Grouper Users - Open Discussion List

["Tom Zeller" <>]

Memphis uses a homegrown 'generic' provisioner, which has some features that would be nice to include in ldappc (e.g. --dry-run, --incremental, pluggable attributes). However, we also have a non-ldap provisioning target (ERP portal).

TomZ

On Fri, Jan 16, 2009 at 2:00 AM, Dr. Loris Bennett <> wrote:

At the Freie Universität Berlin, we are planning to use ldappc.

Loris

On Thu, 2009-01-15 at 14:11 -0500, Chris Hyzer wrote:
> I will explain ours...  Penn already had Oracle->LDAP, so we wanted to keep our architecture (it is very simple).
>
> 1. We added triggers to the memberships and groups tables that insert into "changed" tables.  These "changed" tables contain the diffs between grouper registry and ldap
> 2. A simple perl program (could easily be java), reads records from the "changed" tables to insert/update/delete to ldap.  Then it deletes the records it processes from the "changed" tables.  This runs every 5 minutes
> 3. Nightly we do a full refresh (with another simple perl program)
>
> So we get almost real time updates to ldap in a structured and organized way
>
> Btw, this is how I picture grouper notifications working (or something like it)
>
> Chris
>
> > -----Original Message-----
> > From: James Cramton [mailto:]
> > Sent: Thursday, January 15, 2009 1:42 PM
> > To: Tom Barton; Scott Koranda;
> > Subject: Re: [grouper-users] error using ldappc 1.1.1 with Grouper
> > 1.4.0
> >
> >
> > Brown effectively uses ldappc--although it's actually a home brewed
> > creation
> > that was used as a prototype in the re-crafting of ldappc in 2008. It's
> > a
> > java-based batch processing tool that flattens groups as we provision
> > them
> > into the directory. We run a continuous loop of separate ldappc
> > processes--as one finishes, another starts. Our runtime for our quarter
> > million groups is between 1.5 and 2 hours, without a large quantity of
> > changes. Typically, we have more changes in the first overnight run,
> > after
> > our nightly feed from the upstream  business systems. All subsequent
> > runs
> > for the day pick up trivial manual changes from Grouper users. Up next,
> > we
> > hope to use hooks to begin supporting real-time updates.
> >
> > James Cramton
> > Lead Programmer/Analyst
> > Brown University
> >
> >
> > On 1/15/09 10:56 AM, "Tom Barton" <> wrote:
> >
> > > Scott Koranda wrote:
> > >> I am still wondering if I misunderstood the usual Grouper use
> > >> cases. Do most organizations use ldappc, or is it a somewhat
> > >> non-standard tool?
> > >
> > > Let's ask the list!
> > >
> > > Folks, if you're putting grouper groups into an ldap directory, are
> > you
> > > using ldappc or some other means? If the latter, could you also give
> > > just another sentence or two of context?
> > >
> > > I'll start: U Chicago is using ldappc.
> > >
> > > Thanks,
> > > Tom