false')
Last updated columnlast_updatedshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		If this is provided then the incremental provisioner will process people that have been recently updated (useGlobalResolver='false')
Last updated typetimestampshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'
&& useGlobalSqlResolver == 'false'		Could be timestamp, millisSince1970 (useGlobalResolver='false')
Select all SQL on fulltrue/falseshowEntityAttributeResolver == 'true'
&& resolveAttributesWithSql = 'true'

(Default true), if select * from the table should occur on full runs.  Set to false if only a small subset of the

total entities in the table are provisionable  (show for local or global resolver)

Resolve attributes with LDAPtrue/falseshowEntityAttributeResolver == 'true'If true show the next section
Use global LDAP resolvertrue/falseshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'		(default false), if true then use a global resolver
Global SQL resolvermyPeopleResolvershowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'true'		Drop down of global LDAP resolvers
LDAP myAdshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		Drop down with
SQL
LDAP config ids
Base DNOU=users,DC=school,DC=edushowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		Base DN for search
Search scopeONELEVEL_SCOPE, or SUBTREE_SCOPE (default)showEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'
Filter part(objectClass=person)showEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		If provided, this will be part of the full or individual filter
AttributesemployeeID, name, org, extensionAttribute11, modifyTimestampshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		Attributes to retrieve (multi-valued attributes will be stored in appropriate structure)
LDAP matching / search attributeemployeeIDshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		LDAP attribute which is used to lookup and match an entity in Grouper
LDAP mapping typeentityAttribute / translationshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		Drop down of the mapping type
LDAP mapping entity attributesubjectIdshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'		If this is an entity attribute mapping type, pick the entity attribute from a drop down
LDAP matching expression

${grouperProvisioningEntity.retrieveAttributeValueString('uid')}


showEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'

The value in Grouper that matches the LDAP data.  This is not yet ldap escaped.  In this case the filter to get one record would be generated as:

(&(employeeID=${grouperUtil.ldapFilterEscape(grouperProvisioningEntity.retrieveAttributeValueString('uid'))})(objectClass=person))

Filter all LDAP on fulltrue/falseshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'

(Default true), if full filter should occur on full runs.  Set to false if only a small subset of the

total entities in the table are provisionable.  In the above example, if this is true, the full filter would be:

(&(employeeID=*)(objectClass=person))

Last updated attributemodifyTimestampshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'

If provided the incremental can poll for new records to process.  e.g. the filter would be (openldap / edirectory)

(&(employeeID=*)(objectClass=person)(modifyTimestamp>=20211119082103Z))

Active directory

(&(employeeID=*)(objectClass=person)(modifyTimestamp>= 20211119163324.0Z))

LDAP last updated formatdefault / activeDirectoryshowEntityAttributeResolver == 'true'
&& resolveAttributesWithLdap = 'true'
&& useGlobalLdapResolver == 'false'

This is optional, if not selected it will select default 20211119082103Z for a non AD connection and activeDirectory 20211119163324.0Z for

an active directory connection (which is selected in the external system)

On a full run get all users and full sync the translations.

...

Code Block
######################################
## Global entity attribute resolvers
## These SQL or LDAP attribute resolvers could be used in multiple provisioners or other areas
## entityAttributeResolverId is the unique configId for the attribute resolver
######################################

# Entity attribute resolver type
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.resolverType$", required: true, formElement: "dropdown", optionValues: ["sql", "ldap"]}
#entityAttributeResolver.entityAttributeResolverId.resolverType = 

# SQL configId for database connection, default to grouper database
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.sqlConfigId$", formElement: "dropdown", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.loader.db.DatabaseGrouperExternalSystem", showEl: "${resolverType == 'sql'}"}
#entityAttributeResolver.entityAttributeResolverId.sqlConfigId = 

# Table of user data, must have a subject source (optional), and matching/search col (required), and columns with single valued attributes
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.tableOrViewName$", required: true, showEl: "${resolverType == 'sql'}"}
#entityAttributeResolver.entityAttributeResolverId.tableOrViewName = 

# The subject source id column
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.subjectSourceIdColumn$", showEl: "${resolverType == 'sql'}"}
#entityAttributeResolver.entityAttributeResolverId.subjectSourceIdColumn = 

