The sequence is very similar to the first scenario, with some minor differences.
To start the second scenario use this (note the complex2 directory):
$ cd demo/complex2 $ docker-compose up
After start up, we have to upload basic configuration objects to midPoint:
$ ./after-installation.sh * Uploading objects... Uploading midpoint-objects/users/user-banderson.xml (users, e897468f-20bd-419c-8fc5-1fe60e2600de) Uploading midpoint-objects/systemConfigurations/SystemConfiguration.xml (systemConfigurations, 00000000-0000-0000-0000-000000000001) Uploading midpoint-objects/orgs/org-generic-groups.xml (orgs, 1f339075-5b2f-4a18-9c98-451f3eb0d28d) Uploading midpoint-objects/orgs/org-mailing-lists.xml (orgs, d81fb46c-20c7-44d3-8402-fef404ea1264) Uploading midpoint-objects/orgs/org-affiliations.xml (orgs, 1d7c0e3a-4456-409c-9f50-95407b2eb785) Uploading midpoint-objects/orgs/org-departments.xml (orgs, bee44c51-2469-411d-bac7-695728e9c241) Uploading midpoint-objects/orgs/org-courses.xml (orgs, 225e9360-0639-40ba-8a31-7f31bef067be) Uploading midpoint-objects/functionLibraries/function-library-grouper.xml (functionLibraries, 2eef4181-25fa-420f-909d-846a36ca90f3) Uploading midpoint-objects/roles/metarole-mailing-list.xml (roles, 1c7beff4-cdf6-4e9f-b54c-79d0766f6fbe) Uploading midpoint-objects/roles/role-ldap-basic.xml (roles, c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f) Uploading midpoint-objects/roles/metarole-course.xml (roles, 8aa99e7b-f7d3-4585-9800-14bab4d26a43) Uploading midpoint-objects/roles/metarole-affiliation.xml (roles, fecae27b-d1d3-40ae-95fa-8f7e44e2ee70) Uploading midpoint-objects/roles/role-grouper-sysadmin.xml (roles, d48ec05b-fffd-4262-acd3-d9ff63365b62) Uploading midpoint-objects/roles/metarole-grouper-group.xml (roles, 48e231be-8474-4ed0-a85e-6acf4c5e8d52) Uploading midpoint-objects/roles/metarole-midpoint-group.xml (roles, c691e15a-f30b-4e15-8445-532db07ceeeb) Uploading midpoint-objects/roles/metarole-department.xml (roles, ffa9eaec-9539-4d15-97aa-24cd5b92ca5b) Uploading midpoint-objects/objectTemplates/template-org-affiliation.xml (objectTemplates, d87aa04f-189c-4d6f-b6e1-216dad622142) Uploading midpoint-objects/objectTemplates/template-user.xml (objectTemplates, 8098b124-c20c-4965-8adf-e528abedf7a4) Uploading midpoint-objects/objectTemplates/template-org-generic-group.xml (objectTemplates, e2a6193a-8981-4143-9da1-9a7b32c0b819) Uploading midpoint-objects/objectTemplates/template-org-department.xml (objectTemplates, 0caf2f69-7c72-4946-b218-d84e78b2a057) Uploading midpoint-objects/objectTemplates/template-role-midpoint-group.xml (objectTemplates, 804f8658-0828-4dab-a2ed-f13985e4f80b) Uploading midpoint-objects/objectTemplates/template-org-mailing-list.xml (objectTemplates, be84a39a-c004-490b-9b78-a871b837f6df) Uploading midpoint-objects/objectTemplates/template-org-course.xml (objectTemplates, d35bdec6-643b-41d8-ad5d-8eeb701169d1) Uploading midpoint-objects/resources/target-faculty-portal.xml (resources, e417225d-8a08-46f3-9b5d-624990b52386) Uploading midpoint-objects/resources/ldap-main.xml (resources, 0a37121f-d515-4a23-9b6d-554c5ef61272) Uploading midpoint-objects/resources/scriptedsql-sis-persons.xml (resources, 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15) Uploading midpoint-objects/resources/resource-grouper.xml (resources, 1eff65de-5bb6-483d-9edf-8cc2c2ee0233) Uploading midpoint-objects/resources/target-mailing-lists.xml (resources, fe805d13-481b-43ec-97d8-9d2df72cd38e) Uploading midpoint-objects/resources/target-cs-portal.xml (resources, a343fc2e-3954-4034-ba1a-2b72c21e577a) * Testing LDAP and SQL resources... Resource 0a37121f-d515-4a23-9b6d-554c5ef61272 test succeeded Resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15 test succeeded Resource a343fc2e-3954-4034-ba1a-2b72c21e577a test succeeded Resource e417225d-8a08-46f3-9b5d-624990b52386 test succeeded Resource fe805d13-481b-43ec-97d8-9d2df72cd38e test succeeded * Recomputing Grouper admin group and user object... Object roles/d48ec05b-fffd-4262-acd3-d9ff63365b62 recomputation succeeded Object users/e897468f-20bd-419c-8fc5-1fe60e2600de recomputation succeeded * Waiting 120 seconds for changes to propagate to Grouper... * Testing Grouper resource... Resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233 test succeeded * Done
Contrary to the first scenario, loader jobs in Grouper are not created yet. The reason is that there are no users in LDAP but the group membership is already present in the source database. So loaders would complain that they cannot find LDAP entries for subjects referenced in the source database. (The functionality would be preserved but with a lot of warnings.)
