Grouper Developers Forum

[Tom Barton <>]

Jim or Shilen, since I expect that you each have aceess to a rich and well-used ldap service, are you able to try this out to see how it might work? Do you think it is easily enough used to do useful things for many sites?

TomZ, do you have access to a rich ldap service any longer? Maybe one of your own making, for development purposes? If so, ditto, please.

Even more reason to put an ldap service on grouperdemo, finally.

Thanks,
Tom

On 10/5/2011 1:42 AM, Chris Hyzer wrote:

I implemented the groups from attributes ldap loader, here is an example (note, its not a typical example, its inverted, since I didn’t have user attributes to work with, but it should be ok):

 

https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP#Grouper-LoaderLDAP-LDAPGROUPSFROMATTRIBUTEStestcase

 

Need to test all the options, then done J

 

Thanks,

Chris

 

From: Chris Hyzer
Sent: Friday, September 30, 2011 2:53 AM
To: ''
Subject: RE: use cases for ldap loader to grouper

 

I implemented the LIST_OF_GROUPS, here is a basic example:

 

https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP#Grouper-LoaderLDAP-LDAPGROUPLISTtestcase

 

Thanks,

Chris

 

From: Chris Hyzer
Sent: Wednesday, September 28, 2011 3:20 PM
To:
Subject: use cases for ldap loader to grouper

 

Hey,

 

I’m implementing the Grouper-loader type of job for an LDAP source, and I wanted to make sure I am covering all the use cases…  my ldap terminology is not exact, but hopefully you will get my meaning.  Let me know any feedback, especially if there is something missing.  Btw, the more detailed of an example you can provide the more likely I will understand it J.  And yes, eventually this could be done with LDAPPC instead…

 

https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP

Use cases currently expected to be covered:

 

SIMPLE: a single group is loaded from ldap, you specify the ldap filter, the attribute that has user ids (could be multi-valued), and how the userid is converted to a subject API subject id (e.g. direct, or take the uid or cn part of the dn).  Note, the objects returned from ldap could be users or groups or whatever

 

LIST_OF_GROUPS: filter returns group objects, the systemName / displayExtension / description  of the groups in grouper can be based on attributes in the group object (including translation), and each group object has a multivalued attribute which has the uid’s or cns of the subjects which can be directly used as subject api ids/identifiers or unwrapped from the dn

 

GROUPS_FROM_ATTRIBUTES: filter returns user objects, which have an attribute for uid or cn which can be unwrapped for the subject api, and each user object has a multi-valued attribute (e.g. an affiliation).  The groups will be in a folder, with the name of the attribute, and the members will be the users who have that attribute value

 

Thoughts?

 

Thanks,

Chris