Grouper Users - Open Discussion List

[Mark Cairney <>]

Hi Rob,

Thanks for the email. Unfortunately I'm using LDAPPC on Grouper 1.5.3. I 
don't think upgrading is an option at the moment although it's good tk know 
that it's known to work with LDAPPC-NG on 1.6.

The source.xml file looks like a good place for me to start though.

Kind regards,

Mark

On 24 Jan 2011, at 10:04, Rob Hebron wrote:

> Hi Mark,
> 
> I've had success with syncing groups to OpenLDAP in a "bushy" structure 
> using LDAPPC-NG with grouper 1.6, so don't give up! My config files which 
> work against a vanilla OpenLDAP installation with no schema extensions are 
> at:
> 
> https://spaces.internet2.edu/display/Grouper/Grouper+Book+-+LDAPPC-NG
> 
> If I remember correctly I found that the subject source in 
> ldappc-resolver.xml has to equal the subject source in sources.xml (drre in 
> members-jdbc in the example I posted) so that they can be identified in 
> Grouper, and the subjects have to be present in the directory (although a 
> JIRA has been opened for these to be added automatically if missing).
> 
> Hope this helps. If you're still having problems I'll be able to check 
> things out further this evening.
> 
> Rob
> 
> On 24/01/11 09:49, Mark Cairney wrote:
>> Hi,
>> 
>> I've recently started looking at using LDAPPC to push Grouper's groups 
>> into our OpenLDAP directory.
>> So far I've been using a ldappc.xml almost identical to the one on the 
>> wiki page at:
>> 
>> https://spaces.internet2.edu/display/Grouper/LDAPPC
>> 
>> Using a flat structure this appears to create the groupOfNames objects in 
>> OpenLDAP but there are no members. What configuration settings do I have 
>> to change to get this to work? Is it dependent on my OpenLDAP schema?
>> 
>> Finally I'd like to get a nested structure in OpenLDAP but if I change 
>> "flat" to "bushy" it fails instantly complaining that the OU doesn't 
>> exist. I notice that this is only set in the AD example. Does this mean it 
>> isn't supported in OpenLDAP?
>> 
>> Apologies for the rather elementary questions.
>> 
>> Kind regards,
>> 
>> Mark
>> 
>> My ldappc.xml is listed below:
>> 
>> <ldappc>
>>   <grouper>
>>     <group-queries>
>> 
>>       <subordinate-stem-queries>
>>         <stem-list>
>>           <stem>org</stem>
>>         </stem-list>
>>       </subordinate-stem-queries>
>> 
>>       <attribute-matching-queries>
>>         <attribute-list>
>>           <attribute name="_attr_name_" value="_attr_value_" />
>>         </attribute-list>
>>       </attribute-matching-queries>
>> 
>>     </group-queries>
>> 
>>     <groups
>>       structure="flat"
>>       root-dn="ou=grouper,${edu.vt.middleware.ldap.base}"
>>       ldap-object-class="groupOfNames"
>>       ldap-rdn-attribute="cn"
>>       grouper-attribute="name">
>> 
>>       <group-members-dn-list list-object-class="groupOfNames" 
>> list-attribute="me
>> mber" list-empty-value="" />
>> 
>>       <group-members-name-list list-object-class="eduMember" 
>> list-attribute="has
>> Member">
>>         <source-subject-name-mapping>
>>           <source-subject-name-map source="_source_name_" 
>> subject-attribute="_at
>> tr_name_" />
>>           <source-subject-name-map source="g:gsa" subject-attribute="name" 
>> />
>>         <source-subject-name-map source="g:isa" subject-attribute="name" />
>>         </source-subject-name-mapping>
>>       </group-members-name-list>
>> 
>>       <group-attribute-mapping ldap-object-class="groupOfNames">
>>         <group-attribute-map group-attribute="description" 
>> ldap-attribute="descr
>> iption" />
>>       </group-attribute-mapping>
>> 
>>     </groups>
>> 
>>     <memberships>
>>       <member-groups-list list-object-class="eduMember" 
>> list-attribute="isMember
>> Of" naming-attribute="name" />
>>     </memberships>
>> 
>>   </grouper>
>> 
>>   <source-subject-identifiers>
>>     <source-subject-identifier source="_source_name_" 
>> subject-attribute="_attr_n
>> ame_">
>>       <ldap-search
>>         base="ou=people,ou=central,${edu.vt.middleware.ldap.base}"
>>         scope="subtree_scope"
>>         filter="(uid={0})" />
>>     </source-subject-identifier>
>>   </source-subject-identifiers>
>> 
>> </ldappc>
>> 
>> 
>> /*********************************
>> Mark Cairney
>> ITI UNIX Section
>> Information Services
>> University of Edinburgh
>> 
>> Tel: 0131 650 6565
>> Email: 
>> 
>> 
>> *********************************/
>> 
>> 
> 

/********************************* 
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email: 


*********************************/


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.