Skip to Content.
Sympa Menu

grouper-users - [grouper-users] LDAPPCNG and different LDAP for people and groups

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] LDAPPCNG and different LDAP for people and groups

Chronological Thread 
  • From: Arnaud Deman <>
  • To:
  • Subject: [grouper-users] LDAPPCNG and different LDAP for people and groups
  • Date: Fri, 22 Jul 2011 14:25:50 +0200


I am trying to use LDAPPCNG to provision the groups branch of an LDAP
while the people branch is in another LDAP. The people branch is read
only (I don't publish isMemberOf).

Is it possible to use LDAPPCNG in this context, and if so what would be the
good way to configure it ?

My first idea was to define a second ldap provider for the people branch,
with its own configuration
file in ldappc-services.xml :

<Service id="ldap-provider-replicat" xsi:type="ldappc:LdapPoolProvider"
<ConfigurationResource file="/ldappc-ldap-replicat.xml"
<ResourceFilter xsi:type="grouper:ClasspathPropertyReplacement"
xmlns="urn:mace:shibboleth:2.0:resource" propertyFile="/" />

And then to use this provider for the SpmlDataConnector in
ldappc-resolver.xml :

<resolver:DataConnector id="SpmlDataConnector"
provider="ldap-provider-replicat" xsi:type="ldappc:SPMLDataConnector"
scope="subTree" base="${peopleOU}" returnData="identifier">
<resolver:Dependency ref="MemberDataConnector" />


But the LDAP Pool doesn' seem to be initialized correctly and I have this
exception :

2011-07-22 12:13:57,930: [main] WARN BlockingLdapPool .checkIn(309) - -
attempt to return unknown ldap object: null
2011-07-22 12:13:57,932: [main] ERROR BaseSpmlProvider .execute(95) - -

Thanks for your help,
Best regards,
A. Deman.

Arnaud Deman
04 91 28 85 25
DSI - Université Paul Cézanne Aix-Marseille III
Avenue Escadrille Normandie-Niemen

Archive powered by MHonArc 2.6.16.

Top of Page