Grouper Users - Open Discussion List

[David Langenberg <>]

Hi Mark,

What does your ldap.properties look like (sanitized of course)?

Dave

On Fri, Sep 12, 2014 at 8:41 AM, Mark Cairney <> wrote:

Hi,

We've made a bit of progress re: provisioning our LDAP from Grouper.
It's now creating the stem and group objects but we can't get it to
create user accounts.
If we use ldap as the source for members it doesn't do anything at all-
as far as I can tell it's not even attempting to look up user DNs.

It we use grouper as the source we were having the same issue however
adding an additional field of the form: "uid=<uid>" in the Grouper does
populate members but without the people baseDN so the user objects
aren't actually members as far as LDAP is concerned and the memberOf
attribute isn't updated. As our current LDAP target has a flat users OU
we could construct the full user DN in the database and use that as the
source field but this would limit us going forward e.g. if we were to
provision to AD as well as our AD doesn't have a flat namespace for user
DNs.

Having compared the relevant sections of psp-resolver.xml, psp.xml and
sources.xml I can't see any obvious differences between what we have and
what's in the examples.

I've got a feeling we're close but I'm a bit puzzled by this as I would
have thought this should be standard behaviour.

I've attached the psp-resolver.xml and sources.xml files both with and
without LDAP set up, our psp.xml (which wasn't actually changed) and the
error log for a bulksync run using only a small stem. The posixGroup
errors can be ignored as these are just groups which don't have a gid
field in Grouper.

--
/****************************

Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email:
PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

--
David Langenberg

Identity & Access Management

The University of Chicago