Child pages
  • 2-Oct-2019
Skip to end of metadata
Go to start of metadata



  • Chris Hyzer, Penn, Chair
  • Chad Redman, UNC
  • Shilen Patel, Duke
  • Carey Black, the Ohio State University
  • Bill Thompson, Lafayette
  • Vivek Sachdiva, independent
  • Jeff Williams UNCG
  • Emily Eisbruch, Internet2

Action Items

Action Items from this call

  • AI Chad look into latest version of Amazon Corretto Java
  • AI Bert check in code around subjects and subject sources
  • AI Shilen look at the issues and possibly create JIRA around member table enhancements
  • AI Chad do updates on the wiki around check style and MAVEN work
  • AI Chad look at Eclipse aspects  
  • AI Bert? Make jira for moving processing to daemon and  maybe support the “in process” UI elements for user awareness.  (not 100% sure this is right action item)


Next steps for bugs work and beyond

  • We have spent time on enhancements and on bugs,
  • Could spend more time, but need to switch gears and move forward.  
  • Make Branch for Grouper 2.5.
  • Then 2.4 will only be changed for security issues

Bug roundup in 2.4  ? 

  • UI search feature in top right corner does not handle % values correctly  ? 

  •  Grouper 2.3 group membership list does not allow assignment of attributes to a membership.

Still for Grouper 2.4: Import screen for database config - ChrisH is working on

  • Unit tests and stabilization tasks, do 1st pass at that before making branch

  • Chad: Major library upgrades? Hibernate (we are a few versions behind) or ehcache? 
  • There is something with add or join you can’t do in current version….
  • Chris suggests Stick with Java 8  And Tomcat 8.5
  • We need to move towards supporting/encouraging container deployments 
  • Maybe in Grouper 2.6 we only officially support containers.
  • Give the community a good lead time for the transition 
  • Upgrades can have regressions issues
  • Good to keep current w Hibernate version
  • On web services, the engagement with U of Auckland, they wanted parity with a local legacy group APIs, but there were some web service performance issues.  Perhaps we should reach out to Auckland around requirements
  • What are the expectations  around web services? This is what you can expect…
  • Main web services doc talks about versioning, for every version we make a new WSDL.
  • Old versions of web services are available. If you don’t upgrade your client, your web services will always work. 
  • Backwards compatible, bug fixes in one version will apply to all

Java version issues

For new branch

  • Grouper Client support JSON, Does not make sense in a patch
  • Web Service: do that in a new version 
  • Database. Have delete dates on groups
  • Membership description field in the database
  • Explore larger database column size?
  • WSDL

Will split these tasks/work items out among the Grouper team

Current work tasks, and next tasks

Vivek – Bugs, attribute assignments from attributes screen

  • Working on several bug fixes
  • Ran unit tests
  • Around 500 it gets stuck, running from Eclipse
  • Suggestion: run on demo server w HSQL
  • Shilen runs from command line
  • Vivek will try command that
  •   sometimes   a test with configs   messes up other tests
  • Attribute Def Filters and API and UI work - Chris and Vivek will work offline on this
  • Vivek would like to work on web services 
  • Web services paging: people want paging improved….
    • If data changes in backend you can skip or get repeats
    • Should be able to ask for everything after “x” for 100 records
    • Not all data is sorted in  point in time, discuss with Shilen
    • Issue with “jump to” pages
    • Query can jump around.
  • Membership, can we use data store to inherently provide dates based on events
  • Then we won’t have to maintain columns on our side
  • For snapshot of  this record on this date, currently we have point in time tables for that
  • You can see who is a group, but can’t see group description nor start and end dates
  • Don’t want to revamp that, but could expose it in web services
  • Also could make shadow services for point in time

Chris –  working on Bugs, attribute assign queries, training

  • Recently 4 patches released, about 25 bugs handled 
  • Good work that is helpful
  • Chris made a change in the installer
  • Problem w installer from scratch, we should look at that
  • Chris will finish database config import screen
  • Miscellaneous>> Configure>>Database Configuration
  • Penn will migrate to AWS at end of Oct
  • Hope to have all config in the database by then.
  • Hope to change in database

