Grouper Developers Forum

[Tom Zeller <>]

Well, I think we should have one OpenLDAP installation, for ease of
upgrading binaries, and running on one port (636) for simplicity.

I just checked, and the memberOf and refint overlays can be configured
on different ldap suffixes.

On Wed, Mar 30, 2011 at 4:25 PM, Chris Hyzer 
<>
 wrote:
> Great...  right now each version of Grouper on the demo server is 
> completely independent... I mean, things have their own tomcat, their own 
> symlink to java.  They share a mysql DB, but inside, they have their own 
> schema which doesn't overlap.  So, if running in one ldap means things are 
> shared across versions of grouper, and it is easy to have multiple, then 
> lets install a few and use multiple so a future change doesn't negatively 
> affect older versions on the server, right?  I guess the only thing we 
> aren't sure about is the web interface to ldap... so before we know 
> otherwise, we can assume it is easy to support multiple ldap servers... :)
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Tom Zeller
> Sent: Wednesday, March 30, 2011 4:41 PM
> To: Grouper Dev
> Subject: [grouper-dev] grouperdemo ldap
>
> After changing my mind several times, the I2 SAs installed OpenLDAP in
> a few minutes :-)
>
> I think we should decide how we want to provision the DIT.
>
> People objects could be in ou=people, with passwords for ldaps or
> https authentication.
>
> ou=people,dc=grouper,dc=edu
>  cn=mchyzer
>  cn=tbarton
>  ...
>
> Groups could be in versioned dc's :
>
>  ou=groups,dc=1.6.3,dc=grouper,dc=edu
>  ou=groups,dc=1.7.0,dc=grouper,dc=edu
>  ...
>
> It might be wise to run more than one instance of OpenLDAP on
> different ports, for example with referential integrity and memberOf
> overlays, or not.
>
> Thoughts ? (besides what took so long)
>