This document explains the installation steps for Grouper. == Install Grouper API == 1. Download and copy the API to /tmp/ on grinnell. The tarball is located at http://www.internet2.edu/grouper/release/2.1.4/grouper.api-2.1.4.tar.gz. 2. Extract and build. {{{ [root@grinnell ~]# mkdir /srv/grouper [root@grinnell ~]# cd /srv/grouper/ [root@grinnell grouper]# cp /tmp/grouper.api-2.1.4.tar.gz . [root@grinnell grouper]# gunzip grouper.api-2.1.4.tar.gz [root@grinnell grouper]# tar xf grouper.api-2.1.4.tar [root@grinnell grouper]# cd grouper.api-2.1.4 [root@grinnell grouper.api-2.1.4]# ant dist Buildfile: build.xml init: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/build/test [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/ext/conf init.conf: compile: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/build/grouper [javac] Compiling 869 source files to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5 [javac] Note: Some input files use unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 1 warning [javac] Compiling 14 source files to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5 [javac] 1 warning [copy] Copying 941 files to /srv/grouper/grouper.api-2.1.4/dist/build/grouper ext.init: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/ext/bin [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/ext/doc ext.compile: [subant] No sub-builds to iterate on ext.init: ext.install: [subant] No sub-builds to iterate on test.compile: [javac] Compiling 401 source files to /srv/grouper/grouper.api-2.1.4/dist/build/test [javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5 [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/util/GrouperUtilTest.java:147: warning: unmappable character for encoding ASCII [javac] String testString = "H13_FRA2007, Questions d?histoire de la lit?rature"; [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/util/GrouperUtilTest.java:147: warning: unmappable character for encoding ASCII [javac] String testString = "H13_FRA2007, Questions d?histoire de la lit?rature"; [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -Xlint:deprecation for details. [javac] Note: Some input files use unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 51 warnings [copy] Copying 7 files to /srv/grouper/grouper.api-2.1.4/dist/build/test dist: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/lib [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [jar] Building jar: /srv/grouper/grouper.api-2.1.4/dist/lib/grouper-20130602.jar [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/lib [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/lib/test [jar] Building jar: /srv/grouper/grouper.api-2.1.4/dist/lib/test/grouper-test.jar BUILD SUCCESSFUL Total time: 40 seconds }}} == Patches == A bug was found in the Grouper API while debugging the building loader. The source directory (/srv/grouper/grouper.api-2.1.4/src) was patched with the fix. The fix will also be available in the next version of Grouper. To apply the fix, update the file src/grouper/edu/internet2/middleware/grouper/app/loader/db/GrouperLoaderResultset.java with the latest version from the 2.1 branch in Grouper's SVN repository. Then run 'ant dist' again. == Basic Grouper Configuration == 1. Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper.properties and update the values. {{{ groups.create.grant.all.read = false groups.create.grant.all.view = false groups.wheel.use = true grouperIncludeExclude.use = true }}} The first two properties will prevent everybody from having read and view access to newly created groups by default. The third property will allow the use of a wheel group. Members of the wheel group have full access in Grouper. The name of this wheel group is etc:sysadmingroup. And the forth property allows the use of include/exclude groups. 2. Configure database settings. Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties and update the values. {{{ hibernate.connection.url = jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT hibernate.connection.username = grouper hibernate.connection.password = }}} 3. Configure subject source settings in /srv/grouper/grouper.api-2.1.4/conf/sources.xml. a) Delete the entire source element with the id ''jdbc''. b) Add source element for LDAP. Be sure to update the password. {{{ ldap Alaska Person Source person INITIAL_CONTEXT_FACTORY com.sun.jndi.ldap.LdapCtxFactory PROVIDER_URL ldaps://edir.alaska.edu:636 SECURITY_AUTHENTICATION simple SECURITY_PRINCIPAL uid=grouper03,ou=resource,dc=alaska,dc=edu SECURITY_CREDENTIALS secret SubjectID_AttributeType BannerID SubjectID_formatToLowerCase false Name_AttributeType displayName Description_AttributeType displayName /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE /// For filter use searchSubject filter (BannerID=%TERM%) scope SUBTREE_SCOPE base ou=people,dc=alaska,dc=edu searchSubjectByIdentifier filter (UASystemID=%TERM%) scope SUBTREE_SCOPE base ou=people,dc=alaska,dc=edu search filter (|(BannerID=%TERM%)(UASystemID=%TERM%)(cn=*%TERM%*)(displayName=*%TERM%*)) scope SUBTREE_SCOPE base ou=people,dc=alaska,dc=edu