Grouper Training Developers and Architects LDAP Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0.

Slides:



Advertisements
Similar presentations
Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
Advertisements

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
Slide 1 Insert your own content. Slide 2 Insert your own content.
HOW TO USE … SAMIEEE FOR VOLUNTEER POSITIONS WITH AUTOMATIC ACCESS.
Click to edit Master title style Page - 1 OneSky Teams Step-by-Step Online Corporate Communication Support 2006.
0 - 0.
Teacher Name Class / Subject Date A:B: Write an answer here #1 Write your question Here C:D: Write an answer here.
Addition Facts
Grouper Training End Users Lite UI – External Users
Survey Monkey for 360 Feedback for FY12
The Enterprise Business Center. #2 CyberSource Enterprise Business Center your payment processing dashboard ******** Log out security feature All tools.
All Rights Reserved. National Library Board Singapore Tracking and Measuring Performance of Reference Services at the National Library Board, Singapore.
Teaching Methods in Medical Education. INTRODUCTION دکتر محمود رضا دهقانی 2.
Addition 1’s to 20.
Test B, 100 Subtraction Facts
Grouper API - Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Grouper UI Part 2 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Grouper Training - Admin Loader - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Maintenance Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
Grouper Training End Users Lite UI – Permissions – Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Querying Active Directory From SSRS
Grouper Training Developers and Architects How to Design Permissions Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training End Users Admin UI – Part 6 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Grouper UI Part 1 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Chris Hyzer University of Pennsylvania
Grouper Training End Users Admin UI – Part 5 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Grouper Training - Admin - WS - Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training - Admin - Client Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training Developers and Architects Web Services - Part 5 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
HPD Overview Carl Leitner IntraHealth OpenHIE Provider Registry Community Call March 6,
Grouper Training Developers and Architects Client - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training End Users Admin UI – Part 4 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Grouper Training - Admin Connectors Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training Developers and Architects Client - Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Sonoma State White Pages Implementation Barry Blackburn Andru Luvisi Brian Biggs.
Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.
Grouper at Duke Klara Jelinkova, Duke University Shilen Patel, Duke University Internet 2 Fall Meeting San Diego 2007.
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
Grouper Training Developers and Architects Integration Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training – Admin – Subject API – Part 4 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0.
Grouper Training Developers and Architects Client - Part 3 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.
Grouper Training – Admin – Provisioning Service Provider (PSP) – Part 1 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Multiple Deployments and Upgrading Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Apereo Grouper Seminar Part 3 – Hands on Grouper Chris Hyzer University of Pennsylvania and Internet2.
Grouper Training End Users Lite UI – Memberships – Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training Developers and Architects How to Design Groups Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training Admin Minor Upgrade Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training - Admin - Installer Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training Developers and Architects Web Services - Part 4 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
© 2013 IBM Corporation LDAP Fundamentals & LDAP for CLM Bruce Besch IBM Rational Services.
Grouper Training Developers and Architects Web Services - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Finding Information in an LDAP Directory Info. Tech. Svcs. University of Hawaii Russell Tokuyama 05/02/01 University of Hawaii © 2001.
Groups in the Electronic Directory:
Introduction to LDAP Frank A. Kuse.
Data Virtualization Tutorial… LDAP Domains in CIS
KX-NSX1000/2000 LDAP Rev Nov.,
CEG 2400 Fall 2012 Directory Services - LDAP
Provisioning Groups, Memberships, and Permissions to LDAP
Introduction to Name and Directory Services
Grouper Training End Users Lite UI – Permissions – Part 3
Grouper Training Developers and Architects Web Services - Part 2
Grouper Training End Users Lite UI – Permissions – Part 1
Grouper Training End Users Lite UI – Rules
Developing with uConnect
Presentation transcript:

Grouper Training Developers and Architects LDAP Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

Introduction Advantages and disadvantages Flat vs bushy structure Group and Member objects – Active Directory Group and Member objects – OpenLDAP Other group attributes Flattened memberships vs direct memberships only Tips on performing queries 2 Contents

3 Introduction

Example LDAP structure. dc=example,dc=edu ou=people –uid=bob »uid: bob »givenName: Bob »sn: Smith »displayName: Bob Smith »memberOf: cn=staff,ou=employees,ou=groups,dc=example,dc=edu –uid=john ou=groups ou=employees  cn=staff »cn: staff »description: All staff at the institution »member: uid=bob,ou=people,dc=example,dc=edu »member: uid=john,ou=people,dc=example,dc=edu  cn=faculty 4 Introduction (continued)

Advantages Integration with third party applications. Performance High availability Disadvantages Read only Handling privileges 5 Advantages and disadvantages

6 Flat vs bushy structure Flat Bushy cn is typically the full group name (ID Path) Each ou represents a Grouper folder. The value is the stem extension (Folder ID) cn is typically the group extension (ID)

Group objects Group object class is “group”. sAMAccountName attribute – May be generated directly by AD or as part of the group provisioning. member attribute – LDAP entry DNs of subjects that are members of the group. 7 Group and Member objects – Active Directory

Member objects memberOf attribute – LDAP entry DNs of groups that this subject is a member of. This is a computed attribute. 8 Group and Member objects – Active Directory (continued)

Group objects Group object class is “groupOfNames” by default. May also use eduMember. hasMember attribute – names of subjects that are members of the group. isMemberOf attribute – names of groups that this group is a member of. member attribute – LDAP entry DNs of subjects that are members of the group. memberOf attribute – LDAP entry DNs of groups that this group is a member of. 9 Group and Member objects – OpenLDAP

Member objects isMemberOf – names of groups that this subject is a member of. memberOf – LDAP entry DNs of groups that this subject is a member of. 10 Group and Member objects – OpenLDAP (continued)

Any group attribute in Grouper can be provisioned to an attribute in LDAP. For instance, a group’s description may be kept in the description attribute in LDAP. 11 Other Group Attributes

Depending on how LDAP is provisioned, a group’s member attribute may be based on a flattened list (direct and indirect) or only contain direct members. If only direct memberships are provisioned and a group has another group as a member, then the first group will still have the second group’s DN in its member list. But applications have to take that into account when performing queries. Note that if you need to get all (direct and indirect) groups for a person, some directories (such as AD and Oracle DSEE) can automatically get indirect memberships to avoid multiple calls to the LDAP server. 12 Flattened memberships vs direct memberships only

Set the search base correctly. Set the scope correctly. Base One Subtree Be aware of client and server limits (e.g. size limit and time limit). 13 Tips on Performing Queries

If you want to see if a person is in a group (and flattened memberships are provisioned), you can: Get all of the group’s members by retrieving the member attribute of the group object. (Likely bad for performance.) Get all of the person’s groups by retrieving the memberOf attribute of the member object. (Could be bad for performance.) Perform a (member=DN) query with a search base of the group’s DN without retrieving the member attribute. Use the LDAP compare operation to see if the group object contains an attribute/value pair. The attribute would be “member” and the value would be the DN of the member object. 14 Tips on Performing Queries (continued)

Click on the quiz link in the video description to reinforce your knowledge of this topic. 15 Quiz

Thanks! Further information: Infosheets, mailing lists, wiki, downloads, etc.: Grouper demo server: grouperdemo.internet2.edu/ grouperdemo.internet2.edu/ Grouper Online Training Home: spaces.internet2.edu/x/IIGfAQ This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com Inc. All rights reserved.