Page History

...

Install pspng

Code Block

[appadmin@fasttest-mgmt-01 lib]$ pwd
/opt/appserv/tomcat/apps/grouperWs/loader/lib
[appadmin@fasttest-mgmt-01 lib]$ cp /tmp/grouper.pspng-2.3.0/lib/custom/* .
[appadmin@fasttest-mgmt-01 lib]$ cp /tmp/grouper.pspng-2.3.0/dist/grouper-pspng-2.3.0.jar .
[appadmin@fasttest-mgmt-01 lib]$ more /tmp/grouper.pspng-2.3.0/README.txt

Patch pspng

Code Block

[appadmin@fasttest-mgmt-01 classes]$ cd /tmp
[appadmin@fasttest-mgmt-01 tmp]$ mkdir installer
[appadmin@fasttest-mgmt-01 tmp]$ cd installer/
[appadmin@fasttest-mgmt-01 installer]$ wget http://software.internet2.edu/grouper/release/2.3.0/grouper.installer-2.3.0.tar.gz
[appadmin@fasttest-mgmt-01 installer]$ tar xzf grouper.installer-2.3.0.tar.gz 
[appadmin@fasttest-mgmt-01 installer]$ cd grouper.installer-2.3.0
[appadmin@fasttest-mgmt-01 grouper.installer-2.3.0]$ java -jar grouperInstaller.jar 
Do you want to 'install' a new installation of grouper, 'upgrade' an existing installation,
  'patch' an existing installation, or 'createPatch' for Grouper developers
  (enter: 'install', 'upgrade', 'patch', 'createPatch' or blank for the default) [install]: patch
Enter in a Grouper temp directory to download tarballs (note: better if no spaces or special chars) [/tmp/installer/grouper.installer-2.3.0]: 
What do you want to patch?  api, ui, ws, pspng, or psp? [api]: pspng
Where is the grouper PSPNG installed? /opt/appserv/tomcat/apps/grouperWs/loader/

Note, upgrade loader to java7 instead of java6

Configure pspng (backup grouper-loader.properties first, then add this)

Code Block

 
#note the URL should start with ldap: or ldaps: if it is SSL.                                                                       
#It should contain the server and port (optional if not default), and baseDn,                                                       
#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu                                                                            
ldap.pennKiteAd.url = ldaps://someServer.upenn.edu:636/DC=kite,DC=upenn,DC=edu                                                            
#optional, if authenticated                                                                                                         
ldap.pennKiteAd.user = someUserName
#optional, if authenticated, note the password can be stored encrypted in an external file                                          
ldap.pennKiteAd.pass = ************


 
####################################                                                                                                
## PSPNG                                                                                                                            
####################################                                                                                                
changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_activedirectory.ldapPoolName = pennKiteAd
changeLog.consumer.pspng_activedirectory.memberAttributeName = member
changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}
changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Grouper,OU=LocalAuth,DC=kite-dev,DC=upenn,DC=edu
changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group
changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name}))
changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group
changeLog.consumer.pspng_activedirectory.userSearchBaseDn = DC=kite,DC=upenn,DC=edu
changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id}

changeLog.psp.fullSync.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter
changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?
# This happens in the background, so should usually be enabled, and should _definitely_                                             
# be enabled when new provisioners are added                                                                                        
changeLog.psp.fullSync.runAtStartup = true

Test LDAP connectivity via GSH, run a simple filter that returns a string

Code Block
edu.internet2.middleware.grouper.ldap.LdapSession.list(String.class, "pennKiteAd", "OU=UnivOfPennsylvania", LdapSearchScope.SUBTREE_SCOPE, "(CN=mchyzer)", "cn");

sdf

s

Connect exception

Code Block

Caused by: [org.ldaptive.OperationException@284819482::resultCode=SERVER_DOWN, matchedDn=null, responseControls=null, referralURLs=[], messageId=-1, message=LDAPException(resultCode=81 (server down), errorMessage='The connection to server server:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='user'):  An I/O error occurred while trying to read the response from the server:  java.net.SocketException: Connection reset'), providerException=LDAPException(resultCode=81 (server down), errorMessage='The connection to server server:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='user'):  An I/O error occurred while trying to read the response from the server:  java.net.SocketException: Connection reset')]
        at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:50)
        at org.ldaptive.provider.unboundid.UnboundIDConnection.processLDAPException(UnboundIDConnection.java:543)
        at org.ldaptive.provider.unboundid.UnboundIDConnection.simpleBind(UnboundIDConnection.java:224)
        at org.ldaptive.provider.unboundid.UnboundIDConnection.bind(UnboundIDConnection.java:151)
        at org.ldaptive.BindOperation.invoke(BindOperation.java:28)
        at org.ldaptive.BindOperation.invoke(BindOperation.java:9)
        at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
        at org.ldaptive.BindConnectionInitializer.initialize(BindConnectionInitializer.java:156)
        at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:269)
        at org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:451)
        at org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:490)
        at org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:340)
        at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:237)
        ... 13 more
Caused by: LDAPException(resultCode=81 (server down), errorMessage='The connection to server serve:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='user'):  An I/O error occurred while trying to read the response from the server:  java.net.SocketException: Connection reset')
        at com.unboundid.ldap.sdk.SimpleBindRequest.handleResponse(SimpleBindRequest.java:718)
        at com.unboundid.ldap.sdk.SimpleBindRequest.process(SimpleBindRequest.java:570)
        at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2151)
        at org.ldaptive.provider.unboundid.UnboundIDConnection.simpleBind(UnboundIDConnection.java:218)
        ... 23 more

Page tree

Versions Compared

Old Version 14

New Version 15

Key

Connect exception