Grouper Users - Open Discussion List

[Tom Zeller <>]

> Can existing groups in ldap (active directory) be managed using Grouper and
> the ldappc-ng tool?  If so, how would I import those groups and their
> memberships into Grouper.

We don't currently provide a tool to import groups from an ldap
directory into Grouper.

I've been thinking about a bi- (or uni-) directional sync from AD into
Grouper because some folks want to use to their AD tools, but we still
want central management for provisioning to other directories. Sounds
like a to-be-written Grouper Loader job.

Writing a java program to import from ldap into Grouper would be
straightforward, given interest and time :-)

> Can the stem name be removed when provisioning the group so that I don’t end
> up with stem:group name as the name of the group when it is provisioned into
> Active Directory?

Yes, assuming you are using a configuration similar to
ldappcng-resolver.example.xml, change

 sourceAttributeID="name"

to

 sourceAttributeID="extension"

in the following :

  <resolver:AttributeDefinition id="group-dn"
xsi:type="ldappc:LdapDnPSOIdentifier"
    structure="${DNstructure}" sourceAttributeID="name"
rdnAttributeName="cn" base="${groupsOU}">
    <resolver:Dependency ref="GroupDataConnector" />
  </resolver:AttributeDefinition>

If your structure is "flat" (and not "bushy") you will have to enforce
namespace uniqueness yourself, as we do at Memphis.

TomZ