Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] grouperClient and LDAP search scope

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] grouperClient and LDAP search scope


Chronological Thread 
  • From: Marwan Shaher <>
  • To:
  • Subject: Re: [grouper-users] grouperClient and LDAP search scope
  • Date: Thu, 28 Apr 2016 13:32:37 -0600

Thanks, Andy. I believe the code currently doesn't parse out the LDAP url string to determine the scope. I can see why, in case someone needs to have different scopes for different LDAP queries. e.g: sub scope for subjectID to subjectIdentifier queries, but one level scope for determining if a member exist in a group in an OU with flat group structure.

Thanks,

Marwan

On 04/28/2016 11:46 AM, Andrew Morgan wrote:
On Thu, 28 Apr 2016, Marwan Shaher wrote:

Is there a way in the groupClient's LDAP operations to set or change
the LDAP search scope? It looks like by default it is set to search
one level (ONELEVEL_SCOPE) of the named context. It would be nice if
it could be set to search an entire subtree (SUBTREE_SCOPE).
Our use case is that our user accounts are contained in one OU, but
there are other OU's that contain service accounts, departmental admin
accounts, etc... All accounts get assigned a unique opaque subject ID,
and it would be helpful for our users to use the grouperClient to do
the subject Id to net Id translation and vise versa.
I've gone through the grouperClient 2.3.0 source code and I could only
see that the search scope is set in the "examples/LdapExample.java"
and "examples/LdapExample2.java". If the solution is to re-compile, is
the scope set elsewhere that I should be aware of?

Since it appears to use LDAP URLs, I think you can specify the scope
like this:

ldap://ldap.example.com/dc=example,dc=edu??sub

See RFC 2255:

http://www.ietf.org/rfc/rfc2255.txt


Andy



Archive powered by MHonArc 2.6.16.

Top of Page