uPortal the PAGS, SmartLDAP, and more

Discussion Notes

• is it okay to use erp system directly for groups?
  • may be better to abstract that to protect you from product upgrades and replacement
  • may be better to abstract to offload the need to know business rules
  • change can be minimized by decoupling

• would like to distribute ownership of groups
  • has been problematic in synchronizing identities in distributed stores

• are there benefits to using ldap over direct to erp?
  • ldap will likely be faster
  • likely have a hard time getting access to create adhoc groups in erp

• getting smartldap, pags, internal up groups to work together
  • use internal groups as glue / skeletal groups
  • internal uportal group store is not robust or scalable
  • don't typically want to put people into uportal database groups
  • other uportal plugin group stores are better for managing groups
  • can place pags groups into internal skeletal groups
  • can place smartldap trees into internal skeletal groups
  • deepMemberOf will traverse tree that contains a hierarchy of groups regardless of which subsystem they are... there is logic in the code to avoid loops... it is viewed as a graph rather than a tree.

• smartldap does group discovery via baseDN and search filter, whereas previous ldap group queries required configuration per group that you wanted to query and use

• pags allows you to apply conditional logic to one or more variables to produce a group of people or channels

• writing a read-only group store in uportal (for consuming group data from somethings like grouper) is not a difficult task... not a lot of code. there are some gotchas.