Public LDAP example
CMU has a public LDAP server. We can hook up a subject source to it as an example
Server: ldap.andrew.cmu.edu
Base DN: dc=cmu,dc=edu
URL: ldap://ldap.andrew.cmu.edu:389/dc=cmu,dc=edu
Top OU: ou=person
Users: guid=ABC123
Attributes:
- objectClass: cmuPerson
- cn (First Last)
- eduPersonSchoolCollegeName
- cmuAndrewId: netId
Sources.xml
<source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"> <id>cmu</id> <name>cmu</name> <type>person</type> <init-param> <param-name>INITIAL_CONTEXT_FACTORY</param-name> <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> </init-param> <init-param> <param-name>PROVIDER_URL</param-name> <param-value>ldap://ldap.andrew.cmu.edu:389/dc=cmu,dc=edu</param-value> </init-param> <init-param> <param-name>SECURITY_AUTHENTICATION</param-name> <param-value>none</param-value> <!-- param-value>simple</param-value --> </init-param> <!-- init-param> <param-name>SECURITY_PRINCIPAL</param-name> <param-value>CN=grouperad,OU=Service Accounts</param-value> </init-param> <init-param> <param-name>SECURITY_CREDENTIALS</param-name> <param-value>/etc/grouper/ADSource.pass</param-value> </init-param --> <init-param> <param-name>SubjectID_AttributeType</param-name> <param-value>guid</param-value> </init-param> <init-param> <param-name>SubjectID_formatToLowerCase</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>Name_AttributeType</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>Description_AttributeType</param-name> <param-value>nameLong</param-value> </init-param> <!-- /// /// For filter use --> <search> <searchType>searchSubject</searchType> <param> <param-name>filter</param-name> <param-value> (& (guid=%TERM%) (objectclass=cmuPerson)) </param-value> </param> <param> <param-name>scope</param-name> <!-- Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE --> <param-value> ONELEVEL_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=person </param-value> </param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value> (& (cmuAndrewId=%TERM%) (objectclass=cmuPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> ONELEVEL_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=person </param-value> </param> </search> <search> <searchType>search</searchType> <param> <param-name>filter</param-name> <param-value> (& (|(|(cmuAndrewId=%TERM%)(cn=*%TERM%*))(guid=%TERM%))(objectclass=cmuPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> ONELEVEL_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=person </param-value> </param> </search> <!-- you need this to be able to reference GrouperUtilElSafe in scripts --> <init-param> <param-name>subjectVirtualAttributeVariable_grouperUtilElSafe</param-name> <param-value>edu.internet2.middleware.grouper.util.GrouperUtilElSafe</param-value> </init-param> <!-- make sure this is set --> <init-param> <param-name>subjectVirtualAttribute_0_nameLong</param-name> <param-value>${grouperUtilElSafe.appendIfNotBlankString(grouperUtilElSafe.defaultIfBlank(subject.getAttributeValue('cn'), ''), ' - ', grouperUtilElSafe.defaultIfBlank(subject.getAttributeValue('eduPersonSchoolCollegeName'), ''))}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>nameLong</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>nameLong</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> <!-- ///Attributes you would like to display when doing a search --> <attribute>eduPersonSchoolCollegeName</attribute> <attribute>sn</attribute> <attribute>cmuStudentClass</attribute> <attribute>givenName</attribute> <attribute>mail</attribute> </source>