Child pages
  • 13-June-2018
Skip to end of metadata
Go to start of metadata

  

Grouper Call 13-June-2018  

Attending

  • Chris Hyzer, Penn, Chair
  • Shilen Patel, Duke
  • Chad Redmond, UNC
  • Carey Black, The Ohio State  University
  • Vivek Sachdiva, independent
  • Emily Eisbruch, Internet2

Action Items: Grouper Project Action Items (Google Doc)


New Action Items

[AI] (Chris) will share his vision of abstraction for provisioning.

[AI] Shilen  update the API and UI  tarballs with config/installer change

{AI] (Bert) work on patch for invalid active-directory operations

Discussion

Current work tasks

Vivek 


Chris

  Deprovisioning

  • Chris working on issue around  Custom email subject

  • Vivek will send names of variables that can be substituted in emails

    • Variable back to the groups deprovisioning page, for example

  • There are a list of deprovisioning TO DOs here at bottom of page https://spaces.internet2.edu/x/ZQlhBg

  • Idea was that if a user is  in deprov group for 2 weeks then the user should be locked out and warning will be provided if there’s an attempt to add such a deprovisioned user to a group.

  • Vivek will add dependency related to SCIM

  • TomEE not picking up certain info correctly

  • Document possible need to change Log4J  Properties

  • Grouper Home directory can get changed by Grouper Installer

  • U of Utah experiencing some issues with DDL not matching, could related to database pointer

  • Vivek   responded to Utah to find out about database being used

  • also should mention to be  sure config files have been copied from previous installation


  • Chris working on questions from the grouper email lists

  • Penn looking at integration with Remedy. Looking at two Remedy systems

    • Basic REST UI

    • Chris has an implementation for that. Involves copy and paste of what Chris did for Box and DUO.

    • Trying to come up w abstract classes for provisioner that only talks to the remote   system.

    • Grouper can put it into a change log consumer or messaging listener.

    • Simple Java Beans , like DTOs

    • Membership puts them together

    • Generic to handle multiple cases

    • Carey: Springbased model?  

      • Scott Cantor is knowledgeable on Spring approach

      • No need to compile as a project

      • Pull in classes dynamically.

    • Scripting, Groovy based provisioner

    • Shib IDP, which uses Spring, has scripting features

    • Abstract class is more restrictive than Spring approach

    • Spring is open ended

    • Chris: in past, Grouper project had decided not to add the complexity that comes w Spring, but may want to look again

    • Can PSPNG do something similar? See PSPNG Abstract Class (createGroup)

      • Has been used by Bert to implement LDAP, it’s a starting point

      • Chris will review that

      • [AI] (Chris) will share his vision of abstraction for provisioning.

Attestation

  • Can we consider un-attested group empty after a certain period?

  • Wait for Group disable dates in Grouper 2.5?

  • But stopgap solution for Grouper 2.4?

    • Disable all memberships in that group or remove them temporarily?

    • Or use and attributes to keep track of what was done for attestation?

    • Group is about 100 people, but must be attested

    • Use Intermediate intersection composite

    • It’s like include/exclude.  

    • Decision: discuss this again in a month or so

Next Steps

  • Chris will release Deprovisioning patch and UI patch.

  • Then focus will be on testing the Grouper 2.4 release.

 Bert

  PSPNG

  • Testing and fixing, particularly around full-sync exceptions that are really warnings

  • Patching for group attributes

  • Need some more Jexl Utilities

  • OpenLdap & scalability of Groups (?)

  • Does midpoint do a better job maintaining large groups?  https://evolveum.com/midpoint/

  • Issues w openLDAP and large groups

  • 389

  • Bert will consult w Keith Hazelton

  • Large group is 25K to 250K users

  • {AI] (Bert) work   on patch for invalid active-directory operations

    Bert: Gsh & Docker/Cloud: Groovysh & GrouperUI (github)

Shilen

 Grouper 2.4 Release

  • Fixed loader diagnostics

  • Finding and fixing issues for 2.3 to 2.4 upgrades

  • There are configs the installer needs to know about. Shilen working on this

  • [AI] Shilen will  update the API and UI  tarballs with config/installer changes

    • Copy into master and commit, then make changes

    • Trace through bin directory /  build grouper all

  • With UI upgrade, it tries to revert files that may not be there.

    • Asks re force revert. Is this intended behavior?

    • Perhaps we need to change the revert logic.

    • If files don’t exist , don’t worry about that

    • Properties files converted from XML could be confusing.

    • We  should not change properties files formats in a patch in the future

    • Need to hit enter many times in some cases.

    • Shilen will add an option for “download/install all”  


Chad

 Grouper 2.4 Release

  • Lite UI removal almost ready to go

  • Rebasing to master

  • HSQL not finding deprovisioning defname

  • Chad will email this error to Chris

  • Put admin UI in legacy folder

  • Now you can potentially restore from legacy   both Admin UI and LITE UI

    • Could edit  the web xml if only one is needed

  • Integration testing for UI would be good to have in the future


Issue roundup

·         Typo in deprovisioning job in config

·         When was Grouper born

·         Changing subject sources and dealing with legacy sources

·         Google apps provisioner change

·         GSH library issue

·         Loader issue with AD, was this resolved? Need to look again at this

·         PSPNG custom user attributes in user search filter (documentation about how to do EL substitutions)

·         Loader diagnostics issue - Chris will handle

·         COmanage to Grouper, and midpoint to Grouper integrations

·         Lafayette member group composite issue (resolved?)

·         Assign privileges to account or person , to be discussed on TIER API call today

·         SCIM server issues

·         Loader jobs cron information,  2nd request for this

·         Java8 PSP error major.minor version

·         Deprovisioning questions

·         Membership start dates on UI, we should add this at some point

·         https://bugs.internet2.edu/jira/browse/GRP-1823 null pointer on loader patch

·         Disabling recent activity widget

·         AD extended attribute anchor

Next Grouper Call : Wed. June 27, 2018



 

  • No labels