Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] always available web services

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] always available web services

Chronological Thread 
  • From: Chris Hyzer <>
  • To: "" <>
  • Cc: Grouper Dev <>
  • Subject: RE: [grouper-dev] always available web services
  • Date: Wed, 7 Dec 2011 05:15:03 +0000
  • Accept-language: en-US

That’s a good point, I put it on the wiki, with a response:

Yes, if you can satisfy your availability requirements with LDAP, go for it,
you will not need this component. If your LDAP does not have the
availability you need, or if you need improved availability for features that
LDAP does not support (e.g. write operations, secure operations (e.g.
securely query the groups that a user is in), permission information (might
not be provisioned to ldap, or maybe you want to use server processed
limits), etc) then maybe you need this feature...

Besides that, is LDAP truly end-to-end always available, or do you need extra
logic in the client? i.e. with a load balancer or (local or dns-based),
isn’t there a number of seconds where some clients would get errors or
timeouts unless they write logic to go to another server, or is that part of
the ldap protocol or popular ldap clients?

The idea behind this enhancement is true always availability (if you have at
least one disparate server successfully responding to requests)... like DNS?
(note: I know little about DNS so maybe this is a bad example :) )


-----Original Message-----
From: Jim Fox

Sent: Wednesday, December 07, 2011 12:00 AM
To: Chris Hyzer
Cc: Grouper Dev
Subject: Re: [grouper-dev] always available web services

I am compelled to point out that there is another way to implement
'always availability', namely with LDAP replicas. They are fast and
easy to make redundant. And they easily support the two most common
queries that need to be always available: effective membership of a
group and effective memberships for a user.

I'd go so far as to suggest that an LDAP ought to be a standard
component of any Grouper installation. Do that, with a standardized
LDAP schema, and you have, almost automatically, instant updates of the
LDAP and easy 'always availability' of the web service.


On Wed, 2011-12-07 at 04:35 +0000, Chris Hyzer wrote:
> For the grouper 2.1 roadmap item: always available web services, I
> have a suggestion for what the grouper client (and HTTPS discovery)
> configs could look like. If you have comments let me know, or maybe
> we can discuss at the dev call tomorrow.
> +web+services
> Thanks,
> Chris

Archive powered by MHonArc 2.6.16.

Top of Page