- Setup an LDAP source, here is one I googled from the Internet (public unauthenticated). Put this in the sources.xml in all groupers (WS, UI, loader, whatever)
<source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"> <id>cmuDirectory</id> <name>CMU Directory</name> <type>person</type> <init-param> <param-name>INITIAL_CONTEXT_FACTORY</param-name> <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> </init-param> <init-param> <param-name>PROVIDER_URL</param-name> <param-value>ldap://ldap.andrew.cmu.edu:389</param-value> </init-param> <init-param> <param-name>SECURITY_AUTHENTICATION</param-name> <param-value>none</param-value> </init-param> <init-param> <param-name>SubjectID_AttributeType</param-name> <param-value>guid</param-value> </init-param> <init-param> <param-name>SubjectID_formatToLowerCase</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>Name_AttributeType</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>Description_AttributeType</param-name> <param-value>cn</param-value> </init-param> <!-- /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE /// For filter use --> <search> <searchType>searchSubject</searchType> <param> <param-name>filter</param-name> <param-value> (& (guid=%TERM%) (objectclass=cmuPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=person,dc=cmu,dc=edu </param-value> </param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value> (& (cmuAndrewCommonNamespaceId=%TERM%) (objectclass=cmuPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=person,dc=cmu,dc=edu </param-value> </param> </search> <search> <searchType>search</searchType> <param> <param-name>filter</param-name> <param-value> (& (|(guid=%TERM%)(|(cn=*%TERM%*)(cmuAndrewCommonNamespaceId=*%TERM%*)))(objectclass=cmuPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=person,dc=cmu,dc=edu </param-value> </param> </search> <init-param> <param-name>sortAttribute0</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> <!-- ///Attributes you would like to display when doing a search --> <attribute>cn</attribute> <attribute>guid</attribute> <attribute>cmuAndrewCommonNamespaceId</attribute> </source>
- Set this in the grouper-loader.properties
################################# ## LDAP connections ################################# # specify the ldap connection with user, pass, url # the string after "ldap." is the ID of the connection, and it should not have # spaces or other special chars in it. In this case is it "personLdap" ldap.personLdap.url = ldap://ldap.andrew.cmu.edu/dc=cmu,dc=edu ldap.personLdap.user = ldap.personLdap.pass =
- Create folder/group test:testGroup
- Use new attribute framework to assign ldap loader
- Text version:
test:testGroup: grouperLoaderLdapDef subject attribute name: guid search base DN: ou=person quartz cron: 0 0 8 * * ? filter: (& (cmuAndrewCommonNamespaceId=*dest*) (objectClass=cmuPerson)) server ID: personLdap type: LDAP_SIMPLE
- If you want you can turn debug on in the log4j.properties
log4j.logger.edu.internet2.middleware.grouper.app.loader = DEBUG
- Run the loader job
gsh 0% grouperSession = GrouperSession.startRootSession(); gsh 1% loaderGroup = GroupFinder.findByName(grouperSession, "test:testGroup"); gsh 2% loaderRunOneJob(loaderGroup); 2013-06-02 16:47:28,725: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1926) - - test:testGroup start syncing membership 2013-06-02 16:47:28,726: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1942) - - test:testGroup syncing 13 rows 2013-06-02 16:47:28,733: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2055) - - Done assigning privilege to related groups: test:testGroup 2013-06-02 16:47:28,881: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/4A10366C-D7F4-11D5-8000-080020CC75D3, 1 of 13 subjects 2013-06-02 16:47:29,175: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/00000000-0000-1000-3F70-0800207F02E6, 2 of 13 subjects 2013-06-02 16:47:29,301: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/00000000-0000-1000-79FA-0800207F02E6, 3 of 13 subjects 2013-06-02 16:47:29,405: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/2BF70E82-BD36-11D9-8000-0003BA2FA263, 4 of 13 subjects 2013-06-02 16:47:29,717: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/07696C48-CBA2-11D9-8001-0003BA2FA263, 5 of 13 subjects 2013-06-02 16:47:29,854: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/AE334D56-7E40-11DD-8001-0003BA2FA263, 6 of 13 subjects 2013-06-02 16:47:29,970: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/1A97ED54-3C6D-11DE-8001-0003BA2FA263, 7 of 13 subjects 2013-06-02 16:47:30,267: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/7404BCDC-9794-11DE-8001-0003BA2FA263, 8 of 13 subjects 2013-06-02 16:47:30,426: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/293ABE32-109C-11DF-8000-0003BA2FA263, 9 of 13 subjects 2013-06-02 16:47:30,554: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/8F2D682C-6261-11DF-8000-0003BA2FA263, 10 of 13 subjects 2013-06-02 16:47:30,841: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/D6914E6E-E0D7-11DF-8001-00144F799A7A, 11 of 13 subjects 2013-06-02 16:47:30,991: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/55F202B2-72F9-11E0-8001-00144F799A7A, 12 of 13 subjects 2013-06-02 16:47:31,099: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2149) - - test:testGroup will add subject to group: CMU Directory/8B075248-925C-11E2-8000-00144F799A7A, 13 of 13 subjects 2013-06-02 16:47:32,211: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 55F202B2-72F9-11E0-8001-00144F799A7A, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,254: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 00000000-0000-1000-3F70-0800207F02E6, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,302: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: AE334D56-7E40-11DD-8001-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,346: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 07696C48-CBA2-11D9-8001-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,402: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 1A97ED54-3C6D-11DE-8001-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,447: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 4A10366C-D7F4-11D5-8000-080020CC75D3, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,486: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 2BF70E82-BD36-11D9-8000-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,529: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 8F2D682C-6261-11DF-8000-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,577: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 00000000-0000-1000-79FA-0800207F02E6, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,621: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: D6914E6E-E0D7-11DF-8001-00144F799A7A, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,678: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 293ABE32-109C-11DF-8000-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,721: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 7404BCDC-9794-11DE-8001-0003BA2FA263, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,769: [main] DEBUG GrouperLoaderType$10.callback(2256) - - Group: test:testGroup add Subject id: 8B075248-925C-11E2-8000-00144F799A7A, sourceId: pennDirectory, alreadyAdded: false 2013-06-02 16:47:32,769: [main] INFO GrouperLoaderType.syncOneGroupMembership(2301) - - test:testGroup done syncing membership, processed 13 records. Total members: 13, inserts: 13, deletes: 0 loader ran successfully, inserted 13 memberships, deleted 0 memberships, total membership count: 13
fds