grouper-dev - Re: [grouper-dev] are we using loader and psp correctly
Subject: Grouper Developers Forum
List archive
- From: David Langenberg <>
- To: David Vezzani <>
- Cc: "" <>
- Subject: Re: [grouper-dev] are we using loader and psp correctly
- Date: Fri, 26 Sep 2014 17:38:21 -0600
David,
The examples for using the psp tool in much of the documentation and videos use GSH to update grouper with changes before manually kicking off the psp tool. We want to use the grouper-loader to pull in changes and then use the psp tool in turn to pass those changes along to the target ldap.
Is the only way to get changes queued up for the psp via the GSH tool? Or can the psp tool also pickup updates that happen after the grouper-loader runs?
On Sep 26, 2014, at 1:30 PM, David Langenberg <> wrote:
Hi David,
Yes, your approach should work just fine.
Dave
On Thu, Sep 25, 2014 at 4:55 PM, David Vezzani <> wrote:
My current assignment is to use Grouper to synchronize group memberships between an LDAP and an Active Directory (AD). Even though AD is very much like an LDAP, it is not. What's more we don't have control over making changes to AD because we are using the Microsoft Cloud.
We want to be able to use a single tool to handle group management and make those groups available via LDAP and AD. The AD server we are using does not support dynamic groups to the degree that we need, so we plan on including DN values explicitly for each group. Our LDAP does support dynamic groups, which we are currently using.
Some applications connect to LDAP while others must connect to AD. We need a solution that handles the following:
- AD groups are provisioned with explicit lists of DN values
- LDAP DN values differ slightly from AD DN values and will require a transformation from “uid=dvezzani,...” to “cn=dvezzani,...”
In order to achieve this goal, we plan on primarily using the grouper-loader to pull in DN values from LDAP and psp to provision groups to AD using the transformed DN values.
LDAP and AD subjects are being populated by separate means, but they both contain the same logical set of subjects. Is this the right approach to accomplish our goals?
--
David LangenbergIdentity & Access ManagementThe University of Chicago
David Langenberg
- [grouper-dev] are we using loader and psp correctly, David Vezzani, 09/25/2014
- Re: [grouper-dev] are we using loader and psp correctly, David Langenberg, 09/26/2014
- Re: [grouper-dev] are we using loader and psp correctly, David Vezzani, 09/26/2014
- Re: [grouper-dev] are we using loader and psp correctly, David Langenberg, 09/26/2014
- Re: [grouper-dev] are we using loader and psp correctly, David Vezzani, 09/26/2014
- Re: [grouper-dev] are we using loader and psp correctly, David Langenberg, 09/26/2014
Archive powered by MHonArc 2.6.16.