grouper-users - Re: [grouper-users] using Grouper and ldappc to manage posix groups
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Barton <>
- To: Scott Koranda <>
- Cc:
- Subject: Re: [grouper-users] using Grouper and ldappc to manage posix groups
- Date: Wed, 02 Jul 2008 17:14:59 -0500
I think you can indeed use grouper + ldappc to do this, although I don't do this myself at U Chicago.
As prerequisites, you'll need a custom attribute on grouper groups used to source posixGroup entries in ldap to contain the gidNumber. Perhaps create a custom group type of "posixGroup" and associate a "gidNumber" attribute with it. You'll also need to have the values to appear in memberUid declared in sources.xml as an attribute of the Entities (or Subjects) available to grouper & ldappc.
With that in place and maintained, representative bits of ldappc config are:
<groups
structure="flat"
rootdn="ou=data,ou=groups,dc=ligo,dc=org"
ldap-object-class="posixGroup"
ldap-rdn-attribute="ou"
grouper-attribute="name">
<group-members-name-list
list-object-class=""
list-attribute="memberUid"
list-empty-value="">
<source-subject-name-mapping>
<source-subject-name-map
source="aSourceId"
subject-attribute="subjectAttributeContainingMemberUid" />
</source-subject-name-mapping>
</group-members-name-list>
<group-attribute-mapping ldap-object-class="posixGroup">
<group-attribute-map
group-attribute="extension"
ldap-attribute="cn"
ldap-attribute-empty-value="" />
<group-attribute-map
group-attribute="gidNumber"
ldap-attribute="gidNumber"
ldap-attribute-empty-value="" />
</group-attribute-mapping>
</groups>
Something like that. You'll need to consider how to arrange those of your grouper groups that are posixGroups in coordination with how you will select them with the ldappc instance that provisions posix groups.
Hope this helps,
Tom
Scott Koranda wrote:
Hi,
Is anyone using Grouper and ldappc to manage posix groups in
LDAP?
To be specific, suppose I want this group to appear in my
LDAP:
dn: ou=s5,ou=data,ou=groups,dc=ligo,dc=org
objectClass: posixGroup
objectClass: top
cn: s5
gidNumber: 550
memberUid: jeff.minelli
memberUid: diego.menendez
memberUid: scott.koranda
memberUid: shannon.roddy
memberUid: warren.anderson
Is the Grouper/ldappc combination capable of creating and
managing that posixGroup for us in our LDAP?
If so, and anyone is doing something similar, would you mind
sharing your ldappc.xml configuration file?
Sincerely,
Scott
- using Grouper and ldappc to manage posix groups, Scott Koranda, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Kathryn Huxtable, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Scott Koranda, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Kathryn Huxtable, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Tom Barton, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Kathryn Huxtable, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Tom Barton, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Kathryn Huxtable, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Scott Koranda, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Tom Barton, 07/02/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Paul Engle, 07/03/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Tom Barton, 07/07/2008
- RE: [grouper-users] using Grouper and ldappc to manage posix groups, Chris Hyzer, 07/07/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Tom Barton, 07/07/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Paul Engle, 07/03/2008
- Re: [grouper-users] using Grouper and ldappc to manage posix groups, Kathryn Huxtable, 07/02/2008
Archive powered by MHonArc 2.6.16.