subjectVirtualAttribute_0_searchAttribute0 ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('UASystemID'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('BannerID'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('displayName'), "")} sortAttribute0 sn searchAttribute0 searchAttribute0 searchAttribute0 ///Attributes you would like to display when doing a search cn sn displayName BannerID UASystemID }}} With this configuration, the subject id is BannerID. UASystemID is a subject identifier. == Install Grouper database and startup GSH to initialize Grouper objects == After starting up GSH, running commands to create sysadmingroup and add members. {{{ [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -registry -check Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities (note, might need to type in your response multiple times (Java stdin is flaky)) (note, you can whitelist or blacklist db urls and users in the grouper.properties) Are you sure you want to schemaexport all tables (dropThenCreate=F,writeAndRunScript=F) in db user 'grouper', db url 'jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT'? (y|n): y Continuing... Grouper ddl object type 'Grouper' has dbVersion: 0 and java version: 26 Grouper ddl object type 'Subject' has dbVersion: 0 and java version: 1 Grouper database schema DDL requires updates (should run script manually and carefully, in sections, verify data before drop statements, backup/export important data before starting, follow change log on confluence, dont run exact same script in multiple envs - generate a new one for each env), script file is: /srv/grouper/grouper.api-2.1.4/ddlScripts/grouperDdl_20130602_08_56_15_817.sql Note: this script was not executed due to option passed in To run script via gsh, carefully review it, then run this: gsh -registry -runsqlfile /srv/grouper/grouper.api-2.1.4/ddlScripts/grouperDdl_20130602_08_56_15_817.sql [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -registry -runsqlfile ddlScripts/grouperDdl_20130602_08_56_15_817.sql Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m (note, might need to type in your response multiple times (Java stdin is flaky)) (note, you can whitelist or blacklist db urls and users in the grouper.properties) Are you sure you want to run the sql file in db user 'grouper', db url 'jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT'? (y|n): y Continuing... Script was executed successfully Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities [root@grinnell grouper.api-2.1.4]# [root@grinnell grouper.api-2.1.4]# [root@grinnell grouper.api-2.1.4]# [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities Grouper warning: cannot find group from config: wheel group from grouper.properties key: groups.wheel.group: etc:sysadmingroup Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInvite Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteExpireDate Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteDate Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectEmailAddress Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteGroupUuids Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteMemberId Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteUuid Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteEmailWhenRegistered Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteEmail Grouper note: auto-created attributeDefName: etc:attribute:rules:rule Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectIdentifier Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectSourceId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckType Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckOwnerId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckOwnerName Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckStemScope Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckArg0 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckArg1 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfOwnerId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfOwnerName Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEl Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnum Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnumArg0 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnumArg1 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfStemScope Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEl Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnum Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg0 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg1 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg2 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleValid Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleRunDaemon Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitExpression Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitIpOnNetworks Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitIpOnNetworkRealm Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitLabelsContain Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitAmountLessThan Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitAmountLessThanOrEqual Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitWeekday9to5 Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoader Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderType Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderDbName Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderScheduleType Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderQuartzCron Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderIntervalSeconds Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderPriority Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrsLike Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrQuery Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrSetQuery Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderActionQuery Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderActionSetQuery Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdap Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapType Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapServerId Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapFilter Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapQuartzCron Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSearchDn Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectAttribute Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSourceId Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectIdType Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAndGroups Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSearchScope Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapPriority Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupsLike Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupAttribute Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAttributeFilterExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapExtraAttributes Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapErrorUnresolvable Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupNameExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupDisplayNameExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupDescriptionExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupTypes Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapReaders Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapViewers Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAdmins Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapUpdaters Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapOptins Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapOptouts Grouper note: auto-created attributeDefName: etc:attribute:entities:entitySubjectIdentifier Type help() for instructions gsh 0% addGroup("etc", "sysadmingroup", "sysadmingroup") group: name='etc:sysadmingroup' displayName='etc:sysadmingroup' uuid='481175bb2a9a4e909273eec0a8fc7b21' gsh 1% addMember("etc:sysadmingroup", "dabantz") true gsh 2% quit }}} == Start Grouper Daemon == {{{ [root@grinnell ~]# cd /srv/grouper/grouper.api-2.1.4 [root@grinnell grouper.api-2.1.4]# nohup ./bin/gsh.sh -loader & [1] 2217 [root@grinnell grouper.api-2.1.4]# nohup: ignoring input and appending output to `nohup.out' }}} The Grouper Daemon can later be stopped by killing the process. {{{ [root@grinnell ~]# ps -ef | grep "edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper" root 20707 20706 0 Jun09 ? 04:35:14 java -Xms64m -Xmx750m -Dgrouper.home=/srv/grouper/grouper.api-2.1.4/ -classpath /srv/grouper/grouper.api-2.1.4/conf:/srv/grouper/grouper.api-2.1.4/dist/lib/grouper.jar:/srv/grouper/grouper.api-2.1.4/lib/grouper/*:/srv/grouper/grouper.api-2.1.4/lib/custom/*:/srv/grouper/grouper.api-2.1.4/lib/jdbcSamples/*:/srv/grouper/grouper.api-2.1.4/lib/ant/*:/srv/grouper/grouper.api-2.1.4/lib/test/*:/srv/grouper/grouper.api-2.1.4/dist/lib/test/*:/srv/grouper/grouper.api-2.1.4/src/resources: edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper -loader root 23169 22516 0 14:28 pts/2 00:00:00 grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper [root@grinnell ~]# kill -9 20707 }}} == Add basic folder structure == This is partially based on the structure discussed here: https://iam.alaska.edu/grouper/wiki/Phase1Planning Folder ''display names'' should probably be changed to something more friendly. {{{ [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities Type help() for instructions gsh 0% addRootStem("ua", "ua") stem: name='ua' displayName='ua' uuid='11c11b24137f4c28834d5a9b6e45fee4' gsh 1% addStem("ua", "inst", "inst") stem: name='ua:inst' displayName='ua:inst' uuid='1a35d8a7ca804572a5adb894bf25aa0c' gsh 2% addStem("ua:inst", "buildings", "buildings") stem: name='ua:inst:buildings' displayName='ua:inst:buildings' uuid='05ccd68f773d420aab4769f2a728b79d' }}} == Custom development == Custom code development for this proof of concept has been added to the following location: /srv/grouper_custom. Note that this should all probably get added to a UA source control repository. 1. The file conf/ua_buildings.properties contains the building information with the fields short name, long name, and campus name. There is one building per line and the fields are pipe separated. 