 Bert – working on Bugs

  • Doing support for U Minnesota
  • May fold in Bill on some PSPNG support 
  • Open LDAP experience at U Penn, Using PSPNG for AD

  • Subject selection filter  is something GA Tech has needed 
  • Filter for subject source, for each provisioner
  • Expose thru JEXL
  • Bert would like to work on this
  • GA Tech had recent experience where it too a long time to add  one member to a group that has privileges. It impacts that database for many groups. 
  • If adding a single person to a group, the flattening happens in daemon by time changelog process
  • If adding a group to a group, it can take time, or if there are many composite memberships
  • Can this be addressed in Grouper 2.5?
  • At least Grouper should report out on the progress
  • Should not time out and give an error
  • AI Bert? MAKE JIRA FOR MOVING PROCESSING TO DAEMON And maybe support the “in process” UI elements for user awareness.  (not 100% sure this is right action item)
  • Use case : Create group with many members, the PSPNG goes thru them slowly,
  • PSPSNG should see 1st time it’s not provisionable , then skip it next time
  • Bert: it does a set lookup, 
  • It’s not a data cache
  • Chris will look at it again, but it seemed slow… 
  • Patch 11 should fix that, along with several other issues
  • Suggestion to open more JIRAS for individual items rather than have one huge JIRA
  • Value paging where AD groups are not being found in entirety. Impacted Auckland,
  • Does LDAPTIVE paging need to be set explicitly? This could be part of the issue but not sure.
  • At OSU, on Grouper 2.3,  it’s set explicitly and it seems to work
  • Jeffrey: On Grouper 2.4 and it seems to work
  • ISACTIVEDIRECTORY flag drives this
  • So you should not have to set the handlers
  • Read the handlers or plugins?
  • Issue with extra members not getting removed

Shilen – working on Bugs

  • Enhancement to show status on Daemon page
  • JIRA for resolving subjects for loader
  • Work on database for Grouper 2.5
  • Only do blobs or clobs? 
  • Put blobs in DDL and use API to read them with all the databases
  • Grouper enabled/disabled could impact a lot of queries
  • Include “where enabled = true”
  •  subject lookup in loader... It’s related to membership tables
  • Efficiencies to speed up loader job
  • Using member table is still sometimes the right approach
  • But might not have all the data.
  • Do  dif to see what new subjects are 
  • Then go to subject sources
  • Just adding them to a group
  • AI Bert check in code around subjects and subject sources
  • Trying to optimize steady state of the loader
  • Subject finders could be improved, but hard to add to that code
  • AI Shilen, look at the issues and possibly create JIRA around member table enhancements
  • Use Lazy Subject feature?


  • Switched Maven builds to checkstyle? 
  • Scans licenses 
  • Checks tabs, redundant imports, and other issues
  • Spits out issues as warnings
  • No longer need -d license
  • Can kick this off manually is desired
  • Checks Java files and Property files
  • Legacy check style or newer check style that does more checks
  • There are some old files , default is to do checkstyle legacy
  • Can specify Maven to use a newer file
  • AI Chad do updates on the wiki around check style and MAVEN work
  • AI Chad look at Eclipse aspects 

  • Grouper team principle: We will not reformat existing files because that impacts DIFS

Chad will work on Libraries for Grouper 2.5

Support issue

  • Chad working on support issue around add member and remove member
  • Issue around replacing privileges
  • Used to be you could add custom list


  • Grouper Deployment Guide (GDG) Grouper Deployment Guide
  • Grouper training environment - updating for Grouper Training at Temple in Nov
  • Chris is promoting this Grouper training to staff at U Penn
  • Feel free to send a note to your colleagues
  • This Grouper Training could be for beginners

