Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] ldappc real time provisioning

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] ldappc real time provisioning

Chronological Thread 
  • From: "James A. Vuccolo" <>
  • To: Tom Zeller <>
  • Cc: LLG5 <>, Grouper Dev <>
  • Subject: Re: [grouper-dev] ldappc real time provisioning
  • Date: Thu, 14 Jul 2011 09:21:26 -0400

On 7/13/11 5:53 PM, Tom Zeller wrote:
Long story, but I do not have a solid date for generic real-time
provisioning via ldappcng right now. Perhaps a generic provisioner
like ldappcng is not necessary, but a "simpler" solution using hooks
may suffice.

Hi Tom, I am going to answer the LDAP questions for Lynn.

Some questions :
- what do you intend to provision ? (Active Directory, OpenLDAP, both,
others, etc.)

LDAP, we run IBM's Tivoli Directory Server version 6.2 on AIX. We are configured with two masters and seven replicas.

- do you need to provision more than one target ?

No, not at this time. LDAP is very important to us. At a later date, we will need to worry about Active Directory. Today we provision to LDAP and then do a sync to AD.

- roughly how many groups and memberships do you need to provision in
real-time ?

Today we have a large number of groups between 40K - 50K. Changes to those groups need to be done in real-time as they are used for Email Delivery, course restrictions and access to file space. Most of those groups have memberships that are less than 100. We have a few groups that have large memberships > 20K.

- what is your existing provisioning infrastructure ?

Today all groups are provisioning using a custom "C" application that I wrote called ldapgroup, think of ldapmodify except for groups. The application can either do one-offs or do things in bulk.


That's all I can think of right now,

Hello All:

We were fortunate to have both Keith Hazelton and Chris Hyzer join our IAM
team at Penn State for an entire day of focusing on Access Management
(groups, privileges, permissions, provisioning, etc) Was a great
opportunity. At the end of the day, we are convinced that Grouper will meet
a lot of our requirements going forward. We'd like to be able to state that
we have chosen this open source community solution as part of our strategy
for Access Management at Penn State. The one outstanding issue for us is the
real time provisioning for ldappc.

Has a decision been made on the release date of the real-time provisioning
for ldappc? We will would like to include some milestones for Grouper
implementation in our project plan and timelines but again, we cannot declare
this as a final decision without this feature as part of the Grouper software
and the ability to conduct the testing.

Any information you can provide on projected timeframes for this will be very
helpful in our campus discussions.


James "Jimmy" Vuccolo,

Technical Manager, Identity and Access Management
The Pennsylvania State University
215B Computer Building, University Park, PA 16802
Office: 814-865-5635

Archive powered by MHonArc 2.6.16.

Top of Page