[Deploying Sakai] LDAP Group Mapping

Steve Swinsburg steve.swinsburg at gmail.com
Sun Apr 10 15:49:12 PDT 2011


Hi Larry,

Group mapping (as in Sakai groups) is different from user type mapping. From the sounds of it you want a user's account 'type' to be mapped from an LDAP attribute? There are a couple of TypeMapper classes included, and if this is your scenario, in jldap-beans.xml you want to comment out the existing typemapper and uncomment the EntryAttributeToUserTypeMapper :

Like so:
<property name="userTypeMapper">
		<!-- Select one of the following beans -->
		<!-- ref bean="edu.amc.sakai.user.EmptyStringUserTypeMapper" /-->
		<ref bean="edu.amc.sakai.user.EntryAttributeToUserTypeMapper" />
		<!-- ref bean="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper" /-->
		<!-- ref bean="edu.amc.sakai.user.StringUserTypeMapper" /-->
</property>

Then a little further down you configure it. You can either use the value of the LDAP attribute 'groupMembership' directly to map to a user type, or you can provide a hardcoded mapping. Just uncomment the section you want and comment out the other one.

cheers,
Steve

On 11/04/2011, at 5:55 AM, Larry Dougher wrote:

> Hi all,
> 
> So, I have LDAP login working well on a instance of Sakai but I'm hung up the type part of a user account which I believe is related to the group membership mapping.
> 
> Everything is mapping correctly (First name, Last name, Email, etc) except Type.  What I would like is to specify with the groupmembership attribute with that you see on the screenshot (Faculty, WHS students, etc).  So that when an LDAP user logs in and goes to account it would look like this:
> 
> User ID: jdoe
> First Name: John
> Last Name: Doe
> Email: jdoe at windsorschools.net
> Type: Faculty (or WHS Students, or SSS Students, whatever group they are a part of)
> 
> I talked to a few Sakai developers and it looks like I need a memberOf overlay according tohttp://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance however that article refers to a directory at /var/lib/ldap2.4 and it doesn't exist within OS X server so that right away raises some red flags.  Oh yeah, running OS X Server 10.6.4.  I also can't find the memberof module either.
> 
> Any help would be greatly appreciated.
> 
> Thanks,
> 
> Larry Dougher
> Technology Coordinator / ACSP 10.6 / ACMT
> Windsor Southeast Supervisory Union
> 
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
> 
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20110411/958c93ba/attachment.html 


More information about the production mailing list