Grouper Users - Open Discussion List

[Tom Zeller <>]

Could you reply with sanitized (i.e. no password) copies of the
following config files, please ?

ldappc.xml
ldappc.properties
sources.xml

For example, in

 <source-subject-identifier source="_source_name_" subject-attribute="_attr_n
ame_">

the values for "_source_name_" and "_attr_name_" should be replaced
with the name of your Source and the name of the attribute whose value
will comprise the ldap search for member identifiers.

Thanks,
TomZ

On Mon, Jan 24, 2011 at 4:38 AM, Mark Cairney 
<>
 wrote:
> Hi Rob,
>
> Thanks for the email. Unfortunately I'm using LDAPPC on Grouper 1.5.3. I 
> don't think upgrading is an option at the moment although it's good tk know 
> that it's known to work with LDAPPC-NG on 1.6.
>
> The source.xml file looks like a good place for me to start though.
>
> Kind regards,
>
> Mark
>
> On 24 Jan 2011, at 10:04, Rob Hebron wrote:
>
>> Hi Mark,
>>
>> I've had success with syncing groups to OpenLDAP in a "bushy" structure 
>> using LDAPPC-NG with grouper 1.6, so don't give up! My config files which 
>> work against a vanilla OpenLDAP installation with no schema extensions are 
>> at:
>>
>> https://spaces.internet2.edu/display/Grouper/Grouper+Book+-+LDAPPC-NG
>>
>> If I remember correctly I found that the subject source in 
>> ldappc-resolver.xml has to equal the subject source in sources.xml (drre 
>> in members-jdbc in the example I posted) so that they can be identified in 
>> Grouper, and the subjects have to be present in the directory (although a 
>> JIRA has been opened for these to be added automatically if missing).
>>
>> Hope this helps. If you're still having problems I'll be able to check 
>> things out further this evening.
>>
>> Rob
>>
>> On 24/01/11 09:49, Mark Cairney wrote:
>>> Hi,
>>>
>>> I've recently started looking at using LDAPPC to push Grouper's groups 
>>> into our OpenLDAP directory.
>>> So far I've been using a ldappc.xml almost identical to the one on the 
>>> wiki page at:
>>>
>>> https://spaces.internet2.edu/display/Grouper/LDAPPC
>>>
>>> Using a flat structure this appears to create the groupOfNames objects in 
>>> OpenLDAP but there are no members. What configuration settings do I have 
>>> to change to get this to work? Is it dependent on my OpenLDAP schema?
>>>
>>> Finally I'd like to get a nested structure in OpenLDAP but if I change 
>>> "flat" to "bushy" it fails instantly complaining that the OU doesn't 
>>> exist. I notice that this is only set in the AD example. Does this mean 
>>> it isn't supported in OpenLDAP?
>>>
>>> Apologies for the rather elementary questions.
>>>
>>> Kind regards,
>>>
>>> Mark
>>>
>>> My ldappc.xml is listed below:
>>>
>>> <ldappc>
>>>   <grouper>
>>>     <group-queries>
>>>
>>>       <subordinate-stem-queries>
>>>         <stem-list>
>>>           <stem>org</stem>
>>>         </stem-list>
>>>       </subordinate-stem-queries>
>>>
>>>       <attribute-matching-queries>
>>>         <attribute-list>
>>>           <attribute name="_attr_name_" value="_attr_value_" />
>>>         </attribute-list>
>>>       </attribute-matching-queries>
>>>
>>>     </group-queries>
>>>
>>>     <groups
>>>       structure="flat"
>>>       root-dn="ou=grouper,${edu.vt.middleware.ldap.base}"
>>>       ldap-object-class="groupOfNames"
>>>       ldap-rdn-attribute="cn"
>>>       grouper-attribute="name">
>>>
>>>       <group-members-dn-list list-object-class="groupOfNames" 
>>> list-attribute="me
>>> mber" list-empty-value="" />
>>>
>>>       <group-members-name-list list-object-class="eduMember" 
>>> list-attribute="has
>>> Member">
>>>         <source-subject-name-mapping>
>>>           <source-subject-name-map source="_source_name_" 
>>> subject-attribute="_at
>>> tr_name_" />
>>>           <source-subject-name-map source="g:gsa" 
>>> subject-attribute="name" />
>>>         <source-subject-name-map source="g:isa" subject-attribute="name" 
>>> />
>>>         </source-subject-name-mapping>
>>>       </group-members-name-list>
>>>
>>>       <group-attribute-mapping ldap-object-class="groupOfNames">
>>>         <group-attribute-map group-attribute="description" 
>>> ldap-attribute="descr
>>> iption" />
>>>       </group-attribute-mapping>
>>>
>>>     </groups>
>>>
>>>     <memberships>
>>>       <member-groups-list list-object-class="eduMember" 
>>> list-attribute="isMember
>>> Of" naming-attribute="name" />
>>>     </memberships>
>>>
>>>   </grouper>
>>>
>>>   <source-subject-identifiers>
>>>     <source-subject-identifier source="_source_name_" 
>>> subject-attribute="_attr_n
>>> ame_">
>>>       <ldap-search
>>>         base="ou=people,ou=central,${edu.vt.middleware.ldap.base}"
>>>         scope="subtree_scope"
>>>         filter="(uid={0})" />
>>>     </source-subject-identifier>
>>>   </source-subject-identifiers>
>>>
>>> </ldappc>
>>>
>>>
>>> /*********************************
>>> Mark Cairney
>>> ITI UNIX Section
>>> Information Services
>>> University of Edinburgh
>>>
>>> Tel: 0131 650 6565
>>> Email: 
>>> 
>>>
>>> *********************************/
>>>
>>>
>>
>
> /*********************************
> Mark Cairney
> ITI UNIX Section
> Information Services
> University of Edinburgh
>
> Tel: 0131 650 6565
> Email: 
> 
>
> *********************************/
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>