Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Access Management

Grouper - Pushing Groups to LDAP

This article explains how to push Grouper groups to LDAP.

  1. Log in to Grouper UI
  2. Find desired group
  3. Click More Actions
  4. Select Admin UI
  5. Click Edit group
  6. Check LDAPSync and Provisioner group types, then click Save
  7. Click Edit attributes
  8. Set Destinations to no_group and Send To to ldap
  9. Click the Save attributes and finish button.

Membership changes take about an hour to go from Grouper to LDAP.

Memberships can be found in the ucIsMemberOf LDAP attribute on an individual's LDAP entry. For example, if the Grouper group "uc:personal:blair:test-group" was pushed to LDAP, members of that group would have a ucIsMemberOf value of "uc:personal:blair:test-group". Membership values can then be consumed either by applications using LDAP directly or Shibboleth-enabled applications.

Keywords:ucgroups, Shibboleth, shibb, sync, provisioner, ucIsMemberOf   Doc ID:44817
Owner:Blair C.Group:University of Chicago
Created:2014-11-12 07:26 CDTUpdated:2017-05-22 09:41 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  3   0