grouper-users - Re: [grouper-users] ldappc, problems during large scale groups replication
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Barton <>
- To:
- Cc: Grouper Users <>
- Subject: Re: [grouper-users] ldappc, problems during large scale groups replication
- Date: Thu, 07 Jun 2007 13:50:42 -0500
wrote:
We're now thinking of trying Tom's idea -- create a table within oracle with one user per row, and use that as a source instead of ldap. That should get rid of -- literally -- hundreds of thousands of ldap queries...
So, what do I need to do?
1) can I just build the oracle table (including as columns all the attributes that Grouper will retrieve, including the "key" value for each person), edit the sources.xml to replace the ldap source with this new table? And run ldappc again? I would build the oracle table by exporting an ldif from the existing ldap server, and then loading that data into oracle.
Yes.
2) or do I need to create the oracle table, and then reload MACE Grouper from scratch, using the oracle table as a source?
No.
3) what can I get away with (minimally) as columns in the oracle table? I currently have this in my sources.xml file:
///Attributes you would like to display when doing a search
<attribute>uid</attribute>
<attribute>cn</attribute>
<attribute>department</attribute>
<attribute>brownBRUID</attribute>
Since these are precisely the attributes that constitute your JNDI-based Subjects, they are the perfect set to constitute the same Subjects obtained from a JDBC source. But the minimally necessary set is the key, ie, what you identify as the subject's Id, and any other uniquely identifying attributes needed for ldappc to be able to find the ldap entry corresponding to a Subject (uid in your case).
brownBRUID is the key value. I'm concerned about DN... ldappc is going to need that value when it populates hasMember on the group objects... do I need to add that to another column in oracle? But, if I have to use step 2 above, how does the DN get generated?
No. Ldappc determines the DN belonging to a Subject's ldap entry (if needed) by executing the appropriate ldap query specified in the <source-subject-identifiers> section of the ldappc.xml config file.
4) What else should I be worried about?
Just be sure that the JDBC subject source has exactly the same sourceId as the JNDI subject source. If the sourceId, type, and subjectId are the same, grouper and ldappc will treat them as the same Subject.
- ldappc, problems during large scale groups replication, Steven_Carmody, 06/04/2007
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: [grouper-users] ldappc, problems during large scale groups replication, Steven_Carmody, 06/07/2007
- Re: [grouper-users] ldappc, problems during large scale groups replication, Tom Barton, 06/07/2007
- Re: [grouper-users] ldappc, problems during large scale groups replication, Steven_Carmody, 06/08/2007
- Re: [grouper-users] ldappc, problems during large scale groups replication, Kathryn Huxtable, 06/11/2007
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
Archive powered by MHonArc 2.6.16.