Versions Compared

Old Version 22

changes.mady.by.user Julio Polo

Saved on

compared with

New Version 23

changes.mady.by.user Julio Polo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Special considerations before modifying an include or exclude group:
    • Who is performing the addition or deletion from the include and exclude groups?  If it as a grouping owner, you may proceed.
    • Is your application opting in or out on behalf of a grouping member?  If so, you should check whether the owner allowed that.
  • Determine the full path to the grouping's include and exclude groups. Simply append :include or :exclude to the grouping path, e.g.
    • hawaii.edu:custom:uhm:manoa-math-club:include
    • hawaii.edu:custom:uhm:manoa-math-club:exclude
  • Use these Grouper web service to add or delete members from the include or exclude groups.
  • REQUIRED: set this Grouper attribute to the current date and time, but truncate the seconds portion:
      • The attribute name is uh-settings:attributes:for-groups:last-modified:yyyymmddThhmm
      • The attribute name in the web service call is referred to as wsAttributeDefNameName. See example below.
      • Set the attribute for the include or exclude group you are modifying, not the grouping path itself.
    • Use the YYYYMMDDTHHMM format for the attribute value, e.g.
      • 20140315T1915 (March 15, 2014 7:15:59 PM, note how we truncated the seconds, even if this should have been rounded to 7:16 PM)
    • Please make sure your clock is synchronized with a time server.
    • Use this Grouper web service to assign the attribute:
      • https://spaces.internet2.edu/display/Grouper/Assign+Attributes

      • Example:

        No Format
        POST https://grouper.hawaii.edu/grouper-ws/servicesRest/json/v2_2_002/attributeAssignments
{
 "WsRestAssignAttributesLiteRequest":
 {
  "wsAttributeDefNameName":"uh-settings:attributes:for-groups:last-modified:yyyymmddThhmm",
  "attributeAssignType":"group",
  "valueSystem":"20201231T1345",
  "wsOwnerGroupName":"hawaii.edu:custom:your:grouping:path:include-or-exclude",
  "attributeAssignValueOperation":"replace_values",
  "attributeAssignOperation":"assign_attr"
 }
}



    • (info) A future version of Grouper will support RabbitMQ messaging, and we should then do away with this timestamp requirement.

...

Multi-valued attributes will be returned as a single string with all values delimited by three vertical bars "|||".  THIS APPLIES ONLY TO THE Grouper API.  Do not expect this format to appear in other services such as UH Login or LDAP.

Example:

No Format
POST https://grouper.hawaii.edu/grouper-ws/servicesRest/xml/v2_2_002/groups
<WsRestGetMembersRequest>
 <wsGroupLookups>
  <WsGroupLookup>
   <groupName>path:to:your:grouping</groupName>
  </WsGroupLookup>
 </wsGroupLookups>
   <includeSubjectDetail>T</includeSubjectDetail>
 <subjectAttributeNames>
   <string>eduPersonAffiliation</string>
   <string>eduPersonOrgDN</string>
 </subjectAttributeNames>
</WsRestGetMembersRequest>


returns:

No Format
<WsGetMembersResults>

 <subjectAttributeNames>
  <string>eduPersonAffiliation</string>
  <string>eduPersonOrgDN</string>
  <string>uid</string>
  <string>cn</string>
  <string>sn</string>
  <string>givenName</string>
  <string>eduPersonAffiliation</string>
  <string>eduPersonOrgDN</string>
 </subjectAttributeNames>

 ...

 <results>
  <WsGetMembersResult>
   ...
   <wsSubjects>
    <WsSubject>
     <resultCode>SUCCESS</resultCode>
     <success>T</success>
     <id>99999999</id>
     <name>First Last</name>
     <sourceId>UH core LDAP</sourceId>
     <attributeValues>
      <string>staff</string>
      <string>uhm</string>
      <string>username</string>
      <string>First Last</string>
      <string>Last</string>
      <string>First</string>
      <string>staff|||student</string>
      <string>uhsystem|||uhm</string>
     </attributeValues>
    </WsSubject>
...