Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Incremental pull-based provisioning

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Incremental pull-based provisioning


Chronological Thread 
  • From: Martin van Es <>
  • To:
  • Subject: [grouper-users] Incremental pull-based provisioning
  • Date: Mon, 17 Dec 2012 13:55:58 +0100

Hi,

I'm currently asked to write a technical design in which grouper is the source of provisioning for collaboration shares in University AD/DFS.
The provisioning route is quite awkward and we will start off by using their in-house built relation manangement tool. This tool could easily be modified to consume the groups and relations in grouper, but not so well to be a provisioning target (if alone because of lack of Java expertise), hence my following question:

Is there, other than making a scheduled full export, a way to collect time-based incremental provisioning information from Grouper without defining a provisioning target? It would be nice to have SPML messages based on a question like: show me everything I need to do between an hour ago and now. Or, for full reconciliation: everything between 0 and now, which would look like the raw export in SPML format.

I could think of a proxy service creating these messages based on a stem/group crawl with PIT queries, but a native interface would be a lot more robust, I guess? Can anyone elaborate on this idea (crawl+PIT)? Will that work? Another idea I had was creating a substitute LDAP target that is used to calculate the diff's against? Not so robust if provisioning LDAP or relation tool fails. Although import should be resilient for double provisioning instructions, missing one could be harmful.


Best regards,
Martin
--
If 'but' was any useful, it would be a logic operator



Archive powered by MHonArc 2.6.16.

Top of Page