Changes between Version 3 and Version 4 of GrouperInstall

Timestamp:

06/02/13 09:01:18 (11 years ago)

Author:

uaguest_SPatel1@…

Comment:

--

GrouperInstall

@@ -249 +249 @@
    a) Delete the entire source element with the id ''jdbc''.
 
-   b) Add source element for LDAP.
+   b) Add source element for LDAP.  Be sure to update the password.
+
+{{{
+  <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
+    <id>ldap</id>
+    <name>Alaska Person Source</name>
+    <type>person</type>
+    <init-param>
+      <param-name>INITIAL_CONTEXT_FACTORY</param-name>
+      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
+    </init-param>
+    <init-param>
+      <param-name>PROVIDER_URL</param-name>
+      <param-value>ldaps://edir.alaska.edu:636</param-value>
+    </init-param>
+    <init-param>
+      <param-name>SECURITY_AUTHENTICATION</param-name>
+      <param-value>simple</param-value>
+    </init-param>
+    <init-param>
+      <param-name>SECURITY_PRINCIPAL</param-name>
+      <param-value>uid=grouper03,ou=resource,dc=alaska,dc=edu</param-value>
+    </init-param>
+    <init-param>
+      <param-name>SECURITY_CREDENTIALS</param-name>
+      <param-value>secret</param-value>
+    </init-param>
+     <init-param>
+      <param-name>SubjectID_AttributeType</param-name>
+      <param-value>BannerID</param-value>
+    </init-param>
+     <init-param>
+      <param-name>SubjectID_formatToLowerCase</param-name>
+      <param-value>false</param-value>
+    </init-param>
+    <init-param>
+      <param-name>Name_AttributeType</param-name>
+      <param-value>displayName</param-value>
+    </init-param>
+    <init-param>
+      <param-name>Description_AttributeType</param-name>
+      <param-value>displayName</param-value>
+    </init-param>
+
+    /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
+    /// For filter use
+
+    <search>
+        <searchType>searchSubject</searchType>
+        <param>
+            <param-name>filter</param-name>
+            <param-value>
+                (BannerID=%TERM%)
+            </param-value>
+        </param>
+        <param>
+            <param-name>scope</param-name>
+            <param-value>
+                SUBTREE_SCOPE
+            </param-value>
+        </param>
+        <param>
+            <param-name>base</param-name>
+            <param-value>
+                ou=people,dc=alaska,dc=edu
+            </param-value>
+        </param>
+
+    </search>
+    <search>
+        <searchType>searchSubjectByIdentifier</searchType>
+        <param>
+            <param-name>filter</param-name>
+            <param-value>
+                (UASystemID=%TERM%)
+            </param-value>
+        </param>
+        <param>
+            <param-name>scope</param-name>
+            <param-value>
+                SUBTREE_SCOPE
+            </param-value>
+        </param>
+        <param>
+            <param-name>base</param-name>
+            <param-value>
+                ou=people,dc=alaska,dc=edu
+            </param-value>
+        </param>
+    </search>
+
+    <search>
+       <searchType>search</searchType>
+         <param>
+            <param-name>filter</param-name>
+            <param-value>
+                (|(BannerID=%TERM%)(UASystemID=%TERM%)(cn=*%TERM%*)(displayName=*%TERM%*))
+            </param-value>
+        </param>
+        <param>
+            <param-name>scope</param-name>
+            <param-value>
+                SUBTREE_SCOPE
+            </param-value>
+        </param>
+         <param>
+            <param-name>base</param-name>
+            <param-value>
+                ou=people,dc=alaska,dc=edu
+            </param-value>
+        </param>
+    </search>
+    <init-param>
+      <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
+      <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('UASystemID'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('BannerID'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('displayName'), "")}</param-value>
+    </init-param>
+    <init-param>
+      <param-name>sortAttribute0</param-name>
+      <param-value>sn</param-value>
+    </init-param>
+    <init-param>
+      <param-name>searchAttribute0</param-name>
+      <param-value>searchAttribute0</param-value>
+    </init-param>
+
+     <!--
+     <!- - ##########################  STATUS SECTION for searches to filter out inactives and allow
+                                                     the user to filter by status with e.g. status=all
+                                                     this is optional, and advanced - ->
+     <!- - column or attribute which represents the status - - >
+     <!- -
+     <init-param>
+       <param-name>statusDatastoreFieldName</param-name>
+       <param-value>status</param-value>
+     </init-param> - - >
+     <!- - search string from user which represents the status.  e.g. status=active - - >
+     <!- -
+     <init-param>
+       <param-name>statusLabel</param-name>
+       <param-value>status</param-value>
+     </init-param> - - >
+     <!- - available statuses from screen (if not specified, any will be allowed). comma separated list.
+          Note, this is optional and you probably dont want to configure it, it is mostly necessary
+          when you have multiple sources with statuses...  if someone types an invalid status
+          and you have this configured, it will not filter by it - - >
+     <!- -
+     <init-param>
+       <param-name>statusesFromUser<param-name>
+       <param-value>Active, Inactive, Pending, All</param-value>
+     </init-param> - - >
+     <!- - all label from the user - - >
+     <!- -
+     <init-param>
+       <param-name>statusAllFromUser</param-name>
+       <param-value>All</param-value>
+     </init-param> - - >
+     <!- - if no status is specified, this will be used (e.g. for active only).  Note, the value should be of the
