Grouper Users - Open Discussion List

[Chris Hyzer <>]

Hey,

I am curious what people use to protect web resources with Grouper.
I have seen the apache module mod_authnz_ldap, and we have used that at Penn:

http://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html

However, it is a little cumbersome to setup, and my understanding is that it 
downloads the entire group's membership list (at least with our LDAP setup) 
to see if one person is in the group.  It does do caching though.  So it 
isn't good for us for large membership lists (e.g. active Penn person).  We 
made a patch to mod_authnz_ldap which does not download everything, though we 
haven't even really distributed this within Penn since we don't want to have 
to be the sole maintainers of it.

If there is not a better way to do this, if we coded a new Apache module 
based on mod_authnz_ldap (e.g. mod_grouper) which doesn't download the entire 
group list, and is easy to configure, would anyone be interested in helping 
to maintain it?  We weren't planning on making modules for web servers other 
than apache...  or is anyone interested in helping to maintain the 
mod_authnz_ldap patch (if we cannot get it contributed back to the module 
itself)

Thanks!
Chris