Child pages
  • Grouper Kuali Rice KIM connector design
Skip to end of metadata
Go to start of metadata

Overall Kuali Rice KIM Connector Design

Grouper Kuali Integration

The plugin consists of the grouper client jar, the grouper kim connector jar, and the grouper client config file.

LDAP considerations

Note that it might be ideal in your institution to use LDAP for readonly operations.  One factor involved is how quickly group operations propagate from grouper to LDAP.  If you want to use LDAP, you will have to recode the applicable operations.  Note you might be able to use the grouper client instead of Java/JNDI calls.  Penn's implementation of LDAP uses netId, but KIM uses an unchangeable ID, so at Penn it is not convenient to use LDAP for readonly operations unless each member is translated by another ldap call to translate between netId and pennId.

Configuration

The grouper client configuration, and the plugin configuration are in the grouper.client.properties file (on classpath).  Here are the plugin settings

########################################
## Grouper Kim Connector
########################################

# This is the grouper source where subjects in KIM are.  If there is not a single source,
# then leave this blank, and the subjectIds must be unique across the sources
grouper.kim.plugin.subjectSourceId = someSourceId

# This is the grouper sources where subjects can be in KIM (not including groups) [comma separated].  If there is a single source,
# then leave this blank, and the source will come from grouper.kim.plugin.subjectSourceId
grouper.kim.plugin.subjectSourceIds = someSourceId,anotherSourceId

# Stem where KIM groups are.  The KIM namespace is underneath, then the
# group.  Wont break anything, but better to not have trailing colon
kim.stem = school:apps:kuali:kim 

# Add these Grouper type to any group created in kim, which allows KIM attributes to be assigned
# Note this is a group type pre-attribute-framework-v1.5.  This is optional, leave blank to use no types
# Note if you leave blank, then no attributes will propagate from kim to grouper
grouper.types.of.kim.groups = someType, anotherType

# Translate between existing Rice Groups and Grouper groups.  Note, it is better to create the groups
# after the connector is in place, but if that is not possible, you can do this.  You need to know
# the rice ID (from the krim_grp_t table), and the grouper group id (from the grouper_groups table)
# In this case the 123 is the Kim ID, and the sadf... is the grouper group uuid
#grouper.kim.kimGroupIdToGrouperId_123 = sadf4334lkjsfdjlk34lkj

Logging

  • The connector only relies on the Grouper client, and the Rice API interfaces.  So the logging used will be the grouper client logging, which uses a built in version of commons logging.  This uses log4j if detected, and other logging they are detected, and defaults to Java's built in logging
  • Each method implemented has debug level logging which logs each input, output, and valuable piece of information (e.g. result codes).  If there is an error, the debug logging is redundant, and is omitted
  • Each method has error level logging where if there is an error, it will log (to ERROR level) the input, output, results codes, etc.
  • To turn on debug logging, set this in log file e.g. log4j.properties
log4j.logger.edu.internet2.middleware.grouperKimConnector = DEBUG

Testing

  •  
  • No labels