Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redman, University of North Carolina Chapel Hill
- Vivek Sachdiva, independent
- Carey Black, the Ohio State University
- Emily Eisbruch, Internet2
New Action Item
AI Chris and Shilen - chat about duplicate subject identifiers
Discussion
Shorter than usual Grouper call today, just to catch up, and touch bsae
due to Chris and Chad being busy with Grouper Training
Administrivia
- https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
- Approve minutes
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda bash
Grouper Training June 22-25, 2021
https://www.incommon.org/academy/grouper/
Current Work
Vivek
- Provisioning and Configuration work
- Changes on UI
- Loader options
- SQL display names config
- Sync display extensions for folders
- Group sync display name
- Chris: SQL feature is extremely useful
Shilen
- Last week looked at duplicate subject identifiers
- Solve that by new member being added or subject identifier updated , check to see if it exists on a deleted member, if yes, clear it on the deleted member. Not sure if that solved the issue. Duplicated subject ID could still be added.
- Should USDU do a full check on that?
- Could still have a few days where duplicates exist
- AI Chris and Shilen will chat on duplicate subject identifiers
- Waiting on retrieve memberships, Chris will do framework changes
Chris
- Doing Grouper Training, going well so far
- Worked on loader security
- Spoke w Vivek about provisioning
- With every implementation of provisioning, we are almost there but not quite
- There are tasks remaining
- But need to get useful product out there
- Trying not to do recalcs on incremental provisioning
- Make it faster
- For LDAP must do individual membership provisioning
- When debugging this, on DUO provisioner, things are complex and not 100% correct
- Need plan
- Full sync is decent now
- Incremental is more complex
- Events come in where we are sure we know what to do
- It’s a non recalc
- Data comes in that conflicts
- That is a recalc
- Both processes have same workflow
- Grouper not always doing correct thing as far as what to recalc and what is an event to send to target
- If group needs to have recalc,
- Now it recalcs all the individual subjects too
- Vivek and Chris will take those cases and put them into until tests
- And interrogate
- Two workflows, one for recalc, one not for recalc?
- Shilen: sounds good, having unit tests will be helpful
- Vivek: unit tests will help
- Can refactor and make changes with confidence
- Matt: its complex
- Like the changelog consumer
- Less magic going on
- Less magic going on
- It’s ambitious to use the approach being used
- When all else fails, treat it like an event queue
- Changelog model is the model that works best
- Security on the UI has been mentioned as an issue
- Provisioning will help this
- In Grouper training doing entity attribute LDAP provisioning
- Put a bunch of validations on the screen
- Need to configure groups to say what part is entity attribute but we are not doing anything w groups on the target
- Hard to make a generic solution
- Chad: provisioning to LDAP is basic
- If we have a template or mapping for these basic things, then not everyone needs to understand the details
- Currently you get as far as you can and you get errors and are not sure what to do
- If we have a template or mapping for these basic things, then not everyone needs to understand the details
- Better examples on the wiki will help
- LDAP provisioning UI is quite overwhelming and can get confusing
- Matt: could help to use a table for mapping
- A goes to B
- Visualization of provisioning config
- Can picture some easy wizards to help get started
- A goes to B
- Next pass: LDAP examples that work
- Duo provisioner
- Someone wants SCIM provisioner that goes to GITHUB
- Need to provide examples on the wiki
- We are making progress
Issue Roundup
Jiras in past two weeks
Provisioning entity attribute gives error about missing group DN
GSH Templates for existing rules
hook servlet context is not set in membership import
getName() can return nulls, but the code that call getName() cannot
subject identifier 0 is stale in sync_member table
add option to delete from "unresolvable subjects" lookup screen
usdu and unique subject identifier0
legacy lite ui servlet mapping ca
Grouper Emails in past two weeks
- [grouper-users] Adding the Grouper Deployment Guide structure via GSH, David A. Kovacic, 06/15/2021
- Re: [grouper-users] Adding the Grouper Deployment Guide structure via GSH, Jonathan Keller, 06/15/2021
- Re: [grouper-users] Adding the Grouper Deployment Guide structure via GSH, David A. Kovacic, 06/16/2021
- Re: [grouper-users] Adding the Grouper Deployment Guide structure via GSH, David A. Kovacic, 06/17/2021
- Re: [grouper-users] Adding the Grouper Deployment Guide structure via GSH, Jonathan Keller, 06/17/2021
- Re: [grouper-users] Adding the Grouper Deployment Guide structure via GSH, David A. Kovacic, 06/21/2021
- Re: [grouper-users] Adding the Grouper Deployment Guide structure via GSH, David A. Kovacic, 06/21/2021
- [grouper-users] Looping ajax error with grouper 2.5 container, Andre Daniels, 06/17/2021
- Re: [grouper-users] Looping ajax error with grouper 2.5 container, Bruce Timberlake, 06/17/2021
- [grouper-users] Will like to added to Incommon-grouper Slack channel, Anwar Aliy, 06/18/2021
Grouper wiki updates in past two weeks
- Grouper provisioning strategy
- Grouper Training Environment
- Grouper - Loader
- Grouper custom template via GSH impersonate testing helper
- Grouper Duo integration
Next Grouper Call: Wed July 7, 2021