Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] PSP - subject source different from provisioning target, but same AD

Please Wait...

grouper-users@internet2.edu

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] PSP - subject source different from provisioning target, but same AD


Chronological Thread 
  • From: Tom Zeller <tzeller@unicon.net>
  • To: Holger Dippel <holger.dippel@umassd.edu>
  • Cc: grouper-users <grouper-users@internet2.edu>
  • Subject: Re: [grouper-users] PSP - subject source different from provisioning target, but same AD
  • Date: Mon, 9 Jul 2012 13:19:34 -0700 (MST)

Look at 2.0.0 or earlier for the separate source and target ldsp connection thing. Unifying was a fix to a Koranda bug.

Vt-ldsp provides addtl options that sources.xml does not via ldsp.properties.

s/ldsp/ldap

On Jul 9, 2012, at 2:25 PM, Holger Dippel <holger.dippel@umassd.edu> wrote:

Tom. Thank you. I am looking at the multiple OpenLDAP targets example on how to use the Spring config. I guess this would be the only way to accomplish a target different from sources.xml

If it's using the sources.xml -- which would be fine if our AD would be structured differently -- then why is there at all the need for a ldap.properties? Why couldn't it consume the ldap settings from sources.xml for everything?


Holger

Holger Dippel
Director of IT Development and Integration
University of Massachusetts Dartmouth
285 Old Westport Road • North Dartmouth, MA 02747

508-999-9181 • holger.dippel@umassd.edu

http://www.umassd.edu/

CITS will never ask you for your password or other confidential information via email. Beware of phishing scams where email and/or malicious web sites try to trick users into entering their username and password.
For more information about password security please visit: http://www.umassd.edu/cits/security/


From: "Tom Zeller" <tzeller@unicon.net>
To: "Holger Dippel" <holger.dippel@umassd.edu>
Cc: "grouper-users" <grouper-users@internet2.edu>
Sent: Monday, July 9, 2012 3:10:42 PM
Subject: Re: [grouper-users] PSP - subject source different from provisioning target, but same AD

Take a look at the comment near the ldap target in psp-services.xml.

If you need more, please reply.

TomZ

On Jul 9, 2012, at 11:03 AM, Holger Dippel <holger.dippel@umassd.edu> wrote:

In Grouper version 2.0.3 with ldappcng I managed to have the subject source using the AD global catalog port 3268, and ldappcng the local domain port 389. This worked fine.

Since our AD currently has multiple OUs for persons I need to set the people OU to the domain root and use the GC port to avoid continuation reference errors.

In Grouper 2.1.1 with PSP, I tried a similar configuration by putting the local domain port in the ldap.properties file, and leaving the GC port in the sources.xml thinking it would work the same as in ldappcng. I got a bulkCalc to generate meaningful output of what should happen, but when running a bulkSync, it tells me in the delete response that this operation is not allow on the GC port. This means that the subject source is no longer separated from the ldap.properties provisioning target. The documentation indicates connection pooling so I guess this outcome makes sense.

Can I still achieve the desired separation of source and target with PSP?

Thank you,


Holger

Holger Dippel
Director of IT Development and Integration
University of Massachusetts Dartmouth
285 Old Westport Road • North Dartmouth, MA 02747

508-999-9181 • holger.dippel@umassd.edu

http://www.umassd.edu/

CITS will never ask you for your password or other confidential information via email. Beware of phishing scams where email and/or malicious web sites try to trick users into entering their username and password.
For more information about password security please visit: http://www.umassd.edu/cits/security/





Archive powered by MHonArc 2.6.16.

Top of Page