...
Install pspng
Code Block [appadmin@fasttest-mgmt-01 lib]$ pwd /opt/appserv/tomcat/apps/grouperWs/loader/lib [appadmin@fasttest-mgmt-01 lib]$ cp /tmp/grouper.pspng-2.3.0/lib/custom/* . [appadmin@fasttest-mgmt-01 lib]$ cp /tmp/grouper.pspng-2.3.0/dist/grouper-pspng-2.3.0.jar . [appadmin@fasttest-mgmt-01 lib]$ more /tmp/grouper.pspng-2.3.0/README.txt
Patch pspng
Code Block [appadmin@fasttest-mgmt-01 classes]$ cd /tmp [appadmin@fasttest-mgmt-01 tmp]$ mkdir installer [appadmin@fasttest-mgmt-01 tmp]$ cd installer/ [appadmin@fasttest-mgmt-01 installer]$ wget http://software.internet2.edu/grouper/release/2.3.0/grouper.installer-2.3.0.tar.gz [appadmin@fasttest-mgmt-01 installer]$ tar xzf grouper.installer-2.3.0.tar.gz [appadmin@fasttest-mgmt-01 installer]$ cd grouper.installer-2.3.0 [appadmin@fasttest-mgmt-01 grouper.installer-2.3.0]$ java -jar grouperInstaller.jar Do you want to 'install' a new installation of grouper, 'upgrade' an existing installation, 'patch' an existing installation, or 'createPatch' for Grouper developers (enter: 'install', 'upgrade', 'patch', 'createPatch' or blank for the default) [install]: patch Enter in a Grouper temp directory to download tarballs (note: better if no spaces or special chars) [/tmp/installer/grouper.installer-2.3.0]: What do you want to patch? api, ui, ws, pspng, or psp? [api]: pspng Where is the grouper PSPNG installed? /opt/appserv/tomcat/apps/grouperWs/loader/
Note, upgrade loader to java7 instead of java6
Configure pspng (backup grouper-loader.properties first, then add this)
Code Block #note the URL should start with ldap: or ldaps: if it is SSL. #It should contain the server and port (optional if not default), and baseDn, #e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu ldap.pennKiteAd.url = ldaps://someServer.upenn.edu:636/DC=kite,DC=upenn,DC=edu #optional, if authenticated ldap.pennKiteAd.user = someUserName #optional, if authenticated, note the password can be stored encrypted in an external file ldap.pennKiteAd.pass = ************ #################################### ## PSPNG #################################### changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ? changeLog.consumer.pspng_activedirectory.ldapPoolName = pennKiteAd changeLog.consumer.pspng_activedirectory.memberAttributeName = member changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()} changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Grouper,OU=LocalAuth,DC=kite-dev,DC=upenn,DC=edu changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name})) changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group changeLog.consumer.pspng_activedirectory.userSearchBaseDn = DC=kite,DC=upenn,DC=edu changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id} changeLog.psp.fullSync.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? # This happens in the background, so should usually be enabled, and should _definitely_ # be enabled when new provisioners are added changeLog.psp.fullSync.runAtStartup = true
Test LDAP connectivity via GSH, run a simple filter that returns a string
Code Block edu.internet2.middleware.grouper.ldap.LdapSession.list(String.class, "pennKiteAd", "OU=UnivOfPennsylvania", LdapSearchScope.SUBTREE_SCOPE, "(CN=mchyzer)", "cn");
- sdf
s
Connect exception
Code Block |
---|
Caused by: [org.ldaptive.OperationException@284819482::resultCode=SERVER_DOWN, matchedDn=null, responseControls=null, referralURLs=[], messageId=-1, message=LDAPException(resultCode=81 (server down), errorMessage='The connection to server server:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='user'): An I/O error occurred while trying to read the response from the server: java.net.SocketException: Connection reset'), providerException=LDAPException(resultCode=81 (server down), errorMessage='The connection to server server:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='user'): An I/O error occurred while trying to read the response from the server: java.net.SocketException: Connection reset')]
at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:50)
at org.ldaptive.provider.unboundid.UnboundIDConnection.processLDAPException(UnboundIDConnection.java:543)
at org.ldaptive.provider.unboundid.UnboundIDConnection.simpleBind(UnboundIDConnection.java:224)
at org.ldaptive.provider.unboundid.UnboundIDConnection.bind(UnboundIDConnection.java:151)
at org.ldaptive.BindOperation.invoke(BindOperation.java:28)
at org.ldaptive.BindOperation.invoke(BindOperation.java:9)
at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)
at org.ldaptive.BindConnectionInitializer.initialize(BindConnectionInitializer.java:156)
at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:269)
at org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:451)
at org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:490)
at org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:340)
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:237)
... 13 more
Caused by: LDAPException(resultCode=81 (server down), errorMessage='The connection to server serve:port was closed while waiting for a response to a bind request SimpleBindRequest(dn='user'): An I/O error occurred while trying to read the response from the server: java.net.SocketException: Connection reset')
at com.unboundid.ldap.sdk.SimpleBindRequest.handleResponse(SimpleBindRequest.java:718)
at com.unboundid.ldap.sdk.SimpleBindRequest.process(SimpleBindRequest.java:570)
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2151)
at org.ldaptive.provider.unboundid.UnboundIDConnection.simpleBind(UnboundIDConnection.java:218)
... 23 more |