Grouper Users - Open Discussion List

[Walter Hoehn <>]

Has SPML been considered as a possible base connector format for 
provisioning targets?  Two components of our current provisioning 
project at the UofM might dovetail nicely here:

1) An SPML -> ldap translator
2) A persistent queueing mechanism for pending SPML updates that 
handles multiple provisioning targets

-Walter

P.S.  We also have some basic diff'ing code that looks at attribute 
values for two objects and outputs SPML modifications.  It's buried in 
our system now, but could probably be extracted and used as a starting 
point.


On Jan 14, 2005, at 9:09 PM, Keith Hazelton wrote:

> Here are my initial approaches to a possbile LDAP provisioner that 
> maps Grouper information into an LDAP server.  I'm hoping that Walter 
> will come up with a provisioning framework that supercedes or 
> incorporates anything useful here.   Comments welcome.
>
> To provision grouper information into LDAP in a periodic diff mode:
>
> - Iterate over subjects
>   - Compute subject's effective memberships
>   - Read subject's isMemberOf values from target LDAP server
>     (fast&cheap)
>   - Compute diffs in isMemberOf value list from the two sources
>   - Construct & execute ldapmodify to update LDAP & remove diffs
>  If populating hasMember, too:
>
> - Iterate over groups
>   - Compute group's direct and effective members
>   - Read group's hasMember values from target LDAP server
>   - Compute diffs in hasMember value list from the two sources
>   - Construct & execute ldapmodify to update LDAP & remove diffs
>
> --
> ________________________________________________________
> Keith Hazelton                  Senior IT Architect, UW-Madison
> (608) 262-0771                  Division of Info. Technology
> (608) 877-0977 (home)           1210 W. Dayton St., rm. 2164
> http://arch.doit.wisc.edu/keith      Madison, WI  53706