Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] PSP to LDAP- member provisioning

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] PSP to LDAP- member provisioning

Chronological Thread 
  • From: "Waldbieser, Carl" <>
  • To: Mark Cairney <>
  • Cc:
  • Subject: Re: [grouper-users] PSP to LDAP- member provisioning
  • Date: Fri, 12 Sep 2014 11:32:25 -0400 (EDT)


We've just started experimenting with Grouper.
We haven't reached the point where we are pushing from Grouper to LDAP, yet,
but we have brought over Subjects from LDAP to Grouper.

It boiled down to using the Grouper Loader and configuring your sources.xml,
your, and your files.
I copied the LDAP section from one of the example files and put it into
sources.xml. I had to run ant and redeploy the WAR file so that the UI would
know about the changes, too.

Carl Waldbieser
ITS System Programmer
Lafayette College

----- Original Message -----
From: "Mark Cairney"

Sent: Friday, September 12, 2014 10:41:20 AM
Subject: [grouper-users] PSP to LDAP- member provisioning


We've made a bit of progress re: provisioning our LDAP from Grouper.
It's now creating the stem and group objects but we can't get it to
create user accounts.
If we use ldap as the source for members it doesn't do anything at all-
as far as I can tell it's not even attempting to look up user DNs.

It we use grouper as the source we were having the same issue however
adding an additional field of the form: "uid=<uid>" in the Grouper does
populate members but without the people baseDN so the user objects
aren't actually members as far as LDAP is concerned and the memberOf
attribute isn't updated. As our current LDAP target has a flat users OU
we could construct the full user DN in the database and use that as the
source field but this would limit us going forward e.g. if we were to
provision to AD as well as our AD doesn't have a flat namespace for user

Having compared the relevant sections of psp-resolver.xml, psp.xml and
sources.xml I can't see any obvious differences between what we have and
what's in the examples.

I've got a feeling we're close but I'm a bit puzzled by this as I would
have thought this should be standard behaviour.

I've attached the psp-resolver.xml and sources.xml files both with and
without LDAP set up, our psp.xml (which wasn't actually changed) and the
error log for a bulksync run using only a small stem. The posixGroup
errors can be ignored as these are just groups which don't have a gid
field in Grouper.


Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565

PGP: 0x435A9621


The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Archive powered by MHonArc 2.6.16.

Top of Page