Grouper Users - Open Discussion List

[David Langenberg <>]

Hi David,

You also need to draw a line from the psp.xml to the source LDAP too.  In general, the <pso> blocks all describe what to do from a source object to a target.  They rely on the stuff in the psp-resolver.xml to make the abstractions concrete and then applied via the PSP into the target.  The key in the psp.xml is to look for targetId="ldap".  That indicates a section dedicated to constructing and writing something (group, membership) to the LDAP target server.  <reference> tags indicate reading some key data.  Where you're reading comes from attributes built in the psp-resolver.xml and can be from many sources (source-ldap, grouper, other sources, etc).  There's no real clear way to draw a finite line to each config file or even each block in a config file (aside from sources.xml) and say "this is ONLY target LDAP" or "this controls reading only from source LDAP" as there's a lot of contextual stuff involved.

Dave

On Mon, Sep 29, 2014 at 2:06 PM, David Vezzani <> wrote:

I’m trying to understand the PSP configuration files, how they are used and what is using them.

During the PSP execution process, does communication only take place between Grouper and a target LDAP (that is the data store I want to provision to)?  Or can PSP be configured to find the source LDAP the Grouper records point to and then extract additional information, like subject attributes?

If the latter is true, I need to know which PSP settings will be applied to the target LDAP and which will be applied to the source LDAP.

I have attached my attempt at drawing these relationships.

--
David Langenberg

Identity & Access Management

The University of Chicago