Skip to content
Permalink
01335e7aac
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

grouper_training/docs/401/401.4-example-solution.rst

Go to file
 
 
Cannot retrieve contributors at this time
26 lines (21 sloc) 1.19 KB
Raw Blame

401.4 Untangling Legacy Access Policies - Example Solution

The following solution uses techniques demonstrated in the 201 and 401 labs. The general solution is to create an independent access policy for the LMS service based on the legacy community members LDAP group and a new visiting scholars reference group.

  1. Create a new application folder lms
  2. Create a new access policy group lms_access
  3. Configure PSPNG attributes to provision_to groupOfNames on lms_access
  4. Create a new institutional reference ref:legacy:community_members.
  5. Configure community_members with an LDAP loader job.
  6. Add community_members to lms_access_allow
  7. Create an application-specific reference group for the visiting scholars app:lms:service:ref:visiting_scholars
  8. Import the NetID list into visiting_scholars
  9. Add visiting_scholars to lms_access_allow
  10. File a ticket with Vicky to switch the LMS LDAP access control group
  11. Head to your happy place! :)
../figures/401-lms-solution.png

Congrats! You are now a certified Grouper Guru associate level 1!