Grouper Users - Open Discussion List

[Keith Hazelton <>]

Yes.

___________________________________
email & jabber: 

calendar: http://go.wisc.edu/i6zxx0

On 2017-01-20, 15:48 , "Michael R Gettes" 
<>
 wrote:

    How would that support the use of Grouper as the locus for group 
management?  Peter’s answer for Brown I would think is what TIER would want 
from an architectural perspective, yes?
    
    /mrg
    
    > On Jan 20, 2017, at 4:35 PM, Keith Hazelton 
<>
 wrote:
    > 
    > Just as a side note, midPoint, an open source product that TIER is 
evaluating has the ability to assign and manage gids and other aspects of 
POSIX user accounts by provisioning to LDAP.
    > ___________________________________
    > email & jabber: 

    > calendar: http://go.wisc.edu/i6zxx0
    > 
    > On 2017-01-20, 15:01 , 
"
 on behalf of Michael R Gettes" 
<
 on behalf of 
>
 wrote:
    > 
    >    thank you Peter.
    > 
    >    i feel like there are bits of doc spread throughout but nothing that 
brings together “this is how to get posix groups to work”.   doc that is more 
task oriented - follow these steps and this is how to manage posix groups and 
gidNumber and so on.  am i missing something?
    > 
    >    /mrg
    > 
    >> On Jan 20, 2017, at 3:48 PM, Peter DiCamillo 
<>
 wrote:
    >> 
    >> For gidNumber, we've been using the idIndex that Grouper generates for 
group (and other objects): 
https://spaces.internet2.edu/display/Grouper/Integer+IDs+on+Grouper+objects 
For us, Grouper is the authoritative source for the GIDs.
    >> 
    >> Peter
    >> 
    >> On 1/20/17 3:38 PM, Michael R Gettes wrote:
    >>> Has anyone done work to manage posix gidNumber within grouper and 
would you care to share your work?
    >>> 
    >>> I believe it should be possible to create a global attribute keeping 
the next gidNumber and then to assign a gidNumber attribute with the current 
global gidNumber to a group and then increment the global.
    >>> 
    >>> This should be documented some place so others can leverage.
    >>> 
    >>> I also don’t understand how to specify which groups should pushed to 
LDAP (and how to exclude subsets).  If anyone has done this and has examples 
- please share.
    >>> 
    >>> I am concerned the current PSPng implementation presumes 2 group 
objects in LDAP, one for the normal group and a separate group for the Posix 
version.  This doesn’t seem right to me, we should be able to include posix 
attributes within any group object.  I have private email out to Bert these 
questions as well.
    >>> 
    >>> If I can get these problems resolved then I am halfway to eliminating 
the need for the CMU GAP code.
    >>> 
    >>> /mrg
    >>> 
    >> 
    > 
    > 
    >