Subject: Grouper Developers Forum
- From: Tom Barton <>
- To: Jim Fox <>
- Cc: Grouper Dev <>
- Subject: Re: [grouper-dev] UW's initial look at grouper
- Date: Thu, 16 Apr 2009 21:41:36 -0500
Great feedback Jim, and a fair amount of work behind your brief summaries, it looks like.
I wonder if you'd consider contributing some things back to the project that are probably useful to a wide range of adopters, notably the JNDI source adapter that uses the vatech ldap library and the ePPN subject adapter.
As you get into it, I'm also very interested to hear about re-implementing your current webservice using the java api. Both to confirm whether the java api and your restful one line up well enough without requiring one or other to change, and if so, to see, over a little time, the range of application of its clients. I'm curious about how much can be done with what I think is a substantially simpler restful interface than the one packaged with grouper.
Jim Fox wrote:
(this is my initial look, not RLBob's)
We are looking at Grouper as a possibly registry for our groups service,
presently supported by an LDAP directory and a RESTful webservice. We're
testing and planning, not yet installing. These are some random issues
we've encountered. Not complaining, just thought I'd let you know.
1) Jndi source adapter
The jndi classes from Sun do not support ldap connections using ssl or
tls very well. They do not support connection pooling, thereby causing
a lot of connection overhead. We wrote a source adapter using the ldap
library from virginia tech - the one used by shibboleth. It works quite
a bit more efficiently.
2) updates to group memberships
Many of our groups come from other processes via simple xml
There are thousands of these; some have upwards of 100K members; and the
daily updates add or subtract only a few members from the groups. The
xmlImport tool is not feasible for these updates, as it tends to remove
and replace whole memberships. It was quite easy though to write an
efficient reconciler using the java api that just updates the
3) ldap provisioning
The ldappc tool needs small but necessary modifications to provision our
- drop the dashes from the uuid when making rdns. - convert the colons in group names to underscores
- add a preface string to member values.
- possibly some others.
Don't know if we will use a slightly modified ldappc or make up
something that can accomplish more timely provisioning using group and
4) External members
Our present service allows foreigners (ePPNs) to be members and
administrators of groups. I expect we'll implement some sort of ePPN
source adapter to accommodate these people. (ditto DNS name [by
We will probably re-implement our present webservice,
https://wiki.cac.washington.edu/x/ESBy, using the java api.
Our present service has a somewhat popular GUI that we might like to
re-implement for a grouper registry. That's a bit more work.
- UW's initial look at grouper, Jim Fox, 04/16/2009
- Re: [grouper-dev] UW's initial look at grouper, Tom Barton, 04/16/2009
- Re: [grouper-dev] UW's initial look at grouper, Michael R. Gettes, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, RL 'Bob' Morgan, 04/17/2009
- Re: [grouper-dev] UW's initial look at grouper, GW Brown, Information Systems and Computing, 04/20/2009
Archive powered by MHonArc 2.6.16.