grouper-users - RE: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons)
Subject: Grouper Users - Open Discussion List
List archive
RE: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons)
Chronological Thread
- From: "Bryan E. Wooten" <>
- To: Rahul Doshi <>, "" <>
- Subject: RE: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons)
- Date: Wed, 9 Oct 2013 15:09:53 +0000
- Accept-language: en-US
> I am aslo considering the idea of running two loader daemons to provision to two different LDAP environments. I just wanted everyones opinion if there are
any shortcomings >to this approach. I know running two loader daemons is not recommended but can it be run without issues if changelog is disabled in one loader daemon? This is my current approach. There are other grouper-loader.properties to change also. >? I previously tried configuring two separate PSP in grouper-loader.properties to provision to AD and 389 but couldn't figure out a way to have separate configuration >files (psp.xml, psp-resolver.xml) for
running the PSP. I thought of this also and also identified this issue. I THINK the problem is that the PSP assumes the psp*.xml files reside in the /conf directory and have known names. This could probably be
easily fixed by locating where the files are read in the PSP and have the code read a property first. I may look into this. > I also tried configuring everything in single file but that became complicated quickly. That was my original attempt, following the PSP multiple ldap example. Yes it became very complicated (so many XML attributes with similar names! And references.). I have this “mostly” working.
I can get folders and groups provisioned to both AD and OpenDJ. I just can’t members added to groups in OpenDJ. For some reason it tries to use AD DNs for members… That is where I got stuck. I know it is probably some little piece of XML but I can’t find where
to make the change. That lead me to the 2 daemon solution. I have one last potential solution I’ll try if I can’t 2 daemons to work. That is I’ll use the Grouper to Grouper sync functionality. One would provision AD and the other OpenDJ. Of course this
doubles my infrastructure in a sense (2 DBs, 2 grouper daemon servers). I can’t believe someone else hasn’t had the use case to provision 2 disparate LDAPs using the PSP and solved this issue.
Cheers, Bryan From: Rahul Doshi [mailto:]
Hello, I am aslo considering the idea of running two loader daemons to provision to two different LDAP environments. I just wanted everyones opinion if there are any shortcomings to this approach. I
know running two loader daemons is not recommended but can it be run without issues if changelog is disabled in one loader daemon? I previously tried configuring two separate PSP in grouper-loader.properties to provision to AD and 389 but couldn't figure
out a way to have separate configuration files (psp.xml, psp-resolver.xml) for running the PSP. I also tried configuring everything in single file but that became complicated quickly. Thanks, Rahul From: "Bryan E. Wooten" <> So this seems to work, mostly. Except like I said, OpenDJ gets 2 CNs while AD just gets one. One is what I expect “(cn=groupname”). The other is like this: “cn=folder:ou:groupname”. Version 2.1.4 running 2 loader daemons, one has a PSP to provisionAD and the other to provision OpenDJ. The daemon running the OpenDJ PSP has loader functionality disabled via grouper-loader.properties. It is just a platform to run the PSP. It does not process change logs. Both daemons are linked to the same DB. -Bryan |
- [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons), Bryan E. Wooten, 10/08/2013
- Re: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons), Rahul Doshi, 10/09/2013
- RE: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons), Bryan E. Wooten, 10/09/2013
- Re: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons), Rahul Doshi, 10/09/2013
- RE: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons), Bryan E. Wooten, 10/09/2013
- Re: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons), Rahul Doshi, 10/09/2013
Archive powered by MHonArc 2.6.16.