Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] some questions regarding ldap on grouperdemo

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] some questions regarding ldap on grouperdemo

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Tom Barton <>
  • Cc: "" <>
  • Subject: RE: [grouper-dev] some questions regarding ldap on grouperdemo
  • Date: Fri, 2 Dec 2011 18:02:10 +0000
  • Accept-language: en-US

Right, but for some things it searches all subject sources, like when you
login to the UI or WS (if you don't configure that all logins come from a
single source), so you don't *have* to have subjectIds unique across all
subject sources, but I bet you will have less pain if you do. If someone
registers the PennKey GrouperSystem (which is out of our namespace, but even
so, lets say they do), there could be errors thrown when that is resolved
across all sources and more than one is found...


-----Original Message-----
From: Tom Barton

Sent: Friday, December 02, 2011 12:18 PM
To: Chris Hyzer

Subject: Re: [grouper-dev] some questions regarding ldap on grouperdemo

Isn't a subject ref in grouper the couple (sourceId, subjectId)? Ie,
grouper doesn't require a single namespace across all Subjects that are
presented to it, right?


On 12/2/2011 10:59 AM, Chris Hyzer wrote:
> I don't think the demo server needs to be all that realistic, but I do
> think it needs to show Grouper capabilities, and in my case, allow us to
> develop and test our software. If we aren't going to phase out the non
> vt-ldap source, lets add some people to a vtldap source, and some people to
> a non-vt-ldap source... :)
> I think we should have them have prefixes or something so we don't have the
> same subjectId in multiple sources
> Thanks,
> Chris
> -----Original Message-----
> From:
> [mailto:]
> On Behalf Of Tom Barton
> Sent: Friday, December 02, 2011 10:19 AM
> To:
> Subject: Re: [grouper-dev] some questions regarding ldap on grouperdemo
> Good questions. It'd be best to have both source technologies in the
> demo. But then we also need to think about what circumstance they model.
> I can think of two possibilities.
> 1. Multi-campus. Each source represents the people from a different
> organization, but they share an access management instance. We might
> also have a root stem for each org plus a root stem for activities
> common among them.
> 2. Accounts != people. Source 1 is people and Source 2 is the accounts
> people use. Each person might have more than one account, and access
> privs for some apps are assigned to accounts. Might want a
> loader-maintained stem in which each person is modeled as a group whose
> members are the person's accounts, to enable a person's roles to be
> inherited by their accounts when that's appropriate.
> Yes, allow demo users to browse ldap, if that's easy enough to do.
> Other thoughts?
> Tom
> On 12/1/2011 5:02 PM, Tom Zeller wrote:
>> Do we want to use an ldap subject source instead of jdbc ?
>> Do we want to add an ldap subject source in addition to jdbc ?
>> Do we want to allow authenticated users to browse the ldap directory ?
>> Thats all for now. I have openldap and phpldapadmin almost configured.
>> TomZ

Archive powered by MHonArc 2.6.16.

Top of Page