Child pages
  • Grouper Call 17-May-2017
Skip to end of metadata
Go to start of metadata


Grouper Call 17-May-2017



Chris Hyzer, Penn (chair)

Jim Fox, U. Washington

Shilen Patel, Duke

Bert Bee Lindgren, GA Tech

Emily Eisbruch, Internet2

Action Items
[AI] (Bert) Make a jira for grouper messaging which is not blocking when used by pspng
[AI]  (Chris) Multiple matching subjects in UI
[AI]  (Chris) WS LDAP authentication
[AI]  (Chris) remove privileges from groups (Akki Kumar)
[AI] (Bert) create a JIRA for getting empty results from queries of a Grouper message, instead of blocking until there is a result
[AI] (Bert) survey Grouper list on ldaptive /VTLDAP config strings issue
[AI] (Bert)) reply to Nubli@IU PSPNG BushyDN OU Deletion (4/11)
[AI] (Bert) Bert survey list on vt-ldap configuration strings being used for ldap subject sources and loader jobs
[AI] (Chris and Bert)  turn action items into JIRAs where appropriate (Chris done)
[AI] (Bert) Encrypted password in ldaptive - Look at vt-ldap, wrap string in a call similar to decryptIfEncrypted( )  [Move to Jira]
[AI]  (Bert)  status page for pspng (Gettes email) [Move to Jira, work on at Global Summit]
• Status: Coded and doing final test before pushing to github, ETA: Commit & Patch today

[AI] (Bert) Marwan Shahar and deleting groups in pspng? (2/20?) [In progress, at least groups schema that require a member]
[AI] (Bert)  get back to Akki Kumar about when groups that require a member will be implemented, GRP-1376: PSPNG: Support groups that require a member  [Will update jira]
[AI]  (Chris)  Chad Redman 2/22: 2 issues: The source ID drop down list doesn't really show the "IDs" Also order seems random, so it takes a while to find the right source. (moved to jira: GRP-1513: subject api diagnostics should show source id)
[AI] (Bert) 2/23 Paul Engle: pspng authoritative all values of attribute  
[AI] (Bert)  2/23 Julio Macavilca: malformed DN [GRP-1533 & Shilen’s 4/13 email]
[AI] (Bert) 2/27: Paul Engle, I was excited when the grouper_loader_log seemed to indicate that the job finished in an hour or so. Less so once I looked at the log and realized it was actually still running its worker threads... :  [Reply, Same as Michael’s request]
[AI (Bert)  follow up with Martin Krenn on ldap passwords externalized [Reply]
[AI (Bert) document the findings somewhere on wiki on Grouper and openldap for large groups
[AI] (Chris) add TIER API to the Grouper download page and do testing
[AI] (Shilen) follow up with U Colorado on patches for accessibility and cc grouper-core
[AI] (Bert)  reply to Chris Sutherin UMBC on pspng examples [Bert to reply]
[AI] (Bert)  reply to Scott Koranda about massaging group names in provisioning
[AI] (Bert)  reply to Shaun K about name null in pspng
[AI] (Bert) to reply to Peter St Onge
[AI ] (Chris), making delete group more efficient for large groups, fix issue with not allowed to delete group (won’t fix) REMOVE IT!!!!!!
[AI] (Bert) Jeffrey Crawford email 1/12, full sync missing members
[AI] (Bert)  Scott Koranda email 1/12, error on change log consumer psp
[AI] (Bert) email the list about (a small) Office365 versus Dropbox and next PSP project
[AI] (Bert) document how to build PSP NG and patch it  [Bert needs to finish last couple steps] (AI for Chris to try it afterwards)  [Done, Bert’s updated the doc]
[AI] (Bert) create PSP-NG Training Video (after necessary patches) using Camtasia
[AI] (Bert) NYU inquired about their PSP-NG issue, Shilen asked them to re-send issue to him - this was about malformed VM - escaping issue - Bert is looking into the escaping issue---  [Bert will jira and prioritize it]

Current work tasks
Vivek – Messaging strategies  / Accessibility
Vivek asked about RabbitMQ
Bert: with RabbitMQ You listen on an exchange . An exchange can listen on multiple queues.
The AK? Could be separated? And can read from the queue and AK? It later
But if you have trouble processing it, then it’s gone.
Bert uses REST system so things can fail
Accessibility - got feedback from U. Colorado

Chris – working on Grouper loader on UI , patches, deprovisioning
Chris has just begun on Deprovisioning work
Thinking of making a page to show all pages that need attestation
Bert – PSPNG
Changed abstract signatures instead of using thread locals to make it more obvious how to give feedback to the job.
This exposes stats in the method signatures to make it more obvious for provisioners to know to fill-in stats
Bert will make a patch for that
Next, Bert will work on the NYU, escape issue
Shilen – instrumentation

Shilen will start the instrumentation thread for Web Services
Shilen will then work on items in JIRA
Possible work items for Shilen:
• Migrate from VT LDAP to LDAPtive

◦ For subject sources and Grouper Loader

◦ Would like a library where everything in Java is ?

◦ Bert - PSP NG has some of that functionality

• Improve GSH

Shilen will look at those work items
Bill – TIER Grouper Deployment Guide -
Bill is interested in next steps.  

Global Summit 2017

What about config in database? Pointing all components to database. Should we tackle that for Grouper 2.4? 
How does this fit  w Config file overlays?  Could make default :
• look in base file 

• then look  in non base file

• then look in database

Look in one database and then the other.
Have an API layer in front of it.
Properties file in registry and that gets overlayed in the order that you specify
Concern about connection from test environment to prod environment
Idea is to simplify by putting config in one place
Advantage is not to need to update same file on multiple servers.
Servers must be kept separate

So use single database of config info w Grouper attributes.
Does that cause a bootstrap problem?
Have to get Grouper running to connect to database
Would go into attribute tables but not be accessed thru attribute APIs
Q: What’s the issue w database tables? (attributes are used instead)
A: Have to change the DDL
Have to handle point in time history
Credentials should be in the database and be encrypted
General Expression Groups rather than composite Groups
Florida interested in more discovery
Changing and building a group are hindered by composite limit
Idea is on a single group you could specify multiple “ands” to form final group
Could be complicated, a new group type
But would make Group Expressions more approachable and editable
Will see where this fits into the roadmaps
Issue roundup

• Demo server monitoring and lists

• UI accessibility

• Mysql migration not working

• Apereo pre-conference Grouper Training might not happen due to lack of enrollment

• [AI for chris] Multiple matching subjects in UI

• Grouperdemo in docker browser

• Attribute framework questions (answered)

• PSPNG full sync problems [Chris’s fix worked]

• Attribute value on group delete

• Loader detect job makes no progress

• CSRF and UI install without all patches

• Grouper deployment guide folder layout

• Notes from BOF:
• External subjects with grouper

• [AI for chris] WS LDAP authentication

• [AI for chris] remove privileges from groups (Akki Kumar)

• SCIM install with installer?

• Load test at Auckland was ok

• Log4j issue running UI in eclipse


[AI] Emily ask Dean re Grouper training at 2017 TechEx in San Francisco (done)
Next Grouper Call : Wed. May 31, 2017





  • No labels