This page documents using the Grouper Loader to load a group from LDAP. This is available in Grouper v2.1 and later
Grouper loader LDAP configuration
The Grouper loader LDAP configuration is done through the "new attribute framework". You can assign the grouperLoaderLdap attribute on a group, and the configuration attributes on that assignment. Note, these attributes are in the attribute root stem name (default "etc:attribute"), in a subfolder named "loaderLdap"). By default only Grouper admins can assign or edit these attributes, though an admin could delegate that permission to someone else. Be very careful of the security implications (they could run any ldap filter to load their group, which could be sensitive data). Note, all LDAP jobs are scheduled as crons. These attributes are automatically created on Grouper started if they don't exist if the grouper.properties setting: grouper.attribute.loader.autoconfigure is set to true.
Attribute system name |
Attribute display name |
Description |
Assignable to |
Value type |
Example value |
|---|---|---|---|---|---|
grouperLoaderLdap |
Grouper loader LDAP |
This is the marker attribute that you assign to a group to mark is as a grouper loader ldap group |
Groups |
None |
|
grouperLoaderLdapType |
Grouper loader LDAP type |
Like the SQL loader, this holds the type of job from the GrouperLoaderType enum, currently the only valid value is LDAP_SIMPLE |
grouperLoaderLdap |
String |
LDAP_SIMPLE |
grouperLoaderLdapServerId |
Grouper loader LDAP server ID |
Server ID that is configured in the grouper-loader.properties that identifies the connection information to the LDAP server |
grouperLoaderLdap |
String |
personLdap (note: depends on your configuration) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sdf