Grouper Users - Open Discussion List

[Tom Barton <>]

graham wrote:
> The password is displayed too which is unfortunate but a separate issue. 

You can configure the JNDISourceAdapter to only retrieve specified 
attributes from LDAP. Similar to an LDAP URL, if you don't specify the 
attributes you want, you get all that are readable by the principal you 
are bound as.

So, you can either control the access to the ldap directory given to the 
principal that the JNDISourceAdapter uses to bind to ldap, or you can 
list the attributes you want pulled into grouper (or signet) in 
<attribute> elements in sources.xml. See 
<https://wiki.internet2.edu/confluence/display/i2miCommon/subject-0.3.1-doc> 
for the syntax.

I suspect this doesn't arise often in practice because read access to 
the userPassword attribute in a production ldap directory is commonly 
quite restricted.

Tom
begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technology
adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637
email;internet:
title:Sr. Director - Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard