Grouper Developers Forum

[Tom Barton <>]

Graham Seaman wrote:
> This isn't the LSE institutional setup, but a provisional test directory 
> I'm working on to find if it's practical to do what we need with 
> signet/grouper. 'Flat' was my own choice, partly dictated by lack of 
> experience with ldap and a desire to keep things as simple as possible; 
> I simply modelled my externally derived groups on the groups provisioned 
> by grouper using the 'flat' option. I've now understood that if I want 
> to do this with grouper I need to move to 'bushy'. Since this is 
> test/development work, I can do that without any institutional impact at 
> all.

To be clear, I was referring to whether or not one's grouper DB was flat 
or bushy, not to the mode of provisioning groups in ldap.

More to the point, I picked up on your statement that you are 
provisioning UUIDs in the isMemberOf attribute and not group names. Is 
that right? And is that actually required by what you intend to 
accomplish, or can you proceed by provisioning group names in isMemberOf?

The net of this is, if you provision group names to isMemberOf, it is 
possible to enhance ldappc so that it can know which isMemberOf values 
are its to manage by reference to the stems in the provisioned group names.

Not that we've decided that's what will be done, but I think we're 
wondering whether that's a worthwhile thing to do.

> It might be helpful  if some words warning people about the potential 
> downside of using a 'flat' group structure were added to the wiki.

*Sigh*. I agree that we need to provide more help, in some form, to get 
deployers up and running far more easily.

Tom
begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technologies
email;internet:
title:Sr. Director for Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard