Print

Print


Ah. Forgot that half of our group management setup…

The AD tree for users is structured by staff/student then by department (the way our eDirectory was). Accounts are put in the right place by Novell’s Identity Manager. There are other groups for things like PCounter but I can’t see much of that stuff anymore (elearning used to be in IT, then moved out to library team 3 years ago).


Dave

 

From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Simon Palmer
Sent: 13 December 2013 11:56
To: [log in to unmask]
Subject: Re: O/T - Group management software

 

Hi Rhys,

Interested in where you get with this.

We didn't put Grouper in because we didn't think it'd be used by staff, and is one of those things that would be forgotten about.

 

So, we use IDM to create thousands of LDAP groups based on attributes in the student record system and HR systems.

eg, we have groups of all staff:

based on things like lecturer roles, job titles, campus, and concatenations of various of these, eg Graig-Lecturers, or Graig-Engineering-Staff

We populate the "Description" LDAP field too, so it's easy to read from some external software where viewing/using "groups" isn't suitable.

 

Students similarly, a group for each course codes (sub courses, and owning courses), prefixed with "study location", faculty etc.

So, we have Graig-Engineering, or Graig-A-Level, or "HND-Computing"

 

Consequently, managing custom groups that have no reflection on business or learning activities is rather small and done manually via the service desk in standard LDAP tools.

 

Si



>>> Rhys Smith <[log in to unmask]> 12/12/2013 17:12 >>>
Hi all,

 

Somewhat off topic for this list, but the right kind of people are on it so I’m asking this here anyway! :-)

 

Just a quick question for y’all...

At Cardiff University, our authoritative source of identity information is LDAP. We currently use Grouper, syncing with the LDAP source, to manage groups. We’re looking to replace this, as we’re running a fairly old version of Grouper, we only use a relatively small amount of the features of Grouper, and we’d rather things happen directly in the directory rather than via a database.

 

Our requirements are pretty simple: we’re after a solution that manages groups directly in LDAP, has a web-UI, and has web service endpoints for the main provisioning operations (adding/removing users to/from groups, adding/removing groups, etc).

 

So, we were wondering what people are using to manage groups: off the shelf solutions, in house built, etc?

 

You can either reply to the list or directly to me, and I’ll post a summary of responses for those interested if the summary is interesting enough!


Thanks for your time,
Rhys.

--
Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet - the UK's research and education network

email: [log in to unmask] / [log in to unmask]
GPG: 0xDE2F024C



Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at sylw'r unigolyn neu'r sefydliad a enwir uchod. Bydd unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni chynrychiolant o anghenraid farn Coleg Sir Gâr. Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r gweinyddwr ar y cyfeiriad canlynol: [log in to unmask]

Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Coleg Sir Gâr. If you have received this email in error please notify the administrator on the following address: [log in to unmask]
Please consider the environment - do you really need to print this email?

Message scanned

**********************************************************************

This message is sent in confidence for the addressee

only. It may contain confidential or sensitive

information. The contents are not to be disclosed

to anyone other than the addressee. Unauthorised

recipients are requested to preserve this

confidentiality and to advise us of any errors in

transmission. Any views expressed in this message

are solely the views of the individual and do not

represent the views of the College. Nothing in this

message should be construed as creating a contract.

 

Hull College owns the email infrastructure, including the contents.

 

Hull College is committed to sustainability, please reflect before printing this email.

**********************************************************************