Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Grouper Newbie - LDAP integration

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Grouper Newbie - LDAP integration

Chronological Thread 
  • From: "Coleman, Erik C" <>
  • To: "" <>
  • Subject: [grouper-users] RE: Grouper Newbie - LDAP integration
  • Date: Tue, 23 Oct 2018 19:15:53 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:SAtbnR1Q1p+PTqQDsmDT+DRfVm0co7zxezQtwd8ZseISLPad9pjvdHbS+e9qxAeQG9mDtLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLmiDkJOSMl8G/ZicJwgqBUoBO9qBNw2IPbep2ZOOZkc6/BYd8XR2xMVdtRWSxbBYO8apMCA+QfMOZfq4nyuV4OogG4BQW0GejhxSVIhn713aYnzektHxzN0Qs+EN0SrHvZt9T1NKMWUeC0yqnIyjTDb+hM1Tjj9YfIbwksrPeRVrx+dsrRzFMgFwLDjliIpozlJTSV1vkVs2SB6epvT+evhHAhpgpsoTav3t8hhpTNi44L0FzI6Cd0zJw2KNGmUkJ2Y9CpHINNuyyeKYd6WN4uTmNytCs01LEKo4O3cDYSxJQp2RHSaOCLfo2N7x/jSeqdPyl3iXdldb6iiBu+7U2txfPhWcav3ltHqzdKktfQun0M0RHY99KJReFn/ki73DaCzwDT5f9AIUAzjafbKpohwroxlpoVtkTDHzT2lF/og6CLa0Uo4umo6+L5bbX6vpKQKot5hh/kPqgzmMGzG+c1PhYUU2WZ9+mwzLjj8lf4QLVOgP02iK7ZsJXCKMsFuqG2HxRY0ocn6xa7Djem1tMYnXgcLF5fZh2IkpXpN0nUIP/kFfe/n0iskDBzyvDJJL3hBYjNLmDdn7f7ZLp99lVcxxQpzdBE/J9UDrABIOnvWk/qqtDUFB45Mwqow+n5EtV90J0RWX6RDqODLqzdrEKItaoTJLzGa5USpS7wMb04/PP0llc4n0MQZ6+kwcFRZXylVLwyLF+efGLhmJIcCmoQpSI/SvDnkluPTWQVanqvCfES/DY+XciNCoPOQ4mrxPSsxia4VrYcLjRLAVukEHPsdoODWuxKZS6PdJwy2gcYXKSsHtdynSqlsxX3nuJq
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99



We basically approached the same way with our eval—swinging over one-by-one to our LDAP, then to our Shib, then to our own database instance.  Are you using the Grouper Demo Docker containers?


With 2.4, all of your LDAP connections are specified in, so you simply need to change the parameters in there to point to your enterprise LDAP. Change in order to point to where your identities (subjects) live in that LDAP. Then you can throw out the LDAP container.


For Shib, you’ll want to upload your own shibboleth2.xml as well as the appropriate sp-key.pem and sp-cert.pem to the Grouper UI container, with settings as you would for any SP configured to connect to your IDP.  Then you can throw out the supplied IDP container.


As a tip, I found it more convenient to bootstrap me in the wheel group so that I have admin access, this is in, which should also go into the Grouper containers:


groups.wheel.use                      = true                    = etc:sysadmingroup = etc:sysadmingroup = Grouper Service Admins = ecc



That’s glossing over many of the specific details, but should give you an idea.







From: <> On Behalf Of Duane Booher
Sent: Tuesday, October 23, 2018 10:20 AM
Subject: [grouper-users] Grouper Newbie - LDAP integration


Hello, I am doing a quick grouper 2.4 evaluation and I have it running on both my personal workstation (Mac Os X) and a redhat 6 server. In both cases I used the grouper installer with the default demo processes. Then I migrated the grouper-ui and grouper-ws applications over to a seperate tomcat container. I am still running the remaining processes out of the installer folder, such as the demo hsqldb, daemon, etc. I have been following the Grouper Deployment Guide, however things are still fuzzy to me.


I have two immediate goals and I hope the community can point me in the right direction:


1) I would now like to connect grouper up with our LDAP for both user lookup and for integration with groups stored in LDAP.


2) I would like to connect the grouper login to our shibboleth/SAML single sign-on.


I am both a LDAP integrator, along with a shib w/ in-common and CAS integrator. But, I do not fully understand the grouper configuration details. So any help is greatly appreciated.








Archive powered by MHonArc 2.6.19.

Top of Page