Grouper Users - Open Discussion List

[Tom Zeller <>]

To answer the question you did not ask, no, the configuration file
names are not intuitive. This should be improved.

Ldappcng (1.6+) requires the Shibboleth Attribute Resolver, while for
ldappc (1.5+) the Shibboleth Attribute Resolver is optional. Since
ldappc (1.5+) was first, some filenames retain ldappc. Perhaps each
version (1.5+ or 1.6+) should have separate configuration directories
in future releases.

For ldappcng (and ldappc), the following configuration filenames are
not configurable :

ldappc-internal.xml
ldappc-services.xml

The names of the remaining configuration files are defined in
ldappc-services.xml, and by default are :

ldappcng.xml
ldappc-resolver.xml
ldappc-ldap.xml
ldappc.properties

Each configuration file accepts a macro substitution file, by default,
ldappc.properties.

The ldappcng configuration is, by default, ldappcng.xml :

  <!-- the provisioning service provider is required for ldappcng, not
ldappc -->
  <Service id="ldappc" ...
    <ConfigurationResource file="/ldappcng.xml" ...
      <ResourceFilter propertyFile="/ldappc.properties" ...

The Shibboleth Attribute Resolver configuration is, by default,
ldappc-resolver.xml :

 <!-- the attribute resolver id must be grouper.AttributeResolver -->
  <Service id="grouper.AttributeResolver" ...
    <ConfigurationResource file="/ldappc-resolver.xml" ...
      <ResourceFilter propertyFile="/ldappc.properties" ...

LDAP connection configuration provided by vt-ldap is, by default,
ldappc-ldap.xml :

  <!-- the ldap provider is required for ldappcng, not ldappc -->
  <Service id="ldap-provider" ...
    <ConfigurationResource file="/ldappc-ldap.xml"
      <ResourceFilter propertyFile="/ldappc.properties" ...

> I'm planning on implementing ldappcng with an active directory (using with 
> Grouper 1.6.3).
>
> A couple of questions:
>
> 1) According to https://spaces.internet2.edu/display/Grouper/LDAPPCNG, 
> there is a 'ldappcng.xml' properties file - I could not find it: is it the 
> 'ldappc.example.properties' file?

The macro substitution properties file, ldappc.properties, is supplied
as ldappc.example.properties.

> 2) Are my understanding of the following property files correct?
>
> ldappc.example.ad.xml - not needed for ldappcng implementation

Correct. This is for ldappc (1.5+)

> ldappcng.example.ad.xml - is this the 'ldapcng.xml' file mentioned in 
> https://spaces.internet2.edu/display/Grouper/LDAPPCNG?

Yes, rename ldappcng.example.ad.xml to ldappcng.xml.

> ldappc.example.properties - not needed for ldadpcng or is this the 
> 'ldappcng.xml' file mentioned at 
> https://spaces.internet2.edu/display/Grouper/LDAPPCNG?

Rename ldappc.example.properties to ldappc.properties. See (1).

> ldappc-internal.example.xml - not sure yet what this is for; please see Q3 
> below
> ldappc-resolver.example.xml - not sure yet what this is for; please see Q3 
> below
> ldappc-services.example.xml - not sure yet what this is for; please see Q3 
> below
>
> 3) Why are the following three configuration files listed as 'Shibboleth 
> Attribute Resolver' at 
> https://spaces.internet2.edu/display/Grouper/LDAPPCNG? Are they to be only 
> used in conjunction with Shibboleth and can otherwise be ignored?
>
> ldappc-internal.xml Shibboleth Attribute Resolver
> ldappc-services.xml Shibboleth Attribute Resolver
> ldappc-resolver.xml Shibboleth Attribute Resolver

These are all required by ldappcng.

Apologies for the confusion,
TomZ