Versions Compared

Old Version 52

changes.mady.by.user Tom Zeller

Saved on

compared with

New Version 53

changes.mady.by.user Tom Zeller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

I need an instance of Active Directory accessible over ldaps (warning) for testing.

Versions Prior to 2.1.0
Note

The following changes are necessary to support provisioning Grouper API versions prior to 2.1.0 with the psp.

Configure the Ldap Connection in the Grouper UI

You will probably need to copy sources.xml and ldap.properties to your Grouper UI installation.

If you installed the Grouper UI via the Grouper Installer, copy ldap.properties and sources.xml from the Grouper API installation to the Grouper UI installation 1. For versions prior to 2.1.0, there is a bug which will throw a NullPointerException if the following is not present in sources.xml :

No Format
<search>
    <searchType>searchSubjectByIdentifierAttributes</searchType>
    <param>
        <param-name>filter</param-name>
        <param-value>
            (&amp;(uid=%TERM%)(objectclass=person))
        </param-value>
    </param>
    <param>
        <param-name>scope</param-name>
        <param-value>SUBTREE_SCOPE</param-value>
    </param>
    <param>
        <param-name>base</param-name>
        <param-value>ou=people,dc=example,dc=edu</param-value>
    </param>
</search>

2. For versions prior to 2.1.0, the location of ldap.properties specified in sources.xml must be an absolute path. For versions 2.1.0 or later, the location of ldap.properties may be an absolute path or in your Java classpath.

For example, Grouper API version 2.0.3 requires an absolute path to ldap.properties in sources.xml :

No Format

<init-param>
    <param-name>ldapProperties_file</param-name>
    <param-value>/opt/grouper/2.0.3/grouper.apiBinary-2.0.3/conf/ldap.properties</param-value>
</init-param>

For Grouper UI versions prior to 2.1.0, the path to ldap.properties specified in sources.xml will be different than in the Grouper API since the psp specific search result handlers must be commented out or removed in the Grouper UI :

No Format

<init-param>
    <param-name>ldapProperties_file</param-name>
    <param-value>/opt/grouper/2.0.3/grouper.ui-2.0.3/dist/grouper/WEB-INF/classes/ldap.properties</param-value>
</init-param>

3. For Grouper API versions prior to 2.1.0, the ldap source adapter in subject.jar does not provide the method which allows the psp to re-use the same ldap connection as the subject source. You will need to copy lib/grouper/subject.jar from the Grouper 2.1.0 API distribution to your pre-2.1.0 Grouper API installation.

Configure the Ldap Connection in the Grouper UI

You will probably need to copy sources.xml and ldap.properties to your Grouper UI installation.

If you installed the Grouper UI via the Grouper Installer, copy ldap.properties and sources.xml from the Grouper API installation to the Grouper UI installation :

No Format

cp grouper.psp-2.1.0-SNAPSHOT/conf/psp-example-grouper-to-tivoli/ldap.properties grouper.ui-2.1.0/dist/grouper/WEB-INF/classes/
cp grouper.psp-2.1.0-SNAPSHOT/conf/psp-example-grouper-to-tivoli/sources.xml grouper.ui-2.1.0/dist/grouper/WEB-INF/classes/

You may need to copy vt-ldap.jar from the Grouper API installation to the Grouper UI installation :

No Format

cp grouper.apiBinary-2.1.0/lib/custom/vt-ldap-3.3.4.jar grouper.ui-2.1.0/dist/grouper/WEB-INF/lib
Note

The Grouper UI will not load unless you edit ldap.properties in your Grouper UI installation or copy psp-ldap-target-2.1.0-SNAPSHOT.jar to your Grouper UI installation.

Comment out or remove the psp specific search result handlers in ldap.properties in your Grouper UI installation :

No Format

# edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.psp.ldap.QuotedDnResultHandler,...
Configure Logging

You may want to change the Grouper log file appenders in grouper.apiBinary-2.1.0/conf/log4j.properties.

