Grouper Users - Open Discussion List

[Gagné Sébastien <>]

FYI, another way to import all your LDAP Groups would be to use the LDAP Loader : https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP

 

This might be easier to do than merging both configuration in the PSP.

 

 

De : [mailto:] De la part de Bryan E. Wooten
Envoyé : 28 mars 2013 16:11
À :
Objet : [grouper-users] Question about LDAP to Grouper provisioning

 

Hi all,

 

There is the psp-example-ldap-to-grouper but the documentation is rather sparse here: https://spaces.internet2.edu/display/Grouper/Grouper+Provisioning#GrouperProvisioning-ConfigurationExample%3ALDAPtoGrouper so I have several questions.

 

I have Grouper configured using the psp-example-grouper-to-active-directory. This is working great.

 

I now want import all the existing AD groups into Grouper (we potentially have thousands), recreating this by hand in Grouper would be impossible.

 

Looking at the differences between the psp.xml from grouper-to-ad and ldap-to-grouper, the first thing I notice is that both have a pso with the id of “stem”. There does not appear to be anyway to combine the settings into one pso with and id of “stem”.

 

Would it be appropriate to create a pso with an id of “ADToGrouperStem” and continue with the ad-to-grouper example? And doing the same type of thing for the pso with id of “group”?

 

Of course this assumes that the PSP can in fact both provision to and from AD. Is this true?

 

And last question. Provision from Grouper to AD is kicked off either at the gsh command prompt (loaderRunOneJob, gsh –psp –sync <id>) or using the Quartz timer in the Grouper loader. What command or setting kicks off ad-to-grouper provisioning? There is no change log to run against for AD changes.

 

Thanks,

 

Bryan