Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: Can grouper sync a user's password with Ldap and AD?

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: Can grouper sync a user's password with Ldap and AD?

Chronological Thread 
  • From: "Bee-Lindgren, Bert A" <>
  • To: John Kamminga <>, "" <>
  • Subject: [grouper-users] Re: Can grouper sync a user's password with Ldap and AD?
  • Date: Tue, 29 Mar 2016 18:17:04 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

This is probably a matter of opinion, but I'll relate the latest grouper-dev conversation on this topic:

Short answer: Password syncing falls outside of Grouper's delivered tools and best practices.

Longer answer: Grouper is focused on representing group membership in target systems. Sometimes, that might include editing User objects in the target (eg, representing group membership as entitlement values), and it might stretch to creating (very thin) User objects if everything necessary for them is naturally mapped into Subjects within the Grouper database (email, name, username, etc). However, we're focusing on simpler and faster provisioning integrations which necessarily leave general-user-syncing to your IDM.

Hoping this helps,


From: <> on behalf of John Kamminga <>
Sent: Tuesday, March 29, 2016 1:57 PM
Subject: [grouper-users] Can grouper sync a user's password with Ldap and AD?

It’s been a while since we’ve looked into using Grouper. I apologize if the question’s been answered before.


We need to be able to sync user’s attributes from our Identity Management system which for Grouper will just be an Oracle DB to AD/Ldap. I know Grouper can create and manage group memberships in AD and Ldap according to attributes it pulls in from Idm. Can it also sync these attributes between Idm and AD/Ldap? What I’m mainly concerned about is if Grouper can Sync the users password from an Oracle DB into AD and Ldap? Also, does Grouper just pass it along or does it store it locally?



John Kamminga

Identity Management Architect

Information Technology Department

University of California, Merced

T: 209.228.2965




Archive powered by MHonArc 2.6.16.

Top of Page