Grouper Users - Open Discussion List

[Arnaud Deman <>]

Hello,

I am trying to use LDAPPCNG to provision the groups branch of an LDAP
while the people branch is in another LDAP. The people branch is read
only (I don't publish isMemberOf).

Is it possible to use LDAPPCNG in this context, and if so what would be the
good way to configure it ?

My first idea was to define a second ldap provider for the people branch, 
with its own configuration
file in ldappc-services.xml :

<Service id="ldap-provider-replicat" xsi:type="ldappc:LdapPoolProvider" 
ldapPoolId="ldapPool-replicat">
   <ConfigurationResource file="/ldappc-ldap-replicat.xml" 
xsi:type="resource:ClasspathResource">
    <ResourceFilter xsi:type="grouper:ClasspathPropertyReplacement" 
xmlns="urn:mace:shibboleth:2.0:resource" propertyFile="/ldappc.properties" />
</ConfigurationResource>


And then to use this provider for the SpmlDataConnector in 
ldappc-resolver.xml :

<resolver:DataConnector id="SpmlDataConnector" 
provider="ldap-provider-replicat" xsi:type="ldappc:SPMLDataConnector"
    scope="subTree" base="${peopleOU}" returnData="identifier">
    <resolver:Dependency ref="MemberDataConnector" />
    
<ldappc:FilterTemplate>(supannAliasLogin=${id.get(0)})</ldappc:FilterTemplate>
</resolver:DataConnector>


But the LDAP Pool doesn' seem to be initialized correctly and I have this 
exception :

2011-07-22 12:13:57,930: [main] WARN BlockingLdapPool .checkIn(309) -  - 
attempt to return unknown ldap object: null
2011-07-22 12:13:57,932: [main] ERROR BaseSpmlProvider .execute(95) -  - 
Response[status=failure,error=unsupportedOperation,errorMessages={},requestID=2011/07/22-12:13:57.929_Q0O928HW]

Thanks for your help,
Best regards,
A. Deman.





-- 
Arnaud Deman
04 91 28 85 25
DSI - Université Paul Cézanne Aix-Marseille III
Avenue Escadrille Normandie-Niemen
13397 MARSEILLE CEDEX 20