Therefore, let's first import person data from SIS to midPoint and therefore to LDAP:
$ ./upload-import-sis-persons.sh Uploading midpoint-objects-manual/tasks/task-import-sis-persons.xml (tasks, 22c2a3d0-0961-4255-9eec-c550a79aeaaa)
Now wait for the task to successfully finish, checking it e.g. via GUI or by running:
$ ./get-import-sis-persons-status.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 21678 0 21450 100 228 246k 2682 --:--:-- --:--:-- --:--:-- 249k
Task execution status: closed
Note that there's no need to import courses from SIS, because they are imported to Grouper.
After the import is done, we should create loaders in Grouper:
$ ./create-ref-loaders.sh ... ===> c728fddbcd5245298f9fd64432bf89a8,'GrouperSystem','application' ===> Group[name=etc:affiliationLoader,uuid=7bc1324a56e04489bc3f5a5a2b947020] ===> null ===> null ===> null ===> null ===> null ===> null ===> null ===> null ===> Group[name=etc:deptLoader,uuid=4116b32b1b044defb77b8873ded58d97] ===> null ===> null ===> null ===> null ===> null ===> null ===> null ===> Group[name=etc:coursesLoader,uuid=3fc4751e6b9d49f9a4ceb9e763aaec14] ===> null ===> null ===> null ===> null ===> null ===> null ===> null groovy:000> :exit
Now wait until loaders run (should be in minute or two) and you can verify the fact in Grouper GUI (log in as banderson/password):
After loaders are done, we need to add groups in ref stem (that have been just loaded) to etc:midpointGroups and some other ones groups:
$ ./add-ref-groups.sh ... ===> Group[name=app:cs,uuid=8bdc671be953440aa43230a5a0c3d13c] Adding: Group[name=ref:affiliation:alum,uuid=a8391a22fc154e42aa00e24ceb8c2880] Ignoring: Group[name=ref:affiliation:alum_excludes,uuid=af581cb6fce74a3d884e707a3dd76fd4] Ignoring: Group[name=ref:affiliation:alum_includes,uuid=786ebc91f0e3441393558b292a125c75] Ignoring: Group[name=ref:affiliation:alum_systemOfRecord,uuid=7a8e0a96382040818e0076d5dc47d06f] Ignoring: Group[name=ref:affiliation:alum_systemOfRecordAndIncludes,uuid=9b80e51e16e340138f00a32b70dc6fd1] Adding: Group[name=ref:affiliation:community,uuid=766b924bd9724d7b84e3cb647f14a92b] Ignoring: Group[name=ref:affiliation:community_excludes,uuid=25165de8dc714c29892d6ac4c0e8e603] Ignoring: Group[name=ref:affiliation:community_includes,uuid=336ee485d64c43f1835e65e112494e1f] Ignoring: Group[name=ref:affiliation:community_systemOfRecord,uuid=ed385c26822f4ec2b041818bc81b0316] Ignoring: Group[name=ref:affiliation:community_systemOfRecordAndIncludes,uuid=6c612424d38641d6915bfe905f5f9bb5] Adding: Group[name=ref:affiliation:faculty,uuid=f72efbdbff864ba792d27d0d794e3148] Ignoring: Group[name=ref:affiliation:faculty_excludes,uuid=61aab1782aa74a518560615eb42501d0] Ignoring: Group[name=ref:affiliation:faculty_includes,uuid=6ac6ba16d3564b08b15317a8aad5a996] Ignoring: Group[name=ref:affiliation:faculty_systemOfRecord,uuid=054e86cc61dc42b9b695df85f0363d60] Ignoring: Group[name=ref:affiliation:faculty_systemOfRecordAndIncludes,uuid=4d5b485be02d470b959d1ddc3110fe71] Adding: Group[name=ref:affiliation:member,uuid=980f3106eca0400dafa71c0444905773] Ignoring: Group[name=ref:affiliation:member_excludes,uuid=04b734ac3f0a45eba7262ad4cb916c30] Ignoring: Group[name=ref:affiliation:member_includes,uuid=3aad7883c9b0443a87d326b4f92721c4] Ignoring: Group[name=ref:affiliation:member_systemOfRecord,uuid=bb391dedde8646bf9663811566eb36bc] Ignoring: