grouper-dev - UW's initial look at grouper
Subject: Grouper Developers Forum
List archive
- From: Jim Fox <>
- To: Grouper Dev <>
- Subject: UW's initial look at grouper
- Date: Thu, 16 Apr 2009 14:05:03 -0700
(this is my initial look, not RLBob's)
We are looking at Grouper as a possibly registry for our groups service,
presently supported by an LDAP directory and a RESTful webservice. We're
testing and planning, not yet installing. These are some random issues
we've encountered. Not complaining, just thought I'd let you know.
1) Jndi source adapter
The jndi classes from Sun do not support ldap connections using ssl or
tls very well. They do not support connection pooling, thereby causing
a lot of connection overhead. We wrote a source adapter using the ldap
library from virginia tech - the one used by shibboleth. It works quite
a bit more efficiently.
2) updates to group memberships
Many of our groups come from other processes via simple xml
<group name=...>
<member id=...>
...
</group>
There are thousands of these; some have upwards of 100K members; and the
daily updates add or subtract only a few members from the groups. The
xmlImport tool is not feasible for these updates, as it tends to remove
and replace whole memberships. It was quite easy though to write an
efficient reconciler using the java api that just updates the
differences.
3) ldap provisioning
The ldappc tool needs small but necessary modifications to provision our
group directories.
- drop the dashes from the uuid when making rdns.
- convert the colons in group names to underscores
- add a preface string to member values.
- possibly some others.
Don't know if we will use a slightly modified ldappc or make up
something that can accomplish more timely provisioning using group and
member hooks.
4) External members
Our present service allows foreigners (ePPNs) to be members and
administrators of groups. I expect we'll implement some sort of ePPN
source adapter to accommodate these people. (ditto DNS name [by
certificate] members)
5) webservice
We will probably re-implement our present webservice,
https://wiki.cac.washington.edu/x/ESBy, using the java api.
6) GUI
Our present service has a somewhat popular GUI that we might like to
re-implement for a grouper registry. That's a bit more work.
Jim
- UW's initial look at grouper, Jim Fox, 04/16/2009
- Re: [grouper-dev] UW's initial look at grouper, Tom Barton, 04/16/2009
- Re: [grouper-dev] UW's initial look at grouper, Michael R. Gettes, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, Jim Fox, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, Michael R. Gettes, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, Tom Zeller, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, Michael R. Gettes, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, Jim Fox, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, RL 'Bob' Morgan, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, GW Brown, Information Systems and Computing, 04/20/2009
Archive powered by MHonArc 2.6.16.