...
Les groupes sont placés dans une unité organisationnelle "groupes", en conservant l'arborescence de la base grouper
L'attribut sAMAccountName reçoit la valeur de l'id_path grouper avec conversion des ":" en "_"
Configuration ldappc :
| Bloc de code |
|---|
<?xml version="1.0" encoding="utf-8"?>
<ldappc>
<grouper>
<group-queries>
<subordinate-stem-queries>
<stem-list>
<stem>groupes</stem>
</stem-list>
</subordinate-stem-queries>
</group-queries>
<groups
structure="bushy"
root-dn="ou=GROUPER,ou=rennes1,${edu.vt.middleware.ldap.base}"
ldap-object-class="group"
ldap-rdn-attribute="cn"
grouper-attribute="name"
bundle-modifications="false"
>
<group-members-dn-list list-object-class="group" list-attribute="member" />
<resolver-attribute-mapping ldap-object-class="group">
<resolver-attribute-map resolver-attribute="grouptypead" ldap-attribute="groupType" ldap-attribute-empty-value="-2147483646"/>
<resolver-attribute-map resolver-attribute="sAMAccountName" ldap-attribute="sAMAccountName" />
</resolver-attribute-mapping>
</groups>
</grouper>
<source-subject-identifiers>
<source-subject-identifier source="rennes1:ldap" subject-attribute="id">
<ldap-search base="ou=rennes1,${edu.vt.middleware.ldap.base}"
scope="subtree_scope"
filter="(cn={0})"
on-not-found="warn" />
</source-subject-identifier>
</source-subject-identifiers>
</ldappc>
|
Résolution des correspondances d'attributs :
| Bloc de code |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
xmlns:grouper="http://grouper.internet2.edu/shibboleth/2.0"
xsi:schemaLocation="
urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
http://grouper.internet2.edu/shibboleth/2.0 classpath:/schema/shibboleth-2.0-grouper.xsd">
<!-- group data connector -->
<resolver:DataConnector id="groupDataConnector" xsi:type="grouper:GroupDataConnector">
</resolver:DataConnector>
<resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName" sourceAttributeID="name">
<resolver:Dependency ref="groupDataConnector" />
<Script><![CDATA[
// Import Shibboleth attribute provider
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
value = name.getValues().get(0);
value = value.replaceAll("\\/", "_");
value = value.replaceAll("\\/", "_");
value = value.replaceAll("\\[", "_");
value = value.replaceAll("\\]", "_");
value = value.replaceAll("\\:", "_");
value = value.replaceAll("\\;", "_");
value = value.replaceAll("\\|", "_");
value = value.replaceAll("\\=", "_");
value = value.replaceAll("\\,", "_");
value = value.replaceAll("\\+", "_");
value = value.replaceAll("\\*", "_");
value = value.replaceAll("\\?", "_");
sAMAccountName = new BasicAttribute("sAMAccountName");
sAMAccountName.getValues().add(value);
]]></Script>
</resolver:AttributeDefinition>
<resolver:AttributeDefinition id="grouptypead" xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="name" >
<resolver:Dependency ref="groupDataConnector" />
<Script><![CDATA[
// Import Shibboleth attribute provider
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
value = -2147483646;
grouptypead = new BasicAttribute("grouptypead");
grouptypead.getValues().add(value);
]]></Script>
</resolver:AttributeDefinition>
</AttributeResolver>
|