Assigning edupersonaffiliation attribute with AD

Morris, Andi amorris at cardiffmet.ac.uk
Thu May 2 09:51:15 EDT 2013


This is interesting, thanks for that. I'll speak to our AD admin people about potentially using one of these extended attributes.

Cheers,
Andi

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Goggins, Patrick
Sent: 01 May 2013 17:07
To: users at shibboleth.net
Subject: RE: Assigning edupersonaffiliation attribute with AD

We are also using one of the extensionattribute extensions for this purpose.




Patrick Goggins
Senior Systems Administrator
University of Wisconsin - Green Bay



-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Douglas E. Engert
Sent: Wednesday, May 01, 2013 9:39 AM
To: users at shibboleth.net
Subject: Re: Assigning edupersonaffiliation attribute with AD



On 4/30/2013 8:48 AM, Morris, Andi wrote:
> Hi all,
>
> How do you all assign the eduPersonAffiliation attribute to your
> users? Currently we use the following script to assign it based on Organisational Unit, but this is starting to prove too limiting as we have users within the same OUs that I'd like to assign different edupersonaffiliation attributes to.
>
>
> importPackage(Packages.edu.internet2.middleware.shibboleth.common.attr
> ibute.provider);
>
>              eduPersonAffiliation = new
> BasicAttribute("eduPersonAffiliation");
>
>              dn = distinguishedName.getValues().get(0).toLowerCase();
>
>              if (dn.contains("ou=student")) {
>
>                  eduPersonAffiliation.getValues().add("student");
>
> Is there a similar way to script this to go on maybe Security Group
> membership, or do I need to start looking into adding an extra AD attribute into the user properties, and trying to pull the information out from there?
>

AD also has a set of extensionattributeN (were N is 1-15) as part of MS Exchange schema extensions. We uses some of these for additional attributes about a user in Shibboleth.
Ask you AD admin if they have added an attributes you could use to tell id a user is a student.
(Can one of you users be a student and a staff member at the same time?)

> Cheers,
>
> Andi
>
> ________________________
>
> Andi Morris
>
> IT Security Officer
>
> Cardiff Metropolitan University
>
> TEL: 029 20 205720
>
> ________________________
>
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ------------------------------------------------------------
>
>  >From 1st November 2011 UWIC changed its title to Cardiff
> Metropolitan University. From the 6th December 2011, as part of this
> change, all email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan
> University will now be sent from the new @cardiffmet.ac.uk address.
> *Please could you ensure that all of your contact records and
> databases are updated to reflect this change.* Further information can
> be found on the website here.
> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk.
> Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn
> cael eu danfon o'r cyfeiriad @cardiffmet.ac.uk newydd. *Gwnewch yn
> siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data
> i adlewyrchu hyn.* Gellir cael rhagor o wybodaeth ar y wefan yma.
> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>

--

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>



More information about the users mailing list