Grouper Users - Open Discussion List

[Tom Barton <>]

maliang wrote:
> In my ldap server,the "ou=testgrouper,dc=scut,dc=edu,dc=cn" is a RDN for 
> test to hold group entries.And there is an RDN 
> ,"ou=people,dc=scut,dc=edu,dc=cn",holds the entries correspoding to 
> 'SCUT' subjects,for example :
> <entry dn="uid=maliang,ou=people,dc=scut,dc=edu,dc=cn">.
>  
> But now,every entry, provisioned to ldap server from grouper,has no 
> members ,and displayed like this:
> "dn: cn=etc:wheel,ou=testgrouper,dc=scut,dc=edu,dc=cn
> objectClass: groupOfNames
> objectClass: top
> member: empty
> cn: etc:wheel
> "
> The result I want is that the entry can display the dn of the entry 
> corrsponding to the people who is the memeber of this group. For example:
> "dn: cn=etc:wheel,ou=testgrouper,dc=scut,dc=edu,dc=cn
> objectClass: groupOfNames
> objectClass: top
> member: uid=maliang,ou=People,dc=scut,dc=edu,dc=cn
> cn: etc:wheel
> "

Then you need a group-members-dn-list element defined in ldappc.xml, and
you do not need not a group-members-name-list element.

> 1.And in grouper database, the subject table has no rows. So, should I 
> config one source element for connecting 
> "ou=people,dc=scut,dc=edu,dc=cn" ,and refer that in my ldappc.xml ??

Is LDAP the primary store of SCUT people, or is LDAP itself provisioned
from another operational source? Since your SCUT subjects are in LDAP,
you might want to use the JNDISourceAdapter to present them to grouper
to begin with. Or if you have a different, primary, source for SCUT
people, consider using that as the source from which to present subjects
to grouper (and ldappc). There is no need to maintain a copy of SCUT
person data in the grouper database.

Read
<https://wiki.internet2.edu/confluence/display/i2miCommon/Subject+API>
for an overview of how the Subject API works, and refer to
<https://wiki.internet2.edu/confluence/display/i2miCommon/subject-0.3.1-doc>
for details on configuring source adapters. There are examples of JDBC
and JNDI configurations there.

> 2.Where should I refer the sources defined in sources.xml in ldappc.xml 
> ? Only 'source-subject-identifier' ?

Yes. Unless you also use a group-members-name-list element, which has a
source-subject-name-mapping sub-element that identifies an attribute
from each subject source to be used to "name" subjects from that source
in the group-members-name-list attribute.

> 3.In sources.xml,does g:gsa need the parameters ,such as user,password, 
> to connect to grouper database?

No. The GrouperSourceAdapter is included in the grouper jarfile.