Child pages
  • Grouper Call 9-Aug-2017
Skip to end of metadata
Go to start of metadata


Grouper Call 9 Aug-2017


  • Chris Hyzer, Penn, Chair
  • Bert Bee-Lindgren, Georgia Tech
  • Jim Fox, University of Washington
  • Shilen Patel, Duke
  • Vivek Sachdeva, Independent 

Action Items

[AI] (Chris) handle issue around redhogs core parser wrong version
[AI] (Chris) WS allow multiple subject sources
[AI] (Chris) Michigan and groups from complex attributes

[AI] Chris to get back to Shilen with sample configuration / code for messaging and real time loader for TechEx.  Will create wiki page
[AI] (Bert) large number of changes and provisioning [Bert to put in JIRA] [Lots of notes below in PSPNG work tasks]
[AI] (Chris) Grouper on SQL server (should we change docs or not support anymore?)  
[AI] (Chris) UI customizations from Carey
[AI] (Chris) Extend CSS (add list of files), don't see the equivalent for JS (we can do that)
[AI] (Carey)  send Chris specific example of hook based on attribute and menu to add that attribute?

[AI] (Shilen) look at  Scott Koranda issue of occasional failure of loader job with include/exclude. Should we have a fixer script for this?
[AI] (Shilen)  Grouper upgrade does not see stems
[AI] (Chris)  Display cron schedule on loader list
[AI] (Chris) Attestation bug and feature request
[AI] (Chris)  UI bug with repeated “type”
[AI] (Chris)  Timeout for LDAP loader default (10 seconds)?  Why silent failure?
[AI] (Bert) create wiki page with proposal for addressing GRP-1533 on commas
[AI] (Chris) ask Misagh about Grouper and github and build process; it tries to autobuild the repo and is failing (Next step is to remove the gibhub build process or just the SCIM portion? Chris will do more follow up)

[AI] (Chris) reply to Brigitte about MyServices in newUI and mask branches
[AI]  (Chris) WS LDAP authentication
[AI]  (Chris) remove privileges from groups (Akki Kumar)
[AI] (Bert) survey Grouper list on ldaptive /VTLDAP config strings issue [Email done, responses received, need to summarize into wiki]
[AI] (Chris) to look at PSPNG status page to see if patch works
[AI (Bert) document the findings somewhere on wiki on Grouper and openldap for large groups
[AI] (Bert)  reply to Chris Sutherin UMBC on pspng examples [Bert to reply]
[AI] (Bert)  reply to Scott Koranda about massaging group names in provisioning
[AI] (Bert) reply to Shaun K about name null in pspng
[AI] (Bert) to reply to Peter St Onge
[AI] (Bert) Jeffrey Crawford email 1/12, full sync missing members
[AI] (Bert)  Scott Koranda email 1/12, error on change log consumer psp
[AI] (Bert) email the list about (a small) Office365 versus Dropbox and next PSP project
[AI] (Bert) create PSP-NG Training Video (after necessary patches) using Camtasia

 AI  (Chris) Improve doc on UI customization approach moving forward Customising the Grouper UI. This request came from  Grouper Wiki Issues 

Completed Action Items
[AI] (Chris)Messaging waiting on tests advice (DONE, discussed)

[AI] (Chris) GRP-1489 pull request (DONE)
[AI] (Chris) edit LDAP loader in UI fails when legacy group type doesn’t exist (DONE)

[AI] (Bert) Respond to David Churchly about PSPNG escaping [Done]


1. Administrivia
• Approve minutes

• Review AIs

• Agenda bash

2. Current work tasks

 Vivek – WS messaging integration

• Map queue to Subject

• Optional reply-to queue identifier

• Daemon & Jobs & Threads

◦ Quartz OtherJob… will be started if it dies

◦ Default schedule?... either every 30sec or every sec

• Broken messages (missing property)

◦ Reply-to & Ack (message not retried)

• WS Error

◦ Reply-to & Ack (message not retried)

Discuss Messaging to WS integration
One queue to one queue, but could be topic
Will get replies to replyto no matter the error
Scheduling will have reasonable defaults but configurable

• NO: Loader would need to depend on:

◦ Rabbit, WS Client, etc

• Mimic pspng installation that overlays atop grouper-api/loader


Chris –patches, attestation, deprovisioning
• Attestation patch will be done shortly

• Deprovisioning patch after that

 Bert – PSPNG
• How to handle lots of events (1M membership-add events)

◦ It’s easy to kick off full sync for one group (and detect)

◦ Look in change log, if number of changes to a group is over a threshold, do full sync, wait 15 seconds, mark as successful, ldap no-ops, ignore events created before full sync

◦ Process

▪ If there are > threshold1 membership+/- events for a group, query the changelog for other (not yet handled) membership+/- events

▪ If the changelog backlog is > threshold2, do a (synchronous) full-sync of that group

▪ Because this full-sync will update the full-sync dates, all the subsequent events will be ignored

◦ Default is 1000 changlog size, remember date of full sync in memory, ignore events before that

◦ Change log timestamp is good to use

◦ Full-sync thread keep track of last full-sync for each group

▪ Ignore changelog entries that were created before those last full-sync times

◦ Chris can help with query for add member / delete member

• Next Tasks:

◦ Group updates hoping for end of weekend

◦ After that, full-control of attributes

◦ After that: Incremental-to-full-sync-trigger OR multi-objectclass groups

Shilen –GSH-NG

Improve GSH
• Patch for gsh ready to go

• Will rename patches on server, Chris will announce his patches

• SecureCRT 7.1+ works well

• Messaging and real time loader for techex

◦ Could populate the database table

◦ [AI] Chris to get back to Shilen with sample configuration / code for messaging and real time loader for TechEx.  Will create wiki page

◦ Will have to add ldap jobs

 Issue roundup
·         GSH with old terms
·         Team dinner Tuesday Oct. 17 at TechEx
·         Patch missing in master
·         RabbitMQ discussions
·         Unicon AMQP change log publisher
·         TIER messaging demo
·         PSPNG error from Julio (fixed right?) [Yes]
·         COmanage Grouper provisioner
·         TIER meeting after TechEx
·         Non tier attestation
·         Attestation and security
·         [AI for chris] redhogs core parser wrong version
·         AI’s moving to wiki
·         [AI for chris] WS allow multiple subject sources
·         Discussion about binary patches.  Do we need another branch?
·         Which tags/branches in grouper github
·         Installer / patching without database
·         UW add group as field member (fixed in patch by shilen)
·         Rabbitmq installer etc
·         Should WS messaging run in loader?
·         Loader start and jobs thinking they are running
·         Rabbitmq vs amqp
·         [AI for chris] Michigan and groups from complex attributes
·         Rabbitmq and ssl (should we start running rabbitmq on the demo server?)


Grouper Tutorial at TechEx (Sunday morning) and Grouper BoF (Tuesday)

Next Grouper Call: Wed. Aug. 23, 2017



  • No labels