grouper-users - Re: [grouper-users] LDAPPCNG and different LDAP for people and groups
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Arnaud Deman <>
- Cc:
- Subject: Re: [grouper-users] LDAPPCNG and different LDAP for people and groups
- Date: Fri, 22 Jul 2011 09:54:18 -0500
The second ldap provider needs to be added to ldappcng.xml, I believe,
I am unable to test right now.
Add
<target id="ldap-replicat" provider="ldap-provider-replicat" />
to ldappcng.xml :
<targets id="LDAP">
<target id="ldap" provider="ldap-provider" />
<target id="ldap-replicat" provider="ldap-provider-replicat" />
and please let me know.
[config files were posted privately]
On Fri, Jul 22, 2011 at 9:18 AM, Tom Zeller
<>
wrote:
> Sounds right. Could you post your sanitized config files, please,
> either on-list or privately ?
>
> On Fri, Jul 22, 2011 at 7:25 AM, Arnaud Deman
> <>
> wrote:
>> Hello,
>>
>> I am trying to use LDAPPCNG to provision the groups branch of an LDAP
>> while the people branch is in another LDAP. The people branch is read
>> only (I don't publish isMemberOf).
>>
>> Is it possible to use LDAPPCNG in this context, and if so what would be the
>> good way to configure it ?
>>
>> My first idea was to define a second ldap provider for the people branch,
>> with its own configuration
>> file in ldappc-services.xml :
>>
>> <Service id="ldap-provider-replicat" xsi:type="ldappc:LdapPoolProvider"
>> ldapPoolId="ldapPool-replicat">
>> <ConfigurationResource file="/ldappc-ldap-replicat.xml"
>> xsi:type="resource:ClasspathResource">
>> <ResourceFilter xsi:type="grouper:ClasspathPropertyReplacement"
>> xmlns="urn:mace:shibboleth:2.0:resource" propertyFile="/ldappc.properties"
>> />
>> </ConfigurationResource>
>>
>>
>> And then to use this provider for the SpmlDataConnector in
>> ldappc-resolver.xml :
>>
>> <resolver:DataConnector id="SpmlDataConnector"
>> provider="ldap-provider-replicat" xsi:type="ldappc:SPMLDataConnector"
>> scope="subTree" base="${peopleOU}" returnData="identifier">
>> <resolver:Dependency ref="MemberDataConnector" />
>>
>> <ldappc:FilterTemplate>(supannAliasLogin=${id.get(0)})</ldappc:FilterTemplate>
>> </resolver:DataConnector>
>>
>>
>> But the LDAP Pool doesn' seem to be initialized correctly and I have this
>> exception :
>>
>> 2011-07-22 12:13:57,930: [main] WARN BlockingLdapPool .checkIn(309) - -
>> attempt to return unknown ldap object: null
>> 2011-07-22 12:13:57,932: [main] ERROR BaseSpmlProvider .execute(95) - -
>> Response[status=failure,error=unsupportedOperation,errorMessages={},requestID=2011/07/22-12:13:57.929_Q0O928HW]
>>
>> Thanks for your help,
>> Best regards,
>> A. Deman.
>>
>>
>>
>>
>>
>> --
>> Arnaud Deman
>> 04 91 28 85 25
>> DSI - Université Paul Cézanne Aix-Marseille III
>> Avenue Escadrille Normandie-Niemen
>> 13397 MARSEILLE CEDEX 20
>>
>>
>
- [grouper-users] LDAPPCNG and different LDAP for people and groups, Arnaud Deman, 07/22/2011
- Re: [grouper-users] LDAPPCNG and different LDAP for people and groups, Tom Zeller, 07/22/2011
- Re: [grouper-users] LDAPPCNG and different LDAP for people and groups, Tom Zeller, 07/22/2011
- Re: [grouper-users] LDAPPCNG and different LDAP for people and groups, Tom Zeller, 07/22/2011
Archive powered by MHonArc 2.6.16.