Grouper Users - Open Discussion List

[Jim Fox <>]

I'd like to mention how we provisioned LDAP groups into our Grouper
system.  It uses a different mechanism that worked well for us.
[ and no, that doesn't go without saying ]

Essentually, we used the grouper webservice and grouper client
to provision Grouper remotely.  This was convenient for many reasons:

1) We already had LDAP clients that could extract group information
   from our LDAp system.

2) We needed a remote grouper client provisioner (basically something that
   can PUT group and membership info to the webservice) to do daily
   provisioning of our institutional groups.  This is an application
   we still run daily -- without the LDAP feed, of course.

3) By running the provisioner daily on the entire LDAP we were able to
   provision the Grouper registry and continue to keep it up-to-date
   even while the LDAP groups system was active and changing.

4) We run the provisioner in 'reconciliation' mode.  Only differences
   are sent to Grouper.  This way daily reconciliatons are quite
   efficient.

So, we never ran a 'provisioner' as such.  We run constant reconciliations
of many sources, one of which happened to be old LDAP registry.

Our system used our custom REST API, but I think this might work with
the stock API and client.

Jim




On Wed, 9 Feb 2011, Tom Zeller wrote:

> Date: Wed, 9 Feb 2011 11:12:29 -0800
> From: Tom Zeller 
> <>
> To: cameron stewart 
> <>
> Cc: 
> ""
>  
> <>
> Subject: Re: [grouper-users] How to import LDAP groups into Grouper?
>
> Well, with regards to ldappcng, I know what to write, I (or someone)
> just needs to sit down and do it. Several months ago I thought it
> would take a month, but other stuff happened. I should update jira
> with requests for improvements and we (grouper-users) could prioritize
> them.
>
> If you are in the evaluation phase now, I think that's OK, this kind
> of work for ldappcng is overdue.