Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAP groups in sources.xml

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAP groups in sources.xml


Chronological Thread 
  • From: Shilen Patel <>
  • To: Gagné Sébastien <>, Gasperowicz Jérémy <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] LDAP groups in sources.xml
  • Date: Wed, 30 Jan 2013 16:40:29 +0000
  • Accept-language: en-US

I think if you do that, you may be able to treat LDAP groups as entities
that can be added as members of Grouper groups, but that may not produce
the desired result since the LDAP groups wouldn't really be treated as
groups with *members*. For instance, viewing the members of a Grouper
group that contains the LDAP group as a member wouldn't show the indirect
memberships. Also, if a member gets added to the LDAP group and new
indirect memberships are effectively created, then Grouper wouldn't send
out notifications since it wouldn't have known about the LDAP update.

Thanks!

-- Shilen




On 1/30/13 10:39 AM, "Gagné Sébastien"
<>
wrote:

>To understand correctly you want to have a Grouper Group which the
>members are users and/or groups from the ldap ?
>
>I'm not sure if "<type>person</type>" does anything
>
>What I would check is that your LDAP groups have subject ID with this
>part (maybe CN in your case) :
><init-param>
> <param-name>SubjectID_AttributeType</param-name>
> <param-value>sAMAccountName</param-value>
> </init-param>
>
>
>And that the searches have filters that can see groups, something like :
>
><param-name>filter</param-name>
> <param-value>
>
>(&amp;(sAMAccountName=%TERM%)(|(objectclass=user)(objectclass=group)))
> </param-value>
>
>If I'm not clear we can always talk in French if you prefer ;~)
>
>-----Message d'origine-----
>De :
>
>[mailto:]
> De la part de Gasperowicz
>Jérémy
>Envoyé : 30 janvier 2013 10:30
>À : Shilen Patel
>Cc :
>
>Objet : Re: [grouper-users] LDAP groups in sources.xml
>
>Hi,
>
>I want to reference a group which exists in LDAP as a group in grouper
>without to sync with loader LDAP. In sources.xml, with
><type>person</type>, a LDAP group is taken such a member, not a group
>with his own members, that's the problem. I thought <type>group</type>
>could solve this with a direct connection to ou=groups
>
>Thanks
>
>Le 30/01/2013 15:58, Shilen Patel a écrit :
>> Hi,
>>
>> Are you trying to reference a group in Grouper that's sourced out of
>> LDAP instead of locally in Grouper's database? I think you'll want to
>> sync the group from LDAP to Grouper using the Grouper loader or PSP.
>> If I'm misunderstanding, can you elaborate on your use case?
>>
>> Thanks!
>>
>> -- Shilen
>>
>> On 1/29/13 4:46 AM, "Gasperowicz Jérémy"
>> <>
>> wrote:
>>
>>> Hi,
>>>
>>> I've tried to add a JNDI group resolver in order to add members from
>>> a group in the LDAP but doesn't work, i've the error : Cant find
>>> group by
>>> uuid: 2IIGAC211
>>> Is it possible to add members directly from LDAP group without
>>> retrieve this group in grouper, with a JNDI group resolver
>>> (<type>group</type>) and if it is, how ?
>>>
>>> Thanks a lot,
>>>
>>> Jérémy Gasperowicz
>




Archive powered by MHonArc 2.6.16.

Top of Page