Grouper Users - Open Discussion List

[Keith Hazelton <>]

Here are my initial approaches to a possbile LDAP provisioner that maps 
Grouper information into an LDAP server.  I'm hoping that Walter will 
come up with a provisioning framework that supercedes or incorporates 
anything useful here.   Comments welcome.

To provision grouper information into LDAP in a periodic diff mode:

- Iterate over subjects
  - Compute subject's effective memberships
  - Read subject's isMemberOf values from target LDAP server
    (fast&cheap)
  - Compute diffs in isMemberOf value list from the two sources
  - Construct & execute ldapmodify to update LDAP & remove diffs
 
If populating hasMember, too:

- Iterate over groups
  - Compute group's direct and effective members
  - Read group's hasMember values from target LDAP server
  - Compute diffs in hasMember value list from the two sources
  - Construct & execute ldapmodify to update LDAP & remove diffs

--
________________________________________________________
Keith Hazelton                  Senior IT Architect, UW-Madison
(608) 262-0771                  Division of Info. Technology
(608) 877-0977 (home)           1210 W. Dayton St., rm. 2164
http://arch.doit.wisc.edu/keith      Madison, WI  53706