Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Questions about LDAPPC-NG

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Questions about LDAPPC-NG

Chronological Thread 
  • From: Colin Hudler <>
  • To: "" <>
  • Subject: [grouper-users] Questions about LDAPPC-NG
  • Date: Wed, 30 Jun 2010 09:27:23 -0500


Please help me understand a couple of things about ldappcng's intended operation. I have it producing reasonable SPML output when I run -calc or -diff against either an -entityName "group" or "member", if I specify one subjectid or groupname on the command line.

I want to specify a grouper queryFilter (group-attributes) which returns the groups selected for provisioning. We do not provision all of our groups, and some groups go to different destinations (LDAP, AD). Even the provisioning is delegated from the wheel admins to the more local admin's control (AD admin can assign provisioning attributes to a group, for example).

Is there a way to make it work that way? Alternatively, how could I run one instance of ldappcng for a select number of groups? I also can appreciate if the answer is that I should change my way of thinking entirely.

Three other minor questions:
1. Does the "diff" option operate the same as "sync", but without writing to the targets?
2. What are the -return options returning (what does that mean)?
3. Is is designed that group's and member's objects are provisioned independently by design? i.e. it is necessary to run one ldappcng instance per object?

The tool shows great promise and wasn't difficult to get started, so thanks for writing it. I will probably have more questions, especially when I try to make it understand looking up and including users from an external AD forest.

Archive powered by MHonArc 2.6.16.

Top of Page