Grouper Users - Open Discussion List

[David Langenberg <>]

Hi Brian,

Apologies for the tardiness of this reply.  For #2 the PSP is presently the tool supported by the project for writing group data from Grouper to AD.  There is an example directory in the PSP distribution with some sample configuration for writing group information to AD.  That said, there do seem to be a decent number of deployers out there who choose to write their own provisioner for LDAP/AD in order to meet specific needs unique to their environments.

Dave

On Fri, Sep 26, 2014 at 12:56 PM, Brian Koehmstedt <> wrote:

Hello.  UC Merced is new to Grouper and the team as a whole is facing some basic questions.

Our basic use case:
#1) Create a group in Grouper and load membership using an LDAP query
#2) Provision the membership of this group to a group in ActiveDirectory.  (Note that the DNs in AD are slightly different than the DNs in LDAP.)

We've figured out how to do #1 with the Grouper Loader.  #2 is proving a little more challenging.

What's the right tool for #2, the provisioning-to-AD part?  Is PSP the right tool, or is the Loader also capable of writing membership lists to AD groups?  Is there a URL that is best to use as documentation for this kind of provisioning use case?

The team is focused on PSP for this, but the complexity of PSP is proving difficult to understand for our use case, and we're not even sure if PSP is really meant to do this.

Thank you.

--
David Langenberg

Identity & Access Management

The University of Chicago