Grouper Users - Open Discussion List

[Chris Hyzer <>]

I will explain ours...  Penn already had Oracle->LDAP, so we wanted to keep 
our architecture (it is very simple).

1. We added triggers to the memberships and groups tables that insert into 
"changed" tables.  These "changed" tables contain the diffs between grouper 
registry and ldap
2. A simple perl program (could easily be java), reads records from the 
"changed" tables to insert/update/delete to ldap.  Then it deletes the 
records it processes from the "changed" tables.  This runs every 5 minutes
3. Nightly we do a full refresh (with another simple perl program)

So we get almost real time updates to ldap in a structured and organized way

Btw, this is how I picture grouper notifications working (or something like 
it)

Chris

> -----Original Message-----
> From: James Cramton 
> [mailto:]
> Sent: Thursday, January 15, 2009 1:42 PM
> To: Tom Barton; Scott Koranda; 
> 
> Subject: Re: [grouper-users] error using ldappc 1.1.1 with Grouper
> 1.4.0
>
>
> Brown effectively uses ldappc--although it's actually a home brewed
> creation
> that was used as a prototype in the re-crafting of ldappc in 2008. It's
> a
> java-based batch processing tool that flattens groups as we provision
> them
> into the directory. We run a continuous loop of separate ldappc
> processes--as one finishes, another starts. Our runtime for our quarter
> million groups is between 1.5 and 2 hours, without a large quantity of
> changes. Typically, we have more changes in the first overnight run,
> after
> our nightly feed from the upstream  business systems. All subsequent
> runs
> for the day pick up trivial manual changes from Grouper users. Up next,
> we
> hope to use hooks to begin supporting real-time updates.
>
> James Cramton
> Lead Programmer/Analyst
> Brown University
> 
>
> On 1/15/09 10:56 AM, "Tom Barton" 
> <>
>  wrote:
>
> > Scott Koranda wrote:
> >> I am still wondering if I misunderstood the usual Grouper use
> >> cases. Do most organizations use ldappc, or is it a somewhat
> >> non-standard tool?
> >
> > Let's ask the list!
> >
> > Folks, if you're putting grouper groups into an ldap directory, are
> you
> > using ldappc or some other means? If the latter, could you also give
> > just another sentence or two of context?
> >
> > I'll start: U Chicago is using ldappc.
> >
> > Thanks,
> > Tom
>