2. The class src/edu/ua/iam/grouper/BuildingLoaderHelper.java contains logic to convert an officeLocation attribute value to a group name. The algorithm is: a) Check to see if the officeLocation value entirely matches a building short name. b) If a match is not found, remove the first word in the officeLocation value and check again. c) Repeat (b) until a match is found or there is nothing left to check. d) If no match is found, return "UNKNOWN" as the group name. e) If a match is found, return the campus name followed by the short name of the building (separated by a hyphen). 3. So for instance, all of the following officeLocation values translate to the Grouper group "ua:inst:buildings:groups:UAF Main Campus - BUTRO": {{{ officeLocation: 211 BUTRO officeLocation: 211 BUTRO BUTRO officeLocation: BUTRO officeLocation: Suite 001 BUTRO }}} 4. The custom code can be deployed by simply running 'ant'. This will copy both the properties file and the code into the Grouper API installation. {{{ [root@grinnell grouper_custom]# cd /srv/grouper_custom/ [root@grinnell grouper_custom]# ant Buildfile: build.xml init: clean: [delete] Deleting directory /srv/grouper_custom/build [delete] Deleting: /srv/grouper_custom/dist/lib/grouper_custom.jar prepare: [mkdir] Created dir: /srv/grouper_custom/build prepare-src: [mkdir] Created dir: /srv/grouper_custom/build/src [mkdir] Created dir: /srv/grouper_custom/build/classes [copy] Copying 1 file to /srv/grouper_custom/build/src build: [javac] Compiling 1 source file to /srv/grouper_custom/build/classes jar: [jar] Building jar: /srv/grouper_custom/dist/lib/grouper_custom.jar all: [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/lib/custom BUILD SUCCESSFUL Total time: 1 second [root@grinnell grouper_custom]# }}} == Set up loader for the office building for people == 1. Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper-loader.properties and update the values. Be sure to uncomment the properties too. Set the password correctly. {{{ ldap.personLdap.url = ldaps://edir.alaska.edu:636/dc=alaska,dc=edu ldap.personLdap.user = uid=grouper03,ou=resource,dc=alaska,dc=edu ldap.personLdap.pass = secret loader.ldap.el.classes = edu.ua.iam.grouper.BuildingLoaderHelper }}} 2. Configure LDAP loader job via GSH. {{{ [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh ... gsh 0% grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.GrouperSession: 59e31f6e3f774419838719a09fe13f3f,'GrouperSystem','application' gsh 1% group = addGroup("ua:inst:buildings", "loaderDefinition", "loaderDefinition") group: name='ua:inst:buildings:loaderDefinition' displayName='ua:inst:buildings:loaderDefinition' uuid='d889e9cf79004bf4b396f33ed61d43e5' gsh 2% attributeAssign = group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign(); edu.internet2.middleware.grouper.attr.assign.AttributeAssign: AttributeAssign[id=6451f0a6328f44aa8dbbba21212aea22,action=assign,attributeDefName=etc:attribute:loaderLdap:grouperLoaderLdap, group=Group[name=ua:inst:buildings:loaderDefinition,uuid=d889e9cf79004bf4b396f33ed61d43e5]] gsh 3% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@f1599908 gsh 4% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(&(officeLocation=*)(BannerID=*))"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@147362e0 gsh 5% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 0 0 * * ?"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@3c2d09a4 gsh 6% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=people"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@ef3aa71c gsh 7% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "personLdap"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@99104c4a gsh 8% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@796d51f8 gsh 9% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "officeLocation"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@ecb2991b gsh 10% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@df23167e gsh 11% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), "groups:${buildingLoaderHelper.getGroupNameFromOfficeLocation(groupAttribute)}"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@c0a6cbf3 gsh 12% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "BannerID") edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@e95bf032 gsh 13% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupsLikeName(), "ua:inst:buildings:groups:%"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@7a931229 }}} Loader scheduled to run once a day at midnight. 3. Run loader manually {{{ [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh ... gsh 0% grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.GrouperSession: fb0abbdd2dcc4aeca2927263937469f6,'GrouperSystem','application' gsh 1% group = GroupFinder.findByName(grouperSession, "ua:inst:buildings:loaderDefinition") group: name='ua:inst:buildings:loaderDefinition' displayName='ua:inst:buildings:loaderDefinition' uuid='d889e9cf79004bf4b396f33ed61d43e5' gsh 2% loaderRunOneJob(group); ..... }}}