grouper-users - Re: [grouper-users] Provisioning Google Groups from Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: David Langenberg <>
- To: Jared Hoffman <>
- Cc: Gouper Users <>
- Subject: Re: [grouper-users] Provisioning Google Groups from Grouper
- Date: Wed, 22 Jul 2015 14:47:49 -0600
You probably don't want to use CN as a SubjectID. That will cause you no end of headache as soon as the second 'John Smith' shows up. Instead you should choose an ID that uniquely identifies the individual. As for the provisioning part, if you use CN, you'll have to mess a bit with the psp-resolver.xml file to add a lookup attribute to translate CN into DN. See:
For how that lookup is performed in the example. That particular example performs a CN lookup in AD and turns that into a DN for creating the memberships.
Dave
On Wed, Jul 22, 2015 at 2:40 PM, Jared Hoffman <> wrote:
Thanks. I've been working through that. I'm using myself as a test and loaded person records manually into ldap. The problem I'm having now is that grouper is trying to add "Jared Hoffman" to the ldap group, not "hoffmanj" or "." sources.xml lets me say what subjectID I want, cn instead of uid, but I can't find where to tell it to use the account name or mail field in grouper, not displayname.On Wed, Jul 22, 2015 at 4:33 PM, David Langenberg <> wrote:Grouper won't put users into OpenLDAP. They must exist before you can add them to groups.
Dave--On Wed, Jul 22, 2015 at 12:40 PM, Jared Hoffman <> wrote:Thanks. I've been working on publishing grouper groups to a new openldap server. I used the psp-example-grouper-to-openldap conf, but had to switch to the psp-example-grouper-to-openldap-memberof-overlay conf to get it to publish groups to openldap.I still can't get grouper to provision users to openldap though. I haven't loaded all the people objects into openldap, but I did load just a couple (the only members of my test groups) and I haven't been able to publish group members.One other problem I'm having, that I can ignore if I don't get it figured out, is that even when doing a flat structure, all the groups are provisioned in openLDAP. The groups are provisioned at the top level, so I can work around it.
JaredOn Tue, Jul 14, 2015 at 10:36 AM, John Gasper <> wrote:Hi Jared,For your approach to work you’d need to use the PSP to push to an intermediary ldap server.For another option, you might want to check out https://github.com/Unicon/googleapps-grouper-provisioner. I don’t believe that anyone has deployed this to production (if so I’d love to hear back from them), but it should push changes from Grouper to Google Groups.Thanks,John--John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3efFrom: <> on behalf of Jared Hoffman <>
Date: Monday, July 13, 2015 at 8:22 PM
To: <>
Subject: [grouper-users] Provisioning Google Groups from GrouperOne of our first use cases for Grouper is to provision Google Groups based on groups listed in Banner to replace an out dated email list system. I've got the grouper loader and subject API working, thanks to the great training resources, to get account data from active directory and membership data from banner to populate lists, so I have all the group memberships I need to get started.I was looking at the PSP documentation and saw some notes about it changing in future releases, but I'm too new to grouper to know what that means for my implementation. I was thinking that I'd need to use the PSP to provision the grouper groups into Active Directory, then use Google Apps Directory Sync to sync the groups to Google Groups. Is there way to present the grouper groups as an LDAP server so I can use GAPS to sync group memberships or is there another approach I should be looking at to future proof me from changes to the PSP?
Thanks
Jared--Jared Hoffman
Associate Director for Enterprise Infrastructure
LBIS Information Technology Services--Jared Hoffman
Associate Director for Enterprise Infrastructure
LBIS Information Technology ServicesDavid LangenbergIdentity & Access Management ArchitectThe University of Chicago--Jared Hoffman
Associate Director for Enterprise Infrastructure
LBIS Information Technology Services
David Langenberg
Identity & Access Management Architect
The University of Chicago
- [grouper-users] Provisioning Google Groups from Grouper, Jared Hoffman, 07/14/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, John Gasper, 07/14/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, Jared Hoffman, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, David Langenberg, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, Jared Hoffman, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, David Langenberg, 07/22/2015
- [grouper-users] Problem for Import/Export, Wallaert-Taquet Brigitte, 07/27/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, David Langenberg, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, Jared Hoffman, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, David Langenberg, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, Jared Hoffman, 07/22/2015
- Re: [grouper-users] Provisioning Google Groups from Grouper, John Gasper, 07/14/2015
Archive powered by MHonArc 2.6.16.