Grouper Users - Open Discussion List

[Chris Hyzer <>]

Btw, for Grouper 2.0 there will be a grouper-loader type for ldap where you 
could do this also

Thanks,
Chris

-----Original Message-----
From: cameron stewart 
[mailto:]
 
Sent: Wednesday, February 09, 2011 4:23 PM
To: Chris Hyzer
Cc: Jim Fox; Tom Zeller; 

Subject: Re: [grouper-users] How to import LDAP groups into Grouper?

Thanks Guys,

I will go ahead and try making use of these ideas, and see how this pans out. 
 I am really kind of glad that I am not just crazy or incompetent, well at 
least not as far as this is concerned.  I have been looking for the proper 
way to do this for a while.


Cameron

On Feb 9, 2011, at 1:17 PM, Chris Hyzer wrote:

> Heres an example of a simple Java program (no dependencies) which takes 
> stuff from our ldap structure and prints out a GSH script.  You can tweak 
> it to fit your structure as you like...  
> 
> 
> Thanks,
> Chris
> 
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Jim Fox
> Sent: Wednesday, February 09, 2011 2:55 PM
> To: Tom Zeller
> Cc: cameron stewart; 
> 
> Subject: Re: [grouper-users] How to import LDAP groups into Grouper?
> 
> 
> 
> I'd like to mention how we provisioned LDAP groups into our Grouper
> system.  It uses a different mechanism that worked well for us.
> [ and no, that doesn't go without saying ]
> 
> Essentually, we used the grouper webservice and grouper client
> to provision Grouper remotely.  This was convenient for many reasons:
> 
> 1) We already had LDAP clients that could extract group information
>    from our LDAp system.
> 
> 2) We needed a remote grouper client provisioner (basically something that
>    can PUT group and membership info to the webservice) to do daily
>    provisioning of our institutional groups.  This is an application
>    we still run daily -- without the LDAP feed, of course.
> 
> 3) By running the provisioner daily on the entire LDAP we were able to
>    provision the Grouper registry and continue to keep it up-to-date
>    even while the LDAP groups system was active and changing.
> 
> 4) We run the provisioner in 'reconciliation' mode.  Only differences
>    are sent to Grouper.  This way daily reconciliatons are quite
>    efficient.
> 
> So, we never ran a 'provisioner' as such.  We run constant reconciliations
> of many sources, one of which happened to be old LDAP registry.
> 
> Our system used our custom REST API, but I think this might work with
> the stock API and client.
> 
> Jim
> 
> 
> 
> 
> On Wed, 9 Feb 2011, Tom Zeller wrote:
> 
>> Date: Wed, 9 Feb 2011 11:12:29 -0800
>> From: Tom Zeller 
>> <>
>> To: cameron stewart 
>> <>
>> Cc: 
>> ""
>>  
>> <>
>> Subject: Re: [grouper-users] How to import LDAP groups into Grouper?
>> 
>> Well, with regards to ldappcng, I know what to write, I (or someone)
>> just needs to sit down and do it. Several months ago I thought it
>> would take a month, but other stuff happened. I should update jira
>> with requests for improvements and we (grouper-users) could prioritize
>> them.
>> 
>> If you are in the evaluation phase now, I think that's OK, this kind
>> of work for ldappcng is overdue.
>> 
> <LdapExample2.java>