# Column that searches and matches an entity
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.subjectSearchMatchingColumn$", required: true, showEl: "${resolverType == 'sql'}"}
#entityAttributeResolver.entityAttributeResolverId.subjectSearchMatchingColumn = 
 
# Grouper attribute that matches the row
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.grouperAttributeThatMatchesRow$", required: true, showEl: "${resolverType == 'sql'}, formElement: "dropdown", optionValues: ['sqlsubjectId', 'ldapsubjectIdentifer0']"}
#entityAttributeResolver.entityAttributeResolverId.grouperAttributeThatMatchesRow = 
 
# The last updated column, e.g. a timestamp or number field (number of millis since 1970)
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.lastUpdatedColumn$", showEl: "${resolverType == 'sql'}"}
#entityAttributeResolver.entityAttributeResolverId.lastUpdatedColumn = 
  
# The last updated column type, e.g. timestamp, millisSince1970.  If this is provided then the incremental provisioner will process people that have been recently updated
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.lastUpdatedColumn$", showEl: "${resolverType == 'sql'}", formElement: "dropdown", optionValues: ['timestamp', 'millisSince1970']"}
#entityAttributeResolver.entityAttributeResolverId.lastUpdatedType =

# LDAP configId for connection
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.sqlConfigId$", required: true, formElement: "dropdown", formElement: "dropdown", optionValuesFromClass: "edu.internet2.middleware.grouper.app.externalSystem.LdapGrouperExternalSystem", showEl: "${resolverType == 'ldap'}"}
#entityAttributeResolver.entityAttributeResolverId.ldapConfigId =
  
# Base DN for search
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.baseDn$", showEl: "${resolverType == 'ldap'}", required: true}
#entityAttributeResolver.entityAttributeResolverId.baseDn = 

# Search scope, default is SUBTREE_SCOPE
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.searchScope$", showEl: "${resolverType == 'ldap'}", required: true, formElement: "dropdown", optionValues: ['ONELEVEL_SCOPE', ' SUBTREE_SCOPE']"}
#entityAttributeResolver.entityAttributeResolverId.searchScope = 
 
# If there is more to the filter for all users or selected user than just the search attribute, then put that here.  e.g. if you have a search attribute of employeeID, and you want the 
# filter to be (&(employeeID=12345678)(objectClass=person)) then you should fill in this value as: (objectClass=person)
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.searchScope$", showEl: "${resolverType == 'ldap'}"}
#entityAttributeResolver.entityAttributeResolverId.filterPart = 
  
# Attributes to retrieve (multi-valued attributes will be stored in appropriate structure)
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.ldapAttributes$", showEl: "${resolverType == 'ldap'}", required: true}
#entityAttributeResolver.entityAttributeResolverId.ldapAttributes = 
   
# LDAP matching / search attribute, this needs to be the same as the subject ID or subject identifier0
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.subjectSearchMatchingAttribute$", showEl: "${resolverType == 'ldap'}", required: true}
#entityAttributeResolver.entityAttributeResolverId.subjectSearchMatchingAttribute = 
  
# Grouper attribute that matches the record
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.grouperAttributeThatMatchesRow$", required: true, showEl: "${resolverType == 'ldap'}, formElement: "dropdown", optionValues: ['subjectId', 'subjectIdentifer0']"}
#entityAttributeResolver.entityAttributeResolverId.grouperAttributeThatMatchesRecord = 

# If provided the incremental can poll for new records to process.  e.g. the filter would be (openldap / edirectory) (modifyTimestamp>=20211119082103Z), or Active Directory: (modifyTimestamp>= 20211119163324.0Z)
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.lastUpdatedAttribute$", showEl: "${resolverType == 'ldap'"}
#entityAttributeResolver.entityAttributeResolverId.lastUpdatedAttribute =  
 
# This is optional, if not selected it will select default 20211119082103Z for a non AD connection and activeDirectory 20211119163324.0Z for
# an active directory connection (which is selected in the external system)
# {valueType: "string", regex: "^entityAttributeResolver\\.([^.]+)\\.lastUpdatedAttribute$", showEl: "${resolverType == 'ldap'", formElement: "dropdown", optionValues: ['default', 'activeDirectory']"}
#entityAttributeResolver.entityAttributeResolverId.ldapLastUpdatedFormat =