Grouper Developers Forum

["James A. Vuccolo" <>]

On 7/13/11 5:53 PM, Tom Zeller wrote:
> Long story, but I do not have a solid date for generic real-time
> provisioning via ldappcng right now. Perhaps a generic provisioner
> like ldappcng is not necessary, but a "simpler" solution using hooks
> may suffice.

Hi Tom, I am going to answer the LDAP questions for Lynn.

> Some questions :
> - what do you intend to provision ? (Active Directory, OpenLDAP, both,
> others, etc.)

LDAP, we run IBM's Tivoli Directory Server version 6.2 on AIX.  We are 
configured with two masters and seven replicas.

> - do you need to provision more than one target ?

No, not at this time.  LDAP is very important to us.  At a later date, 
we will need to worry about Active Directory.  Today we provision to 
LDAP and then do a sync to AD.

> - roughly how many groups and memberships do you need to provision in
> real-time ?

Today we have a large number of groups between 40K - 50K.  Changes to 
those groups need to be done in real-time as they are used for Email 
Delivery, course restrictions and access to file space.  Most of those 
groups have memberships that are less than 100.  We have a few groups 
that have large memberships > 20K.

> - what is your existing provisioning infrastructure ?

Today all groups are provisioning using a custom "C" application that I 
wrote called ldapgroup, think of ldapmodify except for groups.  The 
application can either do one-offs or do things in bulk.

Thanks,
JimmyV.

> That's all I can think of right now,
> TomZ
>
> > Hello All:
> >
> > We were fortunate to have both Keith Hazelton and Chris Hyzer join our IAM 
> > team at Penn State for an entire day of focusing on Access Management 
> > (groups, privileges, permissions, provisioning, etc)  Was a great 
> > opportunity.  At the end of the day, we are convinced that Grouper will meet 
> > a lot of our requirements going forward.  We'd like to be able to state that 
> > we have chosen this open source community solution as part of our strategy 
> > for Access Management at Penn State.  The one outstanding issue for us is the 
> > real time provisioning for ldappc.
> >
> > Has a decision been made on the release date of the real-time provisioning 
> > for ldappc?  We will would like to include some milestones for Grouper 
> > implementation in our project plan and timelines but again, we cannot declare 
> > this as a final decision without this feature as part of the Grouper software 
> > and the ability to conduct the testing.
> >
> > Any information you can provide on projected timeframes for this will be very 
> > helpful in our campus discussions.
> >
> > Thanks!
> > Lynn


--
James "Jimmy" Vuccolo, 

Technical Manager, Identity and Access Management
The Pennsylvania State University
215B Computer Building, University Park, PA 16802
Office: 814-865-5635
http://www.personal.psu.edu/jvuccolo/