Group Expansion Manager Introduction (Aspire 2)
For Information on Aspire 3.1 Click Here
- 1 Features
- 2 Group Expansion Manager Process
- 3 Operation Mode
The Group Expansion Manager will allow to perform expansion of groups, to be used on search systems. These are the features:
- Get users and groups from an LDAP server.
- Get users and groups from any group expansion client compatible with the Group Expansion Manager (Compatible connectors).
- Uses a cache on disk to improve the performance on the request results.
- Allows to schedule the warm up frequency of the cache, to keep the results up to date.
- Allows to specify the desired filters and scope, to find users and groups on the LDAP server
- Allows to specify the desired user and group name attributes to retrieve from the LDAP server
- Lowercase the results, if is desired.
- Encode the results, if necessary.
- It can be used as a RESTful Web Service or as a LDAP proxy
Future Development Plan
The following features are not currently implemented, but are on the development plan:
- Work with multiple domains
Anything we should add? Please let us know.
Group Expansion Manager Process
Communication to outside systems (Search engines)
The Group Expansion Manager have two operating modes.
- LDAP Proxy
- It runs an instance of an LDAP server (ApacheDS) and can accept any incoming LDAP requests to return group expansion results.
- Turn the Group Expansion Manager into a RESTful Web Service to provide results for Group Expansion requests.
These two operations modes are going to expose in different way the use of the Group Expansion Manager to search engines. However the process to acquire the group expansion results is the same for both of them.
By default, the Servlet is always going to be available when the Group Expansion Manager is installed. The use of the LDAP Proxy is an optional feature.
Internal Process (Group Expansion)
The group expansion process works using a cache(for each Group Expander Client) to provide results. By default it includes the LDAP Group Expansion Client. Any other Group Expansion Client can be included in this process.
When a Group Expansion Request is received by the Group Expansion Manager, it process it though several components to get the respective groups for the request. The order of these components is the following
(*) This is not mandatory to include. The Group Expansion Manager can be configured without any Connector Group Expander. It also can be configured with multiple Connector Group Expanders.
LDAP Group Expander
This component act as a Group Expansion Client which in this case provides LDAP groups from the cache. This cache is available to be used when a Group Expansion Request comes in. It also includes a scheduler to fill it up and have it up to date.
When the scheduler is executed, is going to get all LDAP users and their respective groups to put them in the cache for later group expansion requests.
Group Expansion Router
This component takes care to redirect group expansion requests to the provided group expander clients (if any).
Connector Group Expander
Each Connector Group Expander act as a Group Expansion Client providing Groups from their respective repository. It includes it's own cache with an scheduler.
If it is desired, LDAP users and groups can also be expanded on the Group Expander Client
Scheduling (Cache Warm up)
The Group Expansion Manager is a cache based application. This means that the results provided, are fetched from the cache of the Group Expansion Clients.
This application comes with their own cache for the LDAP users and groups. This cache must be warm up to provide results to group expansion requests. If the cache is not warm up is expected to provide no results.
The scheduling for external Group Expansion Clients is performed in their own applications.
To ensure correct results is mandatory to first run the scheduler to warm up the cache for the LDAP Group Expander Client and then the schedulers for all the other Group Expansion Clients included in the group expansion process.