...
LDAP configuration is done based on the ldaptive library's property configuration. A paragraph of ldap configuration is created in grouper-loader.properties for each LDAP endpoint, and that paragraph is referenced by the appropriate provisioners. Comments in grouper-loader.base.properties refers to these "LDAP pools" as "LDAP connections". Make sure you are pointing to a domain name with active/standby load balancing or to the primary node. Or there could be inconsistent result of AD conflict CNF objects if not.
| Warning |
|---|
At this time, the LDAP bindCredential cannot be encrypted via the Grouper morphstring. |
ldap.groupOfNames.ldapUrl = ldaps: //hostnameldap.groupOfNames.bindDn = cn=xxxxxx,ou=xxxxxldap.groupOfNames.bindCredential = xxxxxldap.groupOfNames.someOtherLdapProperty = value# in another paragraph a provisioner is associated with the LDAP pool name changeLog.consumer.pspng_groupOfUniqueNames.ldapPoolName = groupOfNames |
Advanced Ldaptive Properties
PSPNG relies on the Ldaptive library for all LDAP-related operations. To learn more about what other LDAP properties are available, one simple example can be found here. Moving into more realistic examples will probably be helped by looking at the ldaptive configuration classes and the setters available within them: connections, pooling, binding (sasl, gssapi, x509, jks, etc).
In case it is helpful, this is currently implemented here. You may also wish to take a look at GRP-1306 to learn more about the differences between vtdap (the previously used LDAP library) vs ldaptive.
Run PSPNG
PSPNG runs as part of the grouper loader. So simply run the loader with:
| Code Block |
|---|
cd <grouper-api-binary-folder>/bin ./gsh -loader |
...