Grouper Users - Open Discussion List

[Jim Fox <>]

We operate an openldap cluster that is an integral part of our groups
web service.  It handles most membership requests.  That cluster
is always provisioned immediately (within a few seconds) and gets
all groups and members.

Everything else, including an active directory, is provisioned
through a messaging queue, presently activeMQ, but will probably be
an AWS queue someday.  This AD gets all groups except those that
won't fit: name longer than 63 characters, member not itself in
AD, etc.

We expect to add a 'change notice' service this year.  Anyone will
be able to subscribe to it and receive notifications when a group
changes.  They can use these to provision local caches, including
local ADs.

Jim


On Fri, 1 Mar 2013, Earl Lewis wrote:

> Date: Fri, 1 Mar 2013 08:53:50 -0800
> From: Earl Lewis 
> <>
> To: 
> ""
>  
> <>
> Subject: [grouper-users] Design question
>
> We had an interesting discussion yesterday concerning Grouper and it's 
> provisioning to multiple LDAPs. We're in the middle of a limited pilot for
> our IT department. Our thinking is that we are going to have Grouper 
> provisioning groups on an OpenDJ and ActiveDirectory. Obviously these are two
> different beasts and need to have their own connector/configurations so 
> updates in Grouper can be reflected in the directories. 
>
> The question came when we started talking about provisioning to one directory 
> OR the other, I.e. push some groups to one directory flavor and some
> to the other. In other words not just arbitrarily pushing all updates to 
> both. Is targeting specific directories for specific groups the norm, or
> the exception? 
>
> I assume others out there are in similar circumstances so I'm wondering what 
> you're doing and you're doing it? 
>
> Earl
>
> 801-581-3635 (office)
> 801-554-3596 (mobile)