grouper-users - Re: [grouper-users] PSP to LDAP- member provisioning
Subject: Grouper Users - Open Discussion List
List archive
- From: "Waldbieser, Carl" <>
- To: Mark Cairney <>
- Cc:
- Subject: Re: [grouper-users] PSP to LDAP- member provisioning
- Date: Fri, 12 Sep 2014 11:32:25 -0400 (EDT)
Mark,
We've just started experimenting with Grouper.
We haven't reached the point where we are pushing from Grouper to LDAP, yet,
but we have brought over Subjects from LDAP to Grouper.
It boiled down to using the Grouper Loader and configuring your sources.xml,
your grouper-loader.properties, and your ldap.properties files.
I copied the LDAP section from one of the example files and put it into
sources.xml. I had to run ant and redeploy the WAR file so that the UI would
know about the changes, too.
Thanks,
Carl Waldbieser
ITS System Programmer
Lafayette College
----- Original Message -----
From: "Mark Cairney"
<>
To:
Sent: Friday, September 12, 2014 10:41:20 AM
Subject: [grouper-users] PSP to LDAP- member provisioning
Hi,
We've made a bit of progress re: provisioning our LDAP from Grouper.
It's now creating the stem and group objects but we can't get it to
create user accounts.
If we use ldap as the source for members it doesn't do anything at all-
as far as I can tell it's not even attempting to look up user DNs.
It we use grouper as the source we were having the same issue however
adding an additional field of the form: "uid=<uid>" in the Grouper does
populate members but without the people baseDN so the user objects
aren't actually members as far as LDAP is concerned and the memberOf
attribute isn't updated. As our current LDAP target has a flat users OU
we could construct the full user DN in the database and use that as the
source field but this would limit us going forward e.g. if we were to
provision to AD as well as our AD doesn't have a flat namespace for user
DNs.
Having compared the relevant sections of psp-resolver.xml, psp.xml and
sources.xml I can't see any obvious differences between what we have and
what's in the examples.
I've got a feeling we're close but I'm a bit puzzled by this as I would
have thought this should be standard behaviour.
I've attached the psp-resolver.xml and sources.xml files both with and
without LDAP set up, our psp.xml (which wasn't actually changed) and the
error log for a bulksync run using only a small stem. The posixGroup
errors can be ignored as these are just groups which don't have a gid
field in Grouper.
--
/****************************
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email:
PGP: 0x435A9621
*******************************/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
- [grouper-users] PSP to LDAP- member provisioning, Mark Cairney, 09/12/2014
- Re: [grouper-users] PSP to LDAP- member provisioning, Waldbieser, Carl, 09/12/2014
- Re: [grouper-users] PSP to LDAP- member provisioning, David Langenberg, 09/15/2014
- Re: [grouper-users] PSP to LDAP- member provisioning, Mark Cairney, 09/16/2014
Archive powered by MHonArc 2.6.16.