grouper-users - RE: [grouper-users] Provisionning to multiple directories
Subject: Grouper Users - Open Discussion List
List archive
- From: "Bryan E. Wooten" <>
- To: David Langenberg <>, Gagné Sébastien <>
- Cc: "" <>
- Subject: RE: [grouper-users] Provisionning to multiple directories
- Date: Thu, 10 Oct 2013 14:52:55 +0000
- Accept-language: en-US
Hi all, After much trial and tribulation I CANNOT get the PSP to provision to both AD and OpenDJ. This is a must have requirement. Given this statement from David: “While it is true the overall movement will eventually be away from the PSP, support for the PSP as it stands will continue
for quite awhile.” I have decided to write my own ChangeLogConsumer to provision both AD and LDAP. So I am not sure if I should be directing these questions to this mail list or the dev mail list. Reading here: https://spaces.internet2.edu/display/Grouper/Notifications+(change+log)#Notifications%28changelog%29-consumer I assume that returning the sequence number is what prevents the change log consumer from processing the same change repeatedly?
Thanks, Bryan From: [mailto:]
On Behalf Of David Langenberg Hi Sébastien, I'd recommend sticking with the PSP for this. While it is true the overall movement will eventually be away from the PSP, support for the PSP as it stands will continue for quite awhile. As far as how to do this, you could follow the
example psp-to-grouper-openldap-multiple. Just setup additional PSOs in your psp.xml for the new ldap system and any necessary attributes in psp-resolver that are specific to the new LDAP service. If you want to try your other method whereby your run two grouper daemons, all you need to do is ensure the 2nd daemon uses a different name for the ChangeLogConsumerName. So, in your grouper-loader.properties you'd put changeLog.consumer.pspnewldap.class=edu.internet2.middleware.psp.grouper.PspChangeLogConsumer That would assign your other PSP config a separate pointer from your normal PSP and they'd independently track where they're at. Dave On Thu, Sep 12, 2013 at 1:45 PM, Gagné Sébastien <> wrote: Hi, IIRC I saw two projects where provisioning to multiple LDAP Directories was done using the PSP. Did it work ? We might soon have to do something similar where
two root stems will each be sent to different LDAP directories with different configurations (e.g. the current configuration sends groups with members, the second (new) one will only create groups).
So I wanted to get some feedback from the team on how I should do it. My current option would be to use the PSP (as my current config does), but it seems this
part of the product is being phased out. Will a replacement be available soon (next 2-3 months) or should I still do it with the PSP ? Another option I see could be: Since I have two servers running Grouper (for UI high availability), but only one running the Daemon, would it be possible to run
only the PSP on the second one with a completely different configuration to avoid mixing the PSP configurations and have something simpler. I suppose it might create more problem that way, e.g. there’s only one latest changelog number for the PSP in the database,
but maybe I could run it only in bulkSync mode. Thanks Sébastien Gagné,
| Analyste en informatique 514-343-6111 x33844
|
Université de Montréal, |
Pavillon Roger-Gaudry, local X-100-11
-- Identity & Access Management The University of Chicago |
- RE: [grouper-users] Provisionning to multiple directories, Bryan E. Wooten, 10/10/2013
Archive powered by MHonArc 2.6.16.