grouper-users - Re: [grouper-users] Provisioning from AD to Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: "Bryan E. Wooten" <>
- Cc: "" <>
- Subject: Re: [grouper-users] Provisioning from AD to Grouper
- Date: Tue, 4 Dec 2012 14:36:32 -0600
Yes, psp-example-ldap-to-grouper provides example configuration files (in src/test/resources) to provision from an ldap directory to grouper. This example was tested against openldap, and probably requires some customization to provision from active directory.
There are examples of how to provision from grouper to ldap directories, not specifically opendj though, so psp-example-grouper-to-ldap would probably require customization.
Configuring the psp to synchronize from AD to grouper and then to opendj should be considered "advanced", mostly meaning that there is no existing example configuration so it may take measurable effort on your part. You will probably need two separate configuration directories for the psp.
As mentioned previously on this list, the grouper loader provides an alternative to the psp.
So, feasible, yes, depending on your requirements. I'll suggest starting by running the psp from the command line to provision from AD to grouper, and then again running the psp from the command line to provision from grouper to opendj.
Contributing your successful configurations will also help ;-)
TomZ
On Tue, Dec 4, 2012 at 12:03 PM, Bryan E. Wooten <> wrote:
Hi all,
I have successfully hooked up Group to my OpenDJ Subject source and can add persons from this LDAP to groups. I have added myself to the wheel group.
The next step I'd like to take is provision Grouper with groups from Active Directory. I assume I need to follow the steps outlined here:
Configuration Example : LDAP to Grouper
This example provisions groups, stems, and memberships from an ldap directory to Grouper.
examples psp-example-ldap-to-grouper Configure LDAP Provisioning Target
The LDAP provisioning target connection is configured in ldap.properties.
Configure the default search base DN to match your directory :
etc…..
Is the right place?
Once I get the AD groups provisioned in grouper I'd like to push them out to my OpenDJ LDAP. Does this sound feasible?
One last thing, in order to login to the UI with id from my LDAP source, I would need to enable either CAS or Shib authentication?
Again thanks,
-Bryan
- [grouper-users] Provisioning from AD to Grouper, Bryan E. Wooten, 12/04/2012
- Re: [grouper-users] Provisioning from AD to Grouper, Tom Zeller, 12/04/2012
- <Possible follow-up(s)>
- RE: [grouper-users] Provisioning from AD to Grouper, Gagné Sébastien, 12/04/2012
Archive powered by MHonArc 2.6.16.