Page History

...

Install pspng

Code Block

[appadmin@fasttest-mgmt-01 lib]$ pwd
/opt/appserv/tomcat/apps/grouperWs/loader/lib
[appadmin@fasttest-mgmt-01 lib]$ cp /tmp/grouper.pspng-2.3.0/lib/custom/* .
[appadmin@fasttest-mgmt-01 lib]$ cp /tmp/grouper.pspng-2.3.0/dist/grouper-pspng-2.3.0.jar .
[appadmin@fasttest-mgmt-01 lib]$ more /tmp/grouper.pspng-2.3.0/README.txt

Patch pspng

Code Block

[appadmin@fasttest-mgmt-01 classes]$ cd /tmp
[appadmin@fasttest-mgmt-01 tmp]$ mkdir installer
[appadmin@fasttest-mgmt-01 tmp]$ cd installer/
[appadmin@fasttest-mgmt-01 installer]$ wget http://software.internet2.edu/grouper/release/2.3.0/grouper.installer-2.3.0.tar.gz
[appadmin@fasttest-mgmt-01 installer]$ tar xzf grouper.installer-2.3.0.tar.gz 
[appadmin@fasttest-mgmt-01 installer]$ cd grouper.installer-2.3.0
[appadmin@fasttest-mgmt-01 grouper.installer-2.3.0]$ java -jar grouperInstaller.jar 
Do you want to 'install' a new installation of grouper, 'upgrade' an existing installation,
  'patch' an existing installation, or 'createPatch' for Grouper developers
  (enter: 'install', 'upgrade', 'patch', 'createPatch' or blank for the default) [install]: patch
Enter in a Grouper temp directory to download tarballs (note: better if no spaces or special chars) [/tmp/installer/grouper.installer-2.3.0]: 
What do you want to patch?  api, ui, ws, pspng, or psp? [api]: pspng
Where is the grouper PSPNG installed? /opt/appserv/tomcat/apps/grouperWs/loader/

Note, upgrade loader to java7 instead of java6

Configure pspng (backup grouper-loader.properties first, then add this)

Code Block

 
#note the URL should start with ldap: or ldaps: if it is SSL.                                                                       
#It should contain the server and port (optional if not default), and baseDn,                                                       
#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu                                                                            
ldap.pennKiteAd.url = ldaps://someServer.upenn.edu:636/DC=kite,DC=upenn,DC=edu                                                            
#optional, if authenticated                                                                                                         
ldap.pennKiteAd.user = someUserName
#optional, if authenticated, note the password can be stored encrypted in an external file                                          
ldap.pennKiteAd.pass = ************


 
####################################                                                                                                
## PSPNG                                                                                                                            
####################################                                                                                                
changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_activedirectory.ldapPoolName = pennKiteAd
changeLog.consumer.pspng_activedirectory.memberAttributeName = member
changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}
changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Grouper,OU=LocalAuth,DC=kite-dev,DC=upenn,DC=edu
changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group
changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name}))
changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group
changeLog.consumer.pspng_activedirectory.userSearchBaseDn = DC=kite-dev,DC=upenn,DC=edu
changeLog.consumer.pspng_activedirectory.userSearchFilter = employeeID=${subject.id}
changeLog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,uid,mail,samAccountName, uidNumber,objectclass,employeeID
changeLog.psp.fullSync.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter
changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?
# This happens in the background, so should usually be enabled, and should _definitely_
# be enabled when new provisioners are added 
changeLog.psp.fullSync.runAtStartup = true

Test LDAP connectivity via GSH, run a simple filter that returns a string

Code Block
edu.internet2.middleware.grouper.ldap.LdapSession.list(String.class, "pennKiteAd", "OU=UnivOfPennsylvania", LdapSearchScope.SUBTREE_SCOPE, "(CN=mchyzer)", "cn");

Note, had to create the attributes for pspng

Code Block

GrouperSession grouperSession = GrouperSession.startRootSession();
long gshTotalObjectCount = 0L;
long gshTotalChangeCount = 0L;
long gshTotalErrorCount = 0L;
StemSave stemSave = new StemSave(grouperSession).assignName("etc:pspng").assignCreateParentStemsIfNotExist(true).assignDescription("Location for pspng-management objects.").assignDisplayName("etc:pspng");
stem = stemSave.save();
gshTotalObjectCount++;
if (stemSave.getSaveResultType() != SaveResultType.NO_CHANGE) { System.out.println("Made change for stem: " + stem.getName()); gshTotalChangeCount++;}
System.out.println(new Date() + " Done with folders, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);
System.out.println(new Date() + " Done with groups, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);
System.out.println(new Date() + " Done with composites, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);
AttributeDefSave attributeDefSave = new AttributeDefSave(grouperSession).assignName("etc:pspng:do_not_provision_to_def").assignCreateParentStemsIfNotExist(true).assignToGroup(true).assignToStem(true).assignAttributeDefType(AttributeDefType.type).assignMultiAssignable(true).assignMultiValued(false).assignValueType(AttributeDefValueType.string);
AttributeDef attributeDef = attributeDefSave.save();
gshTotalObjectCount++;
if (attributeDefSave.getSaveResultType() != SaveResultType.NO_CHANGE) {System.out.println("Made change for attributeDef: " + attributeDef.getName()); gshTotalChangeCount++;}
AttributeDefSave attributeDefSave = new AttributeDefSave(grouperSession).assignName("etc:pspng:provision_to_def").assignCreateParentStemsIfNotExist(true).assignToGroup(true).assignToStem(true).assignAttributeDefType(AttributeDefType.type).assignMultiAssignable(true).assignMultiValued(false).assignValueType(AttributeDefValueType.string);
AttributeDef attributeDef = attributeDefSave.save();
gshTotalObjectCount++;
if (attributeDefSave.getSaveResultType() != SaveResultType.NO_CHANGE) {System.out.println("Made change for attributeDef: " + attributeDef.getName()); gshTotalChangeCount++;}
System.out.println(new Date() + " Done with attribute definitions, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);
System.out.println(new Date() + " Done with role hierarchies, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);
attributeDef = AttributeDefFinder.findByName("etc:pspng:do_not_provision_to_def", false);
if (attributeDef != null) { int changeCount = attributeDef.getAttributeDefActionDelegate().configureActionList("assign"); gshTotalObjectCount+=1; if (changeCount > 0) { gshTotalChangeCount+=changeCount; System.out.println("Made " + changeCount + " changes for actionList of attributeDef: etc:pspng:do_not_provision_to_def");  } } else { gshTotalErrorCount++;  System.out.println("ERROR: cant find attributeDef: 'etc:pspng:do_not_provision_to_def'"); }
attributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", false);
if (attributeDef != null) { int changeCount = attributeDef.getAttributeDefActionDelegate().configureActionList("assign"); gshTotalObjectCount+=1; if (changeCount > 0) { gshTotalChangeCount+=changeCount; System.out.println("Made " + changeCount + " changes for actionList of attributeDef: etc:pspng:provision_to_def");  } } else { gshTotalErrorCount++;  System.out.println("ERROR: cant find attributeDef: 'etc:pspng:provision_to_def'"); }
System.out.println(new Date() + " Done with attribute actions, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);
System.out.println(new Date() + " Done with attribute action hierarchies, objects: " + gshTotalObjectCount + ", expected approx total: 8, changes: " + gshTotalChangeCount + ", known errors (view output for full list): " + gshTotalErrorCount);

dsfsdf

Page tree

Versions Compared

Old Version 17

New Version 18

Key