...

cp grouper.psp-2.1.0-SNAPSHOT/conf/psp-example-grouper-to-tivoli/ldap.properties grouper.ui-2.1.0/dist/grouper/WEB-INF/classes/
cp grouper.psp-2.1.0-SNAPSHOT/conf/psp-example-grouper-to-tivoli/sources.xml grouper.ui-2.1.0/dist/grouper/WEB-INF/classes/

You may need to copy vt-ldap.jar from the Grouper API installation to the Grouper UI installation :

No Format

cp grouper.apiBinary-2.1.0/lib/custom/vt-ldap-3.3.4.jar grouper.ui-2.1.0/dist/grouper/WEB-INF/lib
Note

The Grouper UI will not load unless you edit ldap.properties in your Grouper UI installation or copy psp-ldap-target-2.1.0-SNAPSHOT.jar to your Grouper UI installation.

Comment out or remove the psp specific search result handlers in ldap.properties in your Grouper UI installation :

No Format

# edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.psp.ldap.QuotedDnResultHandler,...
Configure Logging

You may want to change the Grouper log file appenders in grouper.apiBinary-2.1.0/conf/log4j.properties.

No Format

log4j.appender.grouper_error                            = org.apache.log4j.DailyRollingFileAppender
log4j.appender.grouper_error.File                       = ${grouper.home}logs/grouper_error.log
log4j.appender.grouper_error.DatePattern                = '.'yyyy-MM-dd

log4j.appender.grouper_event                            = org.apache.log4j.DailyRollingFileAppender
log4j.appender.grouper_event.File                       = ${grouper.home}logs/grouper_event.log
log4j.appender.grouper_event.DatePattern                = '.'yyyy-MM-dd
Versions Prior to 2.1.0
Note

The following changes are necessary to support provisioning Grouper API versions prior to 2.1.0 with the psp.

1. For versions prior to 2.1.0, there is a bug which will throw a NullPointerException if the following is not present in sources.xml :

No Format

<search>
    <searchType>searchSubjectByIdentifierAttributes</searchType>
    <param>
        <param-name>filter</param-name>
        <param-value>
            (&amp;(uid=%TERM%)(objectclass=person))
        </param-value>
    </param>
    <param>
        <param-name>scope</param-name>
        <param-value>SUBTREE_SCOPE</param-value>
    </param>
    <param>
        <param-name>base</param-name>
        <param-value>ou=people,dc=example,dc=edu</param-value>
    </param>
</search>

2. For versions prior to 2.1.0, the location of ldap.properties specified in sources.xml must be an absolute path. For versions 2.1.0 or later, the location of ldap.properties may be an absolute path or in your Java classpath.

For example, Grouper API version 2.0.3 requires an absolute path to ldap.properties in sources.xml :

No Format

<init-param>
    <param-name>ldapProperties_file</param-name>
    <param-value>/opt/grouper/2.0.3/grouper.apiBinary-2.0.3/conf/ldap.properties</param-value>
</init-param>

For Grouper UI versions prior to 2.1.0, the path to ldap.properties specified in sources.xml will be different than in the Grouper API since the psp specific search result handlers must be commented out or removed in the Grouper UI :

No Format

<init-param>
    <param-name>ldapProperties_file</param-name>
    <param-value>/opt/grouper/2.0.3/grouper.ui-2.0.3/dist/grouper/WEB-INF/classes/ldap.properties</param-value>
</init-param>

3. For Grouper API versions prior to 2.1.0, the ldap source adapter in subject.jar does not provide the method which allows the psp to re-use the same ldap connection as the subject source. You will need to copy lib/grouper/subject.jar from the Grouper 2.1.0 API distribution to your pre-2.1.0 Grouper API installation.

Provision

Before you can provision anything from Grouper to ldap or anywhere else, you will need to create the corresponding objects in Grouper using the UI, API, GSH, WS, loader, import, etc.

...