Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] grouper posix gidNumber

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] grouper posix gidNumber


Chronological Thread 
  • From: Michael R Gettes <>
  • To: Keith Hazelton <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] grouper posix gidNumber
  • Date: Fri, 20 Jan 2017 16:48:08 -0500
  • Ironport-phdr: 9a23:7XKLCBRSGZ1vxvk7mEPI1xHpFtpsv+yvbD5Q0YIujvd0So/mwa6yYhyN2/xhgRfzUJnB7Loc0qyN4vymBTdLuMvZ+Fk5M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG5oAnLucQbj4RuJrsxxxfVv3BFZ/lYyWR0KFyJgh3y/N2w/Jlt8yRRv/Iu6ctNWrjkcqo7ULJVEi0oP3g668P3uxbDSxCP5mYHXWUNjhVIGQnF4wrkUZr3ryD3q/By2CiePc3xULA0RTGv5LplRRP0lCsKMSMy/XrJgcJskq1UvBOhpwR+w4HKZoGVKOF+db7Zcd8DWGZNQtpdWylHD4ihbYUAEvABMP5EoIbyulUArRmxCwejCu3sxD9GmHj40LYm0+Q4FAHKwAwgE84MvXnSsd77NL0SUeewzKTQyjvDbu9Z2Tfn54fWdhAqvO2CVq9xf8XP1UkvCx3Kjk6NooHiOjOVzOsNvmaH4+d7TeKvkHMnpxtvrTey28chk4/EjZ8bxFDD8CV22oc1JdugRU56Z96kDIVftzucN4RoXsMuXXtktzgnxb0boZK6cikKyI87yBLFdfOIbpWI7xT+X+iSOTd1nG9pdKy8ihqo7ESs1+7xWtOp3FtFrydJiMTAu34M2hDL98SLVPhw8l281TqS1A3f8PxILV0omabBJJMszLg9nYcJv0vZBC/5gkD2gbeWdko6/uio7PzqYqn8ppOCKYN0jBzyPrk0lcClG+s4KRYBX3SB9eSkz73j4Ff1T6tXgf0riqXZsZbaKtoHpqOhHgNZzIUu5wyiAzu709kUh2QLIV1EdR6dkoTkNVDDLOj9DfilglSslDlrx+rBPr3kGpjNK2LDkLjvcLph8ENc0BEzzc1F651KF74BPer/WlXtu9zAEh85Lwu0zv7oCNVn0YMeRHqPDbGDMK/LrF+I/fwgI/OXZIIOvDb9KuMl5+L1jXMng1MdfK+p3YcJZ3CiGPRpPVmZbWT2jtgfDGgKo1l2cOu/q1CDTT4bR3+gUqYg4TdzXIGrDJvDAICkkrGFwCC9NoJXfWsAB1yRRyTGbYKBDtINYyKbL8spqHQrWKS9RpRpgRS0u1Si46J8M6zZ9jBO5sGr78R8++CGzUJ6zjdzFcnIljjVF2w=
How would that support the use of Grouper as the locus for group management?
Peter’s answer for Brown I would think is what TIER would want from an
architectural perspective, yes?

/mrg

> On Jan 20, 2017, at 4:35 PM, Keith Hazelton
> <>
> wrote:
>
> Just as a side note, midPoint, an open source product that TIER is
> evaluating has the ability to assign and manage gids and other aspects of
> POSIX user accounts by provisioning to LDAP.
> ___________________________________
> email & jabber:
>
> calendar: http://go.wisc.edu/i6zxx0
>
> On 2017-01-20, 15:01 ,
> "
> on behalf of Michael R Gettes"
> <
> on behalf of
> >
> wrote:
>
> thank you Peter.
>
> i feel like there are bits of doc spread throughout but nothing that
> brings together “this is how to get posix groups to work”. doc that is
> more task oriented - follow these steps and this is how to manage posix
> groups and gidNumber and so on. am i missing something?
>
> /mrg
>
>> On Jan 20, 2017, at 3:48 PM, Peter DiCamillo
>> <>
>> wrote:
>>
>> For gidNumber, we've been using the idIndex that Grouper generates for
>> group (and other objects):
>> https://spaces.internet2.edu/display/Grouper/Integer+IDs+on+Grouper+objects
>> For us, Grouper is the authoritative source for the GIDs.
>>
>> Peter
>>
>> On 1/20/17 3:38 PM, Michael R Gettes wrote:
>>> Has anyone done work to manage posix gidNumber within grouper and would
>>> you care to share your work?
>>>
>>> I believe it should be possible to create a global attribute keeping the
>>> next gidNumber and then to assign a gidNumber attribute with the current
>>> global gidNumber to a group and then increment the global.
>>>
>>> This should be documented some place so others can leverage.
>>>
>>> I also don’t understand how to specify which groups should pushed to LDAP
>>> (and how to exclude subsets). If anyone has done this and has examples -
>>> please share.
>>>
>>> I am concerned the current PSPng implementation presumes 2 group objects
>>> in LDAP, one for the normal group and a separate group for the Posix
>>> version. This doesn’t seem right to me, we should be able to include
>>> posix attributes within any group object. I have private email out to
>>> Bert these questions as well.
>>>
>>> If I can get these problems resolved then I am halfway to eliminating the
>>> need for the CMU GAP code.
>>>
>>> /mrg
>>>
>>
>
>
>


Archive powered by MHonArc 2.6.19.

Top of Page