Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] grouperdemo ldap

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] grouperdemo ldap

Chronological Thread 
  • From: Tom Zeller <>
  • To: Chris Hyzer <>
  • Cc: Grouper Dev <>
  • Subject: Re: [grouper-dev] grouperdemo ldap
  • Date: Wed, 30 Mar 2011 16:49:09 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=dHILX2dmh7mAAqMGhAQ1f50QbftbHlPKUoQMVnLx7sOK3oVDxtej1znJ5hsv5o0Jn0 9mmOKTLulXCuhyzYXKlzIsZEVRunhKulWb8sT3riU1piAlAwm5k5KY3mFPs80HRQ8p75 8ZQCVLicdq9buqfqXFMtN2IaFRlDCIh6TS2MM=

Well, I think we should have one OpenLDAP installation, for ease of
upgrading binaries, and running on one port (636) for simplicity.

I just checked, and the memberOf and refint overlays can be configured
on different ldap suffixes.

On Wed, Mar 30, 2011 at 4:25 PM, Chris Hyzer
> Great...  right now each version of Grouper on the demo server is
> completely independent... I mean, things have their own tomcat, their own
> symlink to java.  They share a mysql DB, but inside, they have their own
> schema which doesn't overlap.  So, if running in one ldap means things are
> shared across versions of grouper, and it is easy to have multiple, then
> lets install a few and use multiple so a future change doesn't negatively
> affect older versions on the server, right?  I guess the only thing we
> aren't sure about is the web interface to ldap... so before we know
> otherwise, we can assume it is easy to support multiple ldap servers... :)
> Thanks,
> Chris
> -----Original Message-----
> From:
> [mailto:]
> On Behalf Of Tom Zeller
> Sent: Wednesday, March 30, 2011 4:41 PM
> To: Grouper Dev
> Subject: [grouper-dev] grouperdemo ldap
> After changing my mind several times, the I2 SAs installed OpenLDAP in
> a few minutes :-)
> I think we should decide how we want to provision the DIT.
> People objects could be in ou=people, with passwords for ldaps or
> https authentication.
> ou=people,dc=grouper,dc=edu
>  cn=mchyzer
>  cn=tbarton
>  ...
> Groups could be in versioned dc's :
>  ou=groups,dc=1.6.3,dc=grouper,dc=edu
>  ou=groups,dc=1.7.0,dc=grouper,dc=edu
>  ...
> It might be wise to run more than one instance of OpenLDAP on
> different ports, for example with referential integrity and memberOf
> overlays, or not.
> Thoughts ? (besides what took so long)

Archive powered by MHonArc 2.6.16.

Top of Page