Many components of Grouper may optionally access LDAP
- Subject API if your person subjects are stored in LDAP.
- Grouper Loader if you load groups into Grouper from LDAP.
- Grouper Web Services if authentication there is via LDAP BINDs.
- PSPNG if you provision groups to LDAP.
In Grouper 2.3, #1-3 above used vt-ldap and #4 used ldaptive. In Grouper 2.4, all of the above uses ldaptive. Now in Grouper 2.4, #1-3 uses common configuration via grouper-loader.properties and uses an abstraction layer to make any future migrations much easier. And #4 still uses the separate configuration as it was used in Grouper 2.3, but will migrate to using the same configuration in the future.
Note that the migration to ldaptive is being done because vt-ldap is no longer supported and has been deprecated for a long time.
Migration for Subject API
- Credentials are no longer stored in the subject.properties file (also formally the sources.xml file). So the following options are no longer valid in that file.
INITIAL_CONTEXT_FACTORY
PROVIDER_URL
SECURITY_AUTHENTICATION
SECURITY_PRINCIPAL
SECURITY_CREDENTIALS
Instead you must specify a new property in subject.properties. "example" should be replaced with the name of your source. And "personLdap" should be replaced with what your ldap configuration is called in grouper-loader.properties.
subjectApi.source.example.param.ldapServerId.value = personLdap
Migration for Grouper Loader
- Changes may not be needed here since the loader was already using the grouper-loader.properties file. However, if you used vt-ldap specific properties, changes may be needed.
Migration for Grouper Web Services
- Changes may not be needed here since the web services were already using the grouper-loader.properties file. However, if you used vt-ldap specific properties, changes may be needed.
Configuration options
The following applies to the subject api, loader, and web services.