grouper-users - [grouper-users] RE: Grouper Newbie - LDAP integration
Subject: Grouper Users - Open Discussion List
List archive
- From: "Coleman, Erik C" <>
- To: "" <>
- Subject: [grouper-users] RE: Grouper Newbie - LDAP integration
- Date: Tue, 23 Oct 2018 19:15:53 +0000
- Accept-language: en-US
- Ironport-phdr: 9a23:SAtbnR1Q1p+PTqQDsmDT+DRfVm0co7zxezQtwd8ZseISLPad9pjvdHbS+e9qxAeQG9mDtLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLmiDkJOSMl8G/ZicJwgqBUoBO9qBNw2IPbep2ZOOZkc6/BYd8XR2xMVdtRWSxbBYO8apMCA+QfMOZfq4nyuV4OogG4BQW0GejhxSVIhn713aYnzektHxzN0Qs+EN0SrHvZt9T1NKMWUeC0yqnIyjTDb+hM1Tjj9YfIbwksrPeRVrx+dsrRzFMgFwLDjliIpozlJTSV1vkVs2SB6epvT+evhHAhpgpsoTav3t8hhpTNi44L0FzI6Cd0zJw2KNGmUkJ2Y9CpHINNuyyeKYd6WN4uTmNytCs01LEKo4O3cDYSxJQp2RHSaOCLfo2N7x/jSeqdPyl3iXdldb6iiBu+7U2txfPhWcav3ltHqzdKktfQun0M0RHY99KJReFn/ki73DaCzwDT5f9AIUAzjafbKpohwroxlpoVtkTDHzT2lF/og6CLa0Uo4umo6+L5bbX6vpKQKot5hh/kPqgzmMGzG+c1PhYUU2WZ9+mwzLjj8lf4QLVOgP02iK7ZsJXCKMsFuqG2HxRY0ocn6xa7Djem1tMYnXgcLF5fZh2IkpXpN0nUIP/kFfe/n0iskDBzyvDJJL3hBYjNLmDdn7f7ZLp99lVcxxQpzdBE/J9UDrABIOnvWk/qqtDUFB45Mwqow+n5EtV90J0RWX6RDqODLqzdrEKItaoTJLzGa5USpS7wMb04/PP0llc4n0MQZ6+kwcFRZXylVLwyLF+efGLhmJIcCmoQpSI/SvDnkluPTWQVanqvCfES/DY+XciNCoPOQ4mrxPSsxia4VrYcLjRLAVukEHPsdoODWuxKZS6PdJwy2gcYXKSsHtdynSqlsxX3nuJq
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
|
Duane, We basically approached the same way with our eval—swinging over one-by-one to our LDAP, then to our Shib, then to our own database instance. Are you using the Grouper Demo Docker containers? With 2.4, all of your LDAP connections are specified in grouper-loader.properties, so you simply need to change the parameters in there to point to your enterprise LDAP. Change subject.properties in order
to point to where your identities (subjects) live in that LDAP. Then you can throw out the LDAP container. For Shib, you’ll want to upload your own shibboleth2.xml as well as the appropriate sp-key.pem and sp-cert.pem to the Grouper UI container, with settings as you would for any SP configured to connect to your
IDP. Then you can throw out the supplied IDP container. As a tip, I found it more convenient to bootstrap me in the wheel group so that I have admin access, this is in grouper.properties, which should also go into the Grouper containers: groups.wheel.use = true groups.wheel.group = etc:sysadmingroup configuration.autocreate.group.name.0 = etc:sysadmingroup configuration.autocreate.group.description.0 = Grouper Service Admins configuration.autocreate.group.subjects.0 = ecc That’s glossing over many of the specific details, but should give you an idea. -Erik From: <>
On Behalf Of Duane Booher Hello, I am doing a quick grouper 2.4 evaluation and I have it running on both my personal workstation (Mac Os X) and a redhat 6 server. In both cases I used the grouper installer with the default demo processes.
Then I migrated the grouper-ui and grouper-ws applications over to a seperate tomcat container. I am still running the remaining processes out of the installer folder, such as the demo hsqldb, daemon, etc. I have been following the Grouper Deployment Guide,
however things are still fuzzy to me. I have two immediate goals and I hope the community can point me in the right direction: 1) I would now like to connect grouper up with our LDAP for both user lookup and for integration with groups stored in LDAP.
2) I would like to connect the grouper login to our shibboleth/SAML single sign-on. I am both a LDAP integrator, along with a shib w/ in-common and CAS integrator. But, I do not fully understand the grouper configuration details. So any help is greatly appreciated. Thanks, |
- [grouper-users] Grouper Newbie - LDAP integration, Duane Booher, 10/23/2018
- [grouper-users] RE: Grouper Newbie - LDAP integration, Coleman, Erik C, 10/23/2018
Archive powered by MHonArc 2.6.19.