+          form the user would type in - - >
+     <!- -
+     <init-param>
+       <param-name>statusSearchDefault</param-name>
+       <param-value>status=active</param-value>
+     </init-param> - - >
+     <!- - translate between screen values of status, and the data store value.  Increment the 0 to 1, 2, etc for more translations.
+          so the user could enter: status=active, and that could translate to status_col=A.  The 'user' is what the user types in,
+          the 'datastore' is what is in the datastore.  The user part is not case-sensitive.  Note, this could be a many to one - - >
+     <!- -
+     <init-param>
+       <param-name>statusTranslateUser0</param-name>
+       <param-value>active</param-value>
+     </init-param>
+     <init-param>
+       <param-name>statusTranslateDatastore0</param-name>
+       <param-value>A</param-value>
+     </init-param> - - >
+     <!- - ########################## END STATUS SECTION - - >
+     -->
+
+    <internal-attribute>searchAttribute0</internal-attribute>
+
+    ///Attributes you would like to display when doing a search
+    <attribute>cn</attribute>
+    <attribute>sn</attribute>
+    <attribute>displayName</attribute>
+    <attribute>BannerID</attribute>
+    <attribute>UASystemID</attribute>
+
+  </source>
+}}}
+
+With this configuration, the subject id is BannerID.  UASystemID is a subject identifier.  
+
+
+== Install Grouper database and startup GSH to initialize Grouper objects ==
+
+{{{[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -registry -check
+Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4
+Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf
+Using JAVA: java
+using MEMORY: 64m-750m
+Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured>
+grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties
+Grouper current directory is: /srv/grouper/grouper.api-2.1.4
+log4j.properties read from:   /srv/grouper/grouper.api-2.1.4/conf/log4j.properties
+Grouper is logging to file:   /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties
+grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties
+grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT
+sources.xml read from:        /srv/grouper/grouper.api-2.1.4/conf/sources.xml
+sources.xml groupersource id: g:gsa
+sources.xml ldap source id:   ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636
+sources.xml groupersource id: grouperEntities
+(note, might need to type in your response multiple times (Java stdin is flaky))
+(note, you can whitelist or blacklist db urls and users in the grouper.properties)
+Are you sure you want to schemaexport all tables (dropThenCreate=F,writeAndRunScript=F) in db user 'grouper', db url 'jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT'? (y|n):
+y
+Continuing...
+Grouper ddl object type 'Grouper' has dbVersion: 0 and java version: 26
+Grouper ddl object type 'Subject' has dbVersion: 0 and java version: 1
+Grouper database schema DDL requires updates
+(should run script manually and carefully, in sections, verify data before drop statements, backup/export important data before starting, follow change log on confluence, dont run exact same script in multiple envs - generate a new one for each env),
+script file is:
+/srv/grouper/grouper.api-2.1.4/ddlScripts/grouperDdl_20130602_08_56_15_817.sql
+Note: this script was not executed due to option passed in
+To run script via gsh, carefully review it, then run this:
+gsh -registry -runsqlfile /srv/grouper/grouper.api-2.1.4/ddlScripts/grouperDdl_20130602_08_56_15_817.sql
+[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -registry -runsqlfile ddlScripts/grouperDdl_20130602_08_56_15_817.sql
+Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4
+Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf
+Using JAVA: java
+using MEMORY: 64m-750m
+(note, might need to type in your response multiple times (Java stdin is flaky))
+(note, you can whitelist or blacklist db urls and users in the grouper.properties)
+Are you sure you want to run the sql file in db user 'grouper', db url 'jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT'? (y|n):
+y
+Continuing...
+Script was executed successfully
+
+Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured>
+grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties
+Grouper current directory is: /srv/grouper/grouper.api-2.1.4
+log4j.properties read from:   /srv/grouper/grouper.api-2.1.4/conf/log4j.properties
+Grouper is logging to file:   /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties
+grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties
+grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT
+sources.xml read from:        /srv/grouper/grouper.api-2.1.4/conf/sources.xml
+sources.xml groupersource id: g:gsa
+sources.xml ldap source id:   ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636
+sources.xml groupersource id: grouperEntities
+[root@grinnell grouper.api-2.1.4]#
+[root@grinnell grouper.api-2.1.4]#
+[root@grinnell grouper.api-2.1.4]#
+[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh
+Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4
+Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf
+Using JAVA: java
+using MEMORY: 64m-750m
+Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured>
+grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties
+Grouper current directory is: /srv/grouper/grouper.api-2.1.4
+log4j.properties read from:   /srv/grouper/grouper.api-2.1.4/conf/log4j.properties
+Grouper is logging to file:   /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties
+grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties
+grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT
+sources.xml read from:        /srv/grouper/grouper.api-2.1.4/conf/sources.xml
+sources.xml groupersource id: g:gsa
+sources.xml ldap source id:   ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636
