Grouper Users - Open Discussion List

[Rob Hebron <>]

Hi Mark,

I've had success with syncing groups to OpenLDAP in a "bushy" structure 
using LDAPPC-NG with grouper 1.6, so don't give up! My config files 
which work against a vanilla OpenLDAP installation with no schema 
extensions are at:

https://spaces.internet2.edu/display/Grouper/Grouper+Book+-+LDAPPC-NG

If I remember correctly I found that the subject source in 
ldappc-resolver.xml has to equal the subject source in sources.xml (drre 
in members-jdbc in the example I posted) so that they can be identified 
in Grouper, and the subjects have to be present in the directory 
(although a JIRA has been opened for these to be added automatically if 
missing).

Hope this helps. If you're still having problems I'll be able to check 
things out further this evening.

Rob

On 24/01/11 09:49, Mark Cairney wrote:
> Hi,
>
> I've recently started looking at using LDAPPC to push Grouper's groups into 
> our OpenLDAP directory.
> So far I've been using a ldappc.xml almost identical to the one on the wiki 
> page at:
>
> https://spaces.internet2.edu/display/Grouper/LDAPPC
>
> Using a flat structure this appears to create the groupOfNames objects in 
> OpenLDAP but there are no members. What configuration settings do I have to 
> change to get this to work? Is it dependent on my OpenLDAP schema?
>
> Finally I'd like to get a nested structure in OpenLDAP but if I change "flat" to 
> "bushy" it fails instantly complaining that the OU doesn't exist. I notice that this is 
> only set in the AD example. Does this mean it isn't supported in OpenLDAP?
>
> Apologies for the rather elementary questions.
>
> Kind regards,
>
> Mark
>
> My ldappc.xml is listed below:
>
> <ldappc>
>    <grouper>
>      <group-queries>
>
>        <subordinate-stem-queries>
>          <stem-list>
>            <stem>org</stem>
>          </stem-list>
>        </subordinate-stem-queries>
>
>        <attribute-matching-queries>
>          <attribute-list>
>            <attribute name="_attr_name_" value="_attr_value_" />
>          </attribute-list>
>        </attribute-matching-queries>
>
>      </group-queries>
>
>      <groups
>        structure="flat"
>        root-dn="ou=grouper,${edu.vt.middleware.ldap.base}"
>        ldap-object-class="groupOfNames"
>        ldap-rdn-attribute="cn"
>        grouper-attribute="name">
>
>        <group-members-dn-list list-object-class="groupOfNames" 
> list-attribute="me
> mber" list-empty-value="" />
>
>        <group-members-name-list list-object-class="eduMember" 
> list-attribute="has
> Member">
>          <source-subject-name-mapping>
>            <source-subject-name-map source="_source_name_" 
> subject-attribute="_at
> tr_name_" />
>            <source-subject-name-map source="g:gsa" subject-attribute="name" />
>          <source-subject-name-map source="g:isa" subject-attribute="name" />
>          </source-subject-name-mapping>
>        </group-members-name-list>
>
>        <group-attribute-mapping ldap-object-class="groupOfNames">
>          <group-attribute-map group-attribute="description" 
> ldap-attribute="descr
> iption" />
>        </group-attribute-mapping>
>
>      </groups>
>
>      <memberships>
>        <member-groups-list list-object-class="eduMember" 
> list-attribute="isMember
> Of" naming-attribute="name" />
>      </memberships>
>
>    </grouper>
>
>    <source-subject-identifiers>
>      <source-subject-identifier source="_source_name_" 
> subject-attribute="_attr_n
> ame_">
>        <ldap-search
>          base="ou=people,ou=central,${edu.vt.middleware.ldap.base}"
>          scope="subtree_scope"
>          filter="(uid={0})" />
>      </source-subject-identifier>
>    </source-subject-identifiers>
>
> </ldappc>
>
>
> /*********************************
> Mark Cairney
> ITI UNIX Section
> Information Services
> University of Edinburgh
>
> Tel: 0131 650 6565
> Email: 
>
>
> *********************************/