Subject: Grouper Users - Open Discussion List
- From: Colin Hudler <>
- To: "" <>
- Subject: [grouper-users] Questions about LDAPPC-NG
- Date: Wed, 30 Jun 2010 09:27:23 -0500
Please help me understand a couple of things about ldappcng's intended operation. I have it producing reasonable SPML output when I run -calc or -diff against either an -entityName "group" or "member", if I specify one subjectid or groupname on the command line.
I want to specify a grouper queryFilter (group-attributes) which returns the groups selected for provisioning. We do not provision all of our groups, and some groups go to different destinations (LDAP, AD). Even the provisioning is delegated from the wheel admins to the more local admin's control (AD admin can assign provisioning attributes to a group, for example).
Is there a way to make it work that way? Alternatively, how could I run one instance of ldappcng for a select number of groups? I also can appreciate if the answer is that I should change my way of thinking entirely.
Three other minor questions:
1. Does the "diff" option operate the same as "sync", but without writing to the targets?
2. What are the -return options returning (what does that mean)?
3. Is is designed that group's and member's objects are provisioned independently by design? i.e. it is necessary to run one ldappcng instance per object?
The tool shows great promise and wasn't difficult to get started, so thanks for writing it. I will probably have more questions, especially when I try to make it understand looking up and including users from an external AD forest.
- [grouper-users] Questions about LDAPPC-NG, Colin Hudler, 06/30/2010
- Re: [grouper-users] Questions about LDAPPC-NG, Tom Zeller, 06/30/2010
Archive powered by MHonArc 2.6.16.