+sources.xml groupersource id: grouperEntities
+Grouper warning: cannot find group from config: wheel group from grouper.properties key: groups.wheel.group: etc:sysadmingroup
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInvite
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteExpireDate
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteDate
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectEmailAddress
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteGroupUuids
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteMemberId
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteUuid
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteEmailWhenRegistered
+Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteEmail
+Grouper note: auto-created attributeDefName: etc:attribute:rules:rule
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectId
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectIdentifier
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectSourceId
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckType
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckOwnerId
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckOwnerName
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckStemScope
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckArg0
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckArg1
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfOwnerId
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfOwnerName
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEl
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnum
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnumArg0
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnumArg1
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfStemScope
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEl
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnum
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg0
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg1
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg2
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleValid
+Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleRunDaemon
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitExpression
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitIpOnNetworks
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitIpOnNetworkRealm
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitLabelsContain
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitAmountLessThan
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitAmountLessThanOrEqual
+Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitWeekday9to5
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoader
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderType
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderDbName
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderScheduleType
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderQuartzCron
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderIntervalSeconds
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderPriority
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrsLike
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrQuery
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrSetQuery
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderActionQuery
+Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderActionSetQuery
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdap
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapType
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapServerId
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapFilter
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapQuartzCron
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSearchDn
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectAttribute
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSourceId
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectIdType
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAndGroups
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSearchScope
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapPriority
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupsLike
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupAttribute
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAttributeFilterExpression
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapExtraAttributes
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapErrorUnresolvable
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupNameExpression
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupDisplayNameExpression
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupDescriptionExpression
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectExpression
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupTypes
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapReaders
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapViewers
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAdmins
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapUpdaters
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapOptins
+Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapOptouts
+Grouper note: auto-created attributeDefName: etc:attribute:entities:entitySubjectIdentifier
+Type help() for instructions
+gsh 0% addGroup("etc", "sysadmingroup", "sysadmingroup")
+group: name='etc:sysadmingroup' displayName='etc:sysadmingroup' uuid='481175bb2a9a4e909273eec0a8fc7b21'
+gsh 1% quit
+}}}
+
+
+== Start Grouper Daemon ==
+{{{
+[root@grinnell ~]# cd /srv/grouper/grouper.api-2.1.4
+[root@grinnell grouper.api-2.1.4]# nohup ./bin/gsh.sh -loader &
+[1] 2217
+[root@grinnell grouper.api-2.1.4]# nohup: ignoring input and appending output to `nohup.out'
+}}}