Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] How to import LDAP groups into Grouper?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] How to import LDAP groups into Grouper?

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Jim Fox <>, Tom Zeller <>
  • Cc: cameron stewart <>, "" <>
  • Subject: RE: [grouper-users] How to import LDAP groups into Grouper?
  • Date: Wed, 9 Feb 2011 15:17:50 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

Heres an example of a simple Java program (no dependencies) which takes stuff
from our ldap structure and prints out a GSH script. You can tweak it to fit
your structure as you like...


-----Original Message-----

On Behalf Of Jim Fox
Sent: Wednesday, February 09, 2011 2:55 PM
To: Tom Zeller
Cc: cameron stewart;

Subject: Re: [grouper-users] How to import LDAP groups into Grouper?

I'd like to mention how we provisioned LDAP groups into our Grouper
system. It uses a different mechanism that worked well for us.
[ and no, that doesn't go without saying ]

Essentually, we used the grouper webservice and grouper client
to provision Grouper remotely. This was convenient for many reasons:

1) We already had LDAP clients that could extract group information
from our LDAp system.

2) We needed a remote grouper client provisioner (basically something that
can PUT group and membership info to the webservice) to do daily
provisioning of our institutional groups. This is an application
we still run daily -- without the LDAP feed, of course.

3) By running the provisioner daily on the entire LDAP we were able to
provision the Grouper registry and continue to keep it up-to-date
even while the LDAP groups system was active and changing.

4) We run the provisioner in 'reconciliation' mode. Only differences
are sent to Grouper. This way daily reconciliatons are quite

So, we never ran a 'provisioner' as such. We run constant reconciliations
of many sources, one of which happened to be old LDAP registry.

Our system used our custom REST API, but I think this might work with
the stock API and client.


On Wed, 9 Feb 2011, Tom Zeller wrote:

> Date: Wed, 9 Feb 2011 11:12:29 -0800
> From: Tom Zeller
> <>
> To: cameron stewart
> <>
> Cc:
> ""
> <>
> Subject: Re: [grouper-users] How to import LDAP groups into Grouper?
> Well, with regards to ldappcng, I know what to write, I (or someone)
> just needs to sit down and do it. Several months ago I thought it
> would take a month, but other stuff happened. I should update jira
> with requests for improvements and we (grouper-users) could prioritize
> them.
> If you are in the evaluation phase now, I think that's OK, this kind
> of work for ldappcng is overdue.


Archive powered by MHonArc 2.6.16.

Top of Page