Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] grouperdemo ldap

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] grouperdemo ldap

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Tom Zeller <>
  • Cc: Grouper Dev <>
  • Subject: RE: [grouper-dev] grouperdemo ldap
  • Date: Wed, 30 Mar 2011 18:08:43 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

Are you saying the people will be in distinct places per version?

i.e. something like:



-----Original Message-----

On Behalf Of Tom Zeller
Sent: Wednesday, March 30, 2011 5:49 PM
To: Chris Hyzer
Cc: Grouper Dev
Subject: Re: [grouper-dev] grouperdemo ldap

Well, I think we should have one OpenLDAP installation, for ease of
upgrading binaries, and running on one port (636) for simplicity.

I just checked, and the memberOf and refint overlays can be configured
on different ldap suffixes.

On Wed, Mar 30, 2011 at 4:25 PM, Chris Hyzer
> Great...  right now each version of Grouper on the demo server is
> completely independent... I mean, things have their own tomcat, their own
> symlink to java.  They share a mysql DB, but inside, they have their own
> schema which doesn't overlap.  So, if running in one ldap means things are
> shared across versions of grouper, and it is easy to have multiple, then
> lets install a few and use multiple so a future change doesn't negatively
> affect older versions on the server, right?  I guess the only thing we
> aren't sure about is the web interface to ldap... so before we know
> otherwise, we can assume it is easy to support multiple ldap servers... :)
> Thanks,
> Chris
> -----Original Message-----
> From:
> [mailto:]
> On Behalf Of Tom Zeller
> Sent: Wednesday, March 30, 2011 4:41 PM
> To: Grouper Dev
> Subject: [grouper-dev] grouperdemo ldap
> After changing my mind several times, the I2 SAs installed OpenLDAP in
> a few minutes :-)
> I think we should decide how we want to provision the DIT.
> People objects could be in ou=people, with passwords for ldaps or
> https authentication.
> ou=people,dc=grouper,dc=edu
>  cn=mchyzer
>  cn=tbarton
>  ...
> Groups could be in versioned dc's :
>  ou=groups,dc=1.6.3,dc=grouper,dc=edu
>  ou=groups,dc=1.7.0,dc=grouper,dc=edu
>  ...
> It might be wise to run more than one instance of OpenLDAP on
> different ports, for example with referential integrity and memberOf
> overlays, or not.
> Thoughts ? (besides what took so long)

Archive powered by MHonArc 2.6.16.

Top of Page