  • Bill, Chris, Jessica and Emily had a call on Sept 27. Decisions:
    • GDG future versions will not be in the  Doc Repository,
    • GDG version 1( in the doc repository ) will be deprecated.
    • The GDG will live on the wiki at
    • No more versioning for GDG
    • Bill will document these decisions on the wiki

  • For Grouper 2.5, Bill would like to work on  a solid DEV TEST testing environment and documentation, there are some notes on the dev environment but needs work
  • Work with Bert on PSPNG

Issue Roundup  

  Grouper-users list Emails 

  • Oct 2: Externalized Logging, Followup to July 2019 from U Montana, (Josh)
  • Oct 1: Error on Workflow Config
  • Sept 27 : 2.4.x installer fails, Problem reading config: 'database:grouper'
  • Sept 19: Double memberships in one group (J Crawford)
  • Sept 18 : installer 2.4.0: file grouper.psp-2.4.0.tar.gz missing from repository, (Dominique)
  • Oct 2: Re: [grouper-users] RuleApi.vetoMembershipIfNotInGroup only works with direct membership  ( “Wanted to send a Bump to this. We are getting to the point where we want to test this.” )

SLACK Since Wed Sept. 18, 2019

  •  Terracotta
  •   G. Haverkamp For future release notes, it might be handy to note changes to major config files in the notes for upgraders. 
  •  (Emily question: can the 2.4 release notes be updated now to include the config info : and are no longer relevant, replaced by and, now stored in the api component)
  • J Crawford : Loader Backed up
  • Wenlai Wang : issue for PSPNG full sync
  • Joe Standen: appropriate guardrails and guidance for users being able to delete groups.
  • Chris Hubing : Is there a way with the WsRestGetSubjectsRequest service to search for something other than SubjectId?
  • Erik Coleman: interest in bringing in subject sources from our multiple campuses,  . 2 problems:
  • (1)   same UIN and person to exist in two campus subject sources
  • (2)   if I want to provision to a PSPNG target, the target LDAP will only know about users from one campus, 
  • Crawford  : ldapSearchResultPagingSize does not work
  • Sudheer: trying to configure root folder to provision to LDAP using PSPNG. major roadblock
  • Thomas Elliot:  serious issues around assigning privileges in our Grouper instances

JIRAs  since Sept 17, 2019

  • GRP-2346 SQL group list resolves all subjects causing performance issue (Shilen)
  • GRP-2345 error on privs of loader attributes (ChrisH)
  • GRP-2344 jars go in the wrong lib dir (ChrisH)
  • GRP-2343 LdapSystem.performLdapSearchRequest doesn't return any members when group has more than 1500 memberships (W Wang)
  •  GRP-2342 pspng full sync trigger configurability (Chris)
  • GRP-2341 deamon search field cant find 'workflow'(Chris)
  • GRP-2340 if subject problems in loader job, put subjectIds in the job_message so they can be easily fixed (Chris)
  • GRP-2339 error creating group that used to exist with same name (Chris)
  • GRP-2338 daemon logs should have a way to get back (Chris/Shilen)
  • GRP-2337 daemon page should show a more accurate status (Chris/Shilen)
  • GRP-2336 thread to check the scheduler check daemon? (Chris)
  • GRP-2335 cant find loader log map (Chris)
  • GRP-2334 Import members UI page .. .missing file upload support for Privileges? (Chris/Carey)
  • GRP-2333 UI shouldn't be adding wildcards for subject id/identifier queries (Shilen)
  • GRP-2332 Inherited Privileges should be assignable for Local Entities (Chris / Carey)
  • GRP-2331 you should be able to search for groups by id (and folders etc) (Chris)
  • GRP-2330 Remove documentation regarding caution on createMissingUsers (Chris/Michael)
  • GRP-2329 UI loader job does not select all valid PSPNG ldap configurations (Chris/Carey)
  • GRP-2328 Calling group.replaceMembers() to replace a direct group with its members deletes instead of replaces (Chad)

Grouper at TechEx 2019

Grouper Training   November 12-13

Next Grouper Call: Wed. Oct. 16, 2019

  • No labels