Child pages
  • 4-March-2020
Skip to end of metadata
Go to start of metadata

Attending 

  • Chris Hyzer, Penn, Chair
  • Chad Redman, University of North Carolina Chapel Hill
  • Shilen Patel, Duke
  • Carey Black, the Ohio State University
  • Vivek Sachdiva, independent
  •  Bill Thompson, Lafayette College
  •  Emily Eisbruch, Internet2


  Action Items

 Grouper Action Items are here  

 

DISCUSSION

Administrivia

  

Grouper Training April 29-30 at Greensboro: https://www.incommon.org/grouper-school-unc-greensboro/

  • Bill T and Chris Hyzer will be trainers
  • Promote this at your institutions

Issue roundup

Grouper 2.5 release discussion

  • container is working
  • some work still to do on environment variables 
  • Can provide arguments and it will start the container
  • Chris Hyzer has idea of passing environment variables.
    • Not sure if Chris Hubing has agreed to this
  • Flips on services  
  • https://spaces.at.internet2.edu/display/Grouper/Grouper+packaging+and+versioning+strategy+for+2.5
  • In Grouper 2.4 you could pass in some info
  • Would like to have more control
  • Pass in what you want the container to do
    • Shib, Apache, TomEE , UI etc.  
  • This would be helpful for Grouper deployers
  • Now have to modify the supervisor D config
  • Vivek demonstrates work
  • Two new install functions: Build container and install container
  • Chris Hubing runs Build container, publishes this container
  • Deployer downloads build container
  • Then runs install container and answers some prompts
  •  Password setting wording needs to be clarified
  •  Go through each prompt and review
  • What about removing an older install container when there is a new build?
  • Installer is primarily for those who don’t know how to run docker

PSPNG for 2.5  plan

  • Migrate to provisioning UI framework before  2.5 release, incorporating some of the bulk things. Decision: make a new provisioner, 
  • copy the things we can leverage from PSPNG, use UI , some database sync things .  
  • Will be called LDAP provisioner
  • Grouper LDAP provisioner in 2.5
  • Local entities and extensible attribute IDs
  • Can use attribute framework
  • Local entities provisioned to LDAP
  • Access control policies intermingling users and service accounts
  • Wiki shows four Attribute examples 
  • Examples with differences in ldif template
  • Capability to do dry run and get stats on what a full sync will do
  • Caching also of interest
  • Mapping attributes… need to work out details around Jexl? 
  • Caching to member table for subject source
  • Start on smaller side regarding exact feature
  • Vivek will help with the UI elements
  • Advantages of  new LDAP provisioning approach: 
    • Going to the UI, 
    • seeing when a membership was last synced,
    •  seeing what the error was if applicable, faster
  • Need admin? Or just read?

 Current work tasks, and next tasks

Vivek – Building and packaging, 

Rule CLC and daemon (for a Grouper 2.4  patch)

Chris –  SQL sync, provisioning, simple ui, bugs

Shilen – ldap provisioning

  • Change enable /disable groups and not removing admin privileges
  • Added something to UI where you can add start and end dates
  • If expired that shows
  • Will start working on LDAP provisioning

 

 Chad – maven builds, azure provisioner

  • Maven is working
  • Looked a Oracle and Maven article Vivek shared, seems to be there. Will verify with chris Hubing
  • Visual Gantt chart is a link under all daemon jobs
  • Azure changelog provisioner. There have been many requests
  • Kansas State has an improvement
  • How to improve the Unicon plug in code into Grouper?
  • Should we fork the Kansas State code? 
  • Patch would have the classes
  • Provisioner would import the Unicon project under Grouper misc
  • Chad and Chris Hyzer will talk about this
  • Chad will email Charise around Apache license issues 

Bill – ad hoc types

  • Will focus on training prep

Jeff – pspng (not on this call)

Other

  • Hibernate session and update batch
  • Could improve speed of messaging

  • AI Chris will share what Penn is doing in the  area of   simple UI that troubleshoots access and explains why no access

  • Carey: An opt in site, one page , would be useful 


Issue Roundup


Grouper Slack Discussions

Feb 19: J Crawford  Changelog slow

Feb 20: Lacey Vikery, UNCC: documentation for running Grouper 2.4 containers behind a load balancer with SSL offloaded.
Feb 24: Lacey Vikery, UNCC Also configuring LDAP for web services auth…documentation indicates you can configure WS to use the LDAP configuration from the loader file.   possible to configure without needing to add a JNDI realm to the server.xml file? 

Feb 20: Justin Robinson: Is the Google connector baked into the TAP image or require separate installation

Feb 24: Erik C:   from a user that has been delegated an "app" folder (using the default Application template and is in the folder "Admin" group) and is trying to create a new group.  Get error

Feb 24: M Gettes: schedule a loader job from within GSH

Feb  25: M Gettes: need service lifecycle feature

Chris Hyzer: Hope to work on this with Grouper 2.5

 

Feb 25: Carey: workflows and templates

Feb 25: Chris Bongaarts: manage Rules via web services other than hand-manipulating the specific attributes

Chris Hyzer: Nice if could set up a rule easily, pass in dynamic JSON, web service call

Feb 26: Sudheer : configure report attestation on groups

 

Feb 26: M Gettes: grouper email templates and how to set up my own - having trouble locating documentation.  pointers appreciated
Chris Hyzer: we need to tackle this

 

Feb 26: Carey: config/size details  about using RDS for Grouper deployment

March 2: Gettes: Primary Keys

March 2: Carey: Rules question on restrict the number of membership for a group?

March 3: Bongaarts: how to grant/revoke privileges (e.g. READ) on a group to GrouperAll/EveryEntity via web services

March 3: Crawford: Does anyone have IdleTimeout configured in their LDAP server?  Possibly  the grouper client is not detecting when the LDAP server is closing the connection due to idle timeout

March 3: Crawford : when running the gsh.sh -registry -deep -check and you get a file as a result and then run it. then run the registry check again, it again produces content. Does that processes just redo some things or do I need to keep running the processes until it produces no output

 

Wiki updates

 

  Grouper Users List Emails


JIRAS

Next Grouper Call: Wed March 18, 2020

  • No labels