Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Very early stages of deploying groups in LDAP...

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Very early stages of deploying groups in LDAP...

Chronological Thread 
  • From: Tom Zeller <>
  • To:
  • Cc:
  • Subject: Re: [grouper-users] Very early stages of deploying groups in LDAP...
  • Date: Mon, 27 Sep 2010 15:45:45 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=hXLaolknKXximrVagkEPI+xypgznLV2VyB2Zzfo0HAfaroHMEOxqm/IVJOe2xWV82Q dgQb64xWiefexVj0rLqqyNnYLbxRjgu/eI0czhH8LBP9it8NtjkSgkaf+WgH5t131aRB KDn4t9MUwn/jMXz01au92rVpoCmEXNG+IGevg=

>> Does Grouper require or suggest a particular LDAP structure and/or
>> group naming convention?  I want to make sure we don't paint
>> ourselves into a corner early on, so we can keep our options open
>> for as long as possible.

> U Chicago's group naming plan might provide a starting point for your
> thoughts about naming:

I think it is a good idea to implement group names as a sequence of
name components (for example "uc:org:group") as early as possible. The
sooner that consumers|users of groups become familiar with component
names the better.

At Memphis, I have been reluctant to transition from our legacy name
space ("ITD Staff") to Grouper's suggested naming convention (
"memphis:itd:staff") because of entrenched use and Active Directory.
In my AD experience, the LDAP RDN (cn="ITD Staff") appears in various
places such as ADUC and Exchange's GAL, making a transition from
emailing "ITD Staff" to "memphis:itd:staff" a potential disruption for

And, in a federated group environment, our legacy names will become untenable.


AD = Active Directory
ADUC = AD Users & Computers management GUI
GAL = Global Address List (the address book for Outlook etc)

Archive powered by MHonArc 2.6.16.

Top of Page