Group[name=ref:affiliation:member_systemOfRecordAndIncludes,uuid=124a7ccfe4a14ac29edf057ca790a4a7] Adding: Group[name=ref:affiliation:staff,uuid=759b024cd6b4413a91f95aba717ad475] Ignoring: Group[name=ref:affiliation:staff_excludes,uuid=b13ed72144e1497ea4e83e447ef01864] Ignoring: Group[name=ref:affiliation:staff_includes,uuid=e1505c9731594e5891e2637eafc46a40] Ignoring: Group[name=ref:affiliation:staff_systemOfRecord,uuid=a07c568af4a4424c98d4fe6b6cc57251] Ignoring: Group[name=ref:affiliation:staff_systemOfRecordAndIncludes,uuid=4941ef84b985439e90aeec8603082d2e] Adding: Group[name=ref:affiliation:student,uuid=fd74a23ef3e644f993d178dadc6cddd1] Ignoring: Group[name=ref:affiliation:student_excludes,uuid=a39012fe7d5e40298190cdce29b7092e] Ignoring: Group[name=ref:affiliation:student_includes,uuid=f578df21bb484d5c8d1de78b644bfb12] Ignoring: Group[name=ref:affiliation:student_systemOfRecord,uuid=399307175f4c4b9bbcfd2578d89f3a3d] Ignoring: Group[name=ref:affiliation:student_systemOfRecordAndIncludes,uuid=1fc4359d099944a99c487346c52632e9] ===> null ===> true ===> true Ignoring: Group[name=ref:course:ACCT101,uuid=cfacdd40c42b4678b1ade008039177a2] Ignoring: Group[name=ref:course:ACCT201,uuid=6709e844c88f4f1b871ea66739e6cdf9] Adding: Group[name=ref:course:CS251,uuid=7c1e9ebf89994b5cbbabc490b4e9f439] Adding: Group[name=ref:course:CS252,uuid=4c0baf4ccd7d48069a28f90f33fe3c84] Ignoring: Group[name=ref:course:MATH100,uuid=023053c0334b4d359bec19cdb22eadeb] Ignoring: Group[name=ref:course:MATH101,uuid=f804a858ca2c4fa0ab8bae2b74267859] Ignoring: Group[name=ref:course:SCI123,uuid=622f6e4a9306459fa95ee71118e5d5fe] Ignoring: Group[name=ref:course:SCI404,uuid=921429626b8c4b899eb05ce9efc43337] ===> null groovy:000> :exit
Now synchronize Grouper with midPoint by starting asynchronous update task:
$ ./upload-async-update-task.sh Uploading midpoint-objects-manual/tasks/task-async-update-grouper.xml (tasks, 47fc57bd-8c34-4555-9b9f-7087ff179860)
...and wait until all messages are processed (i.e. there are 0 messages in the sampleQueue):
$ ./show-queue-size.sh Timeout: 60.0 seconds ... Listing queues for vhost / ... sampleQueue 7
Now we are ready to make some changes in Grouper and see how they are propagated to midPoint.
Let us make the following ones:
- modify
bgasper's affiliation fromalumtofacultyby adding him toref:affiliation:alum_excludesandref:affiliation:faculty_includes - add
bgaspertoapp:mailinglist:chessandapp:mailinglist:idm-fans - add
bgaspertotest:volunteers
We can do this either manually or we can execute the script:
$ ./update-bgasper-in-grouper.sh ... Type help() for instructions Groovy Shell (2.5.0-beta-2, JVM: 1.8.0_181) Type ':help' or ':h' for help. ------------------------------------------------------------------------------- groovy:000> :load '/opt/grouper/grouper.apiBinary/conf/groovysh.profile' groovy:000> :gshFileLoad '/tmp/update-bgasper-in-grouper.gsh' ===> true ===> d9aa949d4ea749738c45510595a473a0,'GrouperSystem','application' ===> Subject id: bgasper, sourceId: ldap, name: Bill Gasper ===> true ===> true ===> true ===> true ===> true groovy:000> :exit
Let's wait for approximately 1 minute and verify the changes were propagated to midPoint and other systems:
Now we can freely modify group membership in Grouper and observe changes in midPoint and in target systems.