This page is obsolete. Refer instead to Grouper Provisioning Plugin. |
COmanage Registry can be connected with Grouper for three purposes:
These are configured separately – it is not necessary to use Grouper for all three purposes.
These instructions are written for Grouper version 2.1.2 and assume a working knowledge of Grouper, the Grouper UI, and Grouper web services. Details for deploying and configuring Grouper are out of scope for this document and can be found at the Grouper wiki. |
As of Registry 0.7 using the Registry as a JDBC Subject source for Grouper must be configured before the initial Registry configuration and deployment. |
As of Registry 0.7 using the Registry as a JDBC Subject source for Grouper requires MySQL. PostgreSQL is not supported as of version 0.7. |
Edit the file registry-source/app/Plugin/Grouper/Config/bootstrap.php
and set the configuration option Grouper.useCOmanageSubjectSource
to true
.
If you intend Registry to store and manage group information in Grouper in addition to using Registry as a Subject source for Grouper then read below for additional configuration details. |
Configure a Grouper JDBC Subject source to use Registry entries in the database. The recommended sources.xml
configuration is attached.
Be sure to grant a Grouper user read access to the Registry database tables and configure the grouper.hibernate.properties file appropriately. |
These instructions are written for Grouper version 2.1.2 and assume a working knowledge of Grouper, the Grouper UI, and Grouper web services. Details for deploying and configuring Grouper are out of scope for this document and can be found at the Grouper wiki. |
As of Registry 0.7 managing group information in Grouper must be configured before the initial Registry configuration and deployment. |
As of Registry 0.7 managing group information in Grouper requires that Grouper use Registry as a subject source. See above for details on how to configure Registry so that Grouper can use it as a subject source. |
Registry manages group information in Grouper using the Grouper web services interface. Please make sure you have a functional Grouper web services deployment before continuing. It may be necessary to set up a temporary subject source for Grouper to be confident that the Grouper web services interfaces are working properly. |
GrouperSystem
using a passphrase. We recommend this approach.registry-source/app/Config/Schema/schema.xml
and make the following changes:<table name="co_groups">
element change <field name="id" type="I">
to <field name="id" type="C" size="36" >
.<autoincrement />
element that is part of the id field definition.<table name="co_group_members">
element change <field name="id" type="I">
to <field name="id" type="C" size="36" >
.<table name="co_group_members">
element change <field name="co_group_id" type="I">
to <field name="co_group_id" type="C" size="36">
.<autoincrement />
element that is part of the id field definition.registry-source/app/Plugin/Grouper/Config/bootstrap.php
and make the following changes:Grouper.COmanage.useGrouperDataSource
to true
.COmanage.groupSqlDataSource
to false
since Grouper itself is not a relational database store.Grouper.scheme
of https
is correct. We strongly recommend using HTTPS.Grouper.host
to be the fully qualified domain name of the server hosting your Grouper web services deployment.Grouper.port
of 443
is correct or change it to be the port used to connect to the Grouper.host
on the server.Grouper.user
for the name of the privileged Grouper user that will be used to create stems, groups, and assign attributes. GrouperSystem
is a typical value.Grouper.pass
for the associated passphrase for the privileged Grouper user.Grouper.basePath
of grouper-system/servicesRest/v2_1_000/
is the correct URL prefix for accessing Grouper REST web services for your Grouper web services deployment.Set the configuration option Grouper.COmanage.baseStem
for the stem that should be used for storing Registry group information. All group information will be stored using stems and groups within the base stem. We recommend the default setting Reference:COmanageDataSource
.
If you do not use the default |
Some attribute definitions need to be made in your Grouper deployment before deploying Registry and using Grouper as a data source. This is most easily done by using a Registry Grouper plugin shell script to create a Grouper Shell (GSH) script and then executing the GSH script. To create the script:
$ cd app $ ./Console/cake Grouper.makeAttributeDefScript /tmp/attrdefs.gsh |
Execute the attribute definition script using GSH. The details will depend on your Grouper deployment. Here is an example execution of the script:
$ cd /opt/grouper/grouper $ sudo -u tomcat6 ./bin/gsh.sh < /tmp/attrdefs.gsh |
You can use the Grouper Lite UI to verify the creation of the attribute definitions and attribute definition names by filtering for cm_
.
As of version 0.7 provisioning Registry data into Grouper is not yet supported. |