Child pages
  • Grouper Call 27-Feb-2013
Skip to end of metadata
Go to start of metadata

Minutes, Grouper call 27-Feb-2013

Tom Barton, U. Chicago (chair)  
Chris Hyzer, University of Pennsylvania  
Shilen Patel, Duke University
David Langenberg, U. Chicago
Michael Girgis, U. Chicago
Jim Fox, University of Washington
Michael Gettes, CMU
Emily Eisbruch, Internet2, scribe

New Action Items
[AI] (Dave) do a Doodle poll to meet with Chris and Shilen
[AI] (Dave) determine and report back on what's needed for a test environment
[AI] (Shilen) respond to the list on the issue of deleting attribute definitions.

Carry Over Action Items
[AI] (Chris) investigate issues around Java 7 and JUNIT
[AI] (Emily) look at thread on attributes and permissions and make suggestions on improving wiki doc if needed.
[AI] SteveO share the Grouper Download page notification with Andrew to get his input
[AI] (Chris) upgrade the Grouper demo to the latest Grouper version 2.1
[AI] (unassigned) add info to the wiki regarding doing testing on provisioning
[AI] (unassigned) put test data in the Grouper demo to show using an LDAP source.


Welcome Dave Langenberg

-Welcome Dave as new member of the Grouper Dev Team.
-Initially, Dave will focus his work on the PSP.
-Eventually it would be good to develop additional tools or connectors so others can easily integrate with or add onto Grouper's provisioning capabilities.
-Dave will do a Doodle poll to find a time to meet with Chris and Shilen, and he will also meet with TomZ.
-SteveO has set up SVN, JIRA, and Confluence access for Dave and is handling the contributors agreement.

-Dave will explore the required environments for development and testing,  
[AI] (Dave) determine and report back on what's needed for a test environment

Design for Converting Legacy Attributes - Shilen

Shilen outlined the planned work on legacy attribute migration to the new attribute framework:

- Goal is to deprecate the legacy attributes in favor of the new attribute framework as part of the migration to Grouper 2.2
- Will need to change the API around the legacy attributes so they work with the new attribute framework
- There are many objects used by the legacy framework that must change
- Group types, fields, and lists are being deprecated.
- read and write privileges on a group work quite differently in the new attribute framework.

-It was suggested that for group types, migrating from old to new (for adding and deleting capabilities) may not be necessary.
-In addition, there may be cases where  auto-updating of legacy privileges may not be feasible.
-Thanks to Shilen for this excellent start to the work.

Grouper UI Update

Michael Girgis is waiting for the developers to review his notes before he does any more works on the wireframes for the new Grouper UI

Adding Additional Connections Between Grouper and LDAP

CMU has issues adding additional connections between Grouper and LDAP.
Only 3 connections get used, but the CMU LDAP server could potentially handle more.
1. Have multple threads running to proces multiple changes at once
2. Have PSP batch updates to LDAP

Michael Gettes says that CMU will try to do both 1 and 2.
Currently, it's taking 7-8 hours to populate a group of 30,000, causing backlog since only 3 connections are operating.
Can't use a loader job because users want to do creation of groups on their own.

Chris: the change log works with pointers on a queue. Using a thread is fine if there are no errors, but using threads gets harder to manage if there are errors. Might need to keep a table of successful records rather than a pointer.

Q: Tom: Can a transaction ID be used to help multithreading?
A: Yes we potentially could implement that, using a sequential number

Q: What happens now when there is an error?
A: The change log processor may generate an exception, may halt on error or just keep on going (depending on the mode)

About vt-LDAP and the apparent max of 3 connections, Michael Gettes noticed that it seems one thread is being used for searching, another for group object changes and another for updating user objects.

Dave said that his group takes transactions out of the LDAP change log. Dave has ideas of how to approach some of the issues that have been raised. CMU offered  to help, to work with Dave in solving this issue and also validating other aspects  of PSP.

Role Grantees Issue

A question on last Grouper call involved the need for reassignment of privileges on a group.
Chris's created potential solutions on these three wiki pages. Please give him feedback:

Release of Grouper 2.1.4

There is an issue of unintended consequences of deleting attribute definitions

[AI] (Shilen) will respond to the list on the issue of deleting attribute definitions.

Goal for next release of Grouper 2.1.4 is one month

Completion of Grouper Training Videos

Congratulations to Grouper Training Team on completing the Grouper Training Videos

IAM Online

IAM Online on Wed. March 13, 2013 at 3pm ET.
Topic is: Three Campus Case Studies of Managing Access with Grouper
-Host: Tom Barton
-Paul Donahue, University of Wisconsin- Madison
-Sebastien Gagne, University of Montreal
-Rahul Doshi and Michael Gettes, Carnegie Mellon University (CMU)

For full info see

Next Grouper Call: Wed. March 13, 2013

  • No labels