Versions Compared

Old Version 29

changes.mady.by.user mmoayyed@unicon.net

Saved on

compared with

New Version 30

changes.mady.by.user Bert Bee-Lindgren (gatech.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated Full-Sync provisioning to describe PSPNG Patch #11 changes.

...

  1. Grouper/PSPNG has no ability to keep accounts up to date; it only creates them if they're missing, and
  2. Your Grouper-subject mappings probably don't have some of the information needed for account provisioning. And, even if all you need is name, username, and email address (which are probably in your subject mappings), you'll still run into problem (1) where Grouper offers no mechanism to update name and email address when they change in your subject source.

 

Full SYNC Provisioning

Upgrade warning (PSPNG Patch #11, June 8, 2017): The Full-Sync-provisioning improvements in Grouper 2.3/PSPNG Patch #11 are configured with new, better properties. (You should no longer use the properties that start with changeLog.psp.fullSync.) 

 

In the background of PSPNG, there is always a full-sync-provisioning engine running which is automatically used when incremental provisioning finds conflicting changes or otherwise is unable to handle the changelog events. The full-sync items in grouper-loader.properties do not alter/configure the background engine but instead define quartz jobs that send all the groups marked for provisioning into the queues that drive the full-sync engine. Additionally, if a provisioner is "authoritative" (changeLog.consumer.<provisioner>.grouperIsAuthoritative=true), then a cleanup task is included in the scheduled job which will delete extra groups or attributes that no longer exist in the Group Registry. (Note: Data in a provisioning target will always get deleted by incremental provisioning when groups are deleted, regardless whether a provisioner is authoritative. Full-sync cleanup is just a safety net in case incremental provisioning misses something, or if the data was written into the target system outside of PSPNG.)

Each provisioner that wants to schedule periodic full-syncs will need the following lines included in grouper-loader.properties:This happens in the background, so should usually be enabled, and MUST be enabled when new provisioners are added.

 

Code Block
titleFull Sync Provisioner
changeLog.psp.fullSyncotherJob.<provisioner-name>_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter
changeLog.psp.fullSync.otherJob.<provisioner-name>_full.quartzCron = 0 0 50 * * ?
changeLog.psp.fullSync.runAtStartup = true   #Every midnight

# Note, there is presently no "runAtStartup" option as there was before PSPNG Patch #11. Please see GRP-1563.

Provisioner Templates

The syntax for each line is:

...