Grouper Users - Open Discussion List

[Marwan Shaher <>]

Thanks, Andy. I believe the code currently doesn't parse out the LDAP 
url string to determine the scope. I can see why, in case someone needs 
to have different scopes for different LDAP queries. e.g: sub scope for 
subjectID to subjectIdentifier queries, but one level scope for 
determining if a member exist in a group in an OU with flat group structure.

Thanks,

Marwan

On 04/28/2016 11:46 AM, Andrew Morgan wrote:
> On Thu, 28 Apr 2016, Marwan Shaher wrote:
>
> > Is there a way in the groupClient's LDAP operations to set or change
> > the LDAP search scope? It looks like by default it is set to search
> > one level (ONELEVEL_SCOPE) of the named context. It would be nice if
> > it could be set to search an entire subtree (SUBTREE_SCOPE).
> > Our use case is that our user accounts are contained in one OU, but
> > there are other OU's that contain service accounts, departmental admin
> > accounts, etc... All accounts get assigned a unique opaque subject ID,
> > and it would be helpful for our users to use the grouperClient to do
> > the subject Id to net Id translation and vise versa.
> > I've gone through the grouperClient 2.3.0 source code and I could only
> > see that the search scope is set in the "examples/LdapExample.java"
> > and "examples/LdapExample2.java". If the solution is to re-compile, is
> > the scope set elsewhere that I should be aware of?
>
> Since it appears to use LDAP URLs, I think you can specify the scope
> like this:
>
>    ldap://ldap.example.com/dc=example,dc=edu??sub
>
> See RFC 2255:
>
>    http://www.ietf.org/rfc/rfc2255.txt
>
>
>      Andy