Version 8 (modified by uaguest_SPatel1@…, 11 years ago) (diff) |
---|
This document explains the installation steps for Grouper.
Install Grouper API
- Download and copy the API to /tmp/ on grinnell. The tarball is located at http://www.internet2.edu/grouper/release/2.1.4/grouper.api-2.1.4.tar.gz.
- Extract and build.
[root@grinnell ~]# mkdir /srv/grouper [root@grinnell ~]# cd /srv/grouper/ [root@grinnell grouper]# cp /tmp/grouper.api-2.1.4.tar.gz . [root@grinnell grouper]# gunzip grouper.api-2.1.4.tar.gz [root@grinnell grouper]# tar xf grouper.api-2.1.4.tar [root@grinnell grouper]# cd grouper.api-2.1.4 [root@grinnell grouper.api-2.1.4]# ant dist Buildfile: build.xml init: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/build/test [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/ext/conf init.conf: compile: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/build/grouper [javac] Compiling 869 source files to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5 [javac] Note: Some input files use unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 1 warning [javac] Compiling 14 source files to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5 [javac] 1 warning [copy] Copying 941 files to /srv/grouper/grouper.api-2.1.4/dist/build/grouper ext.init: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/ext/bin [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/ext/doc ext.compile: [subant] No sub-builds to iterate on ext.init: ext.install: [subant] No sub-builds to iterate on test.compile: [javac] Compiling 401 source files to /srv/grouper/grouper.api-2.1.4/dist/build/test [javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5 [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/util/GrouperUtilTest.java:147: warning: unmappable character for encoding ASCII [javac] String testString = "H13_FRA2007, Questions d?histoire de la lit?rature"; [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/util/GrouperUtilTest.java:147: warning: unmappable character for encoding ASCII [javac] String testString = "H13_FRA2007, Questions d?histoire de la lit?rature"; [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:423: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:424: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:455: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/TestXml.java:466: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:418: warning: unmappable character for encoding ASCII [javac] Group gA = new GroupSave(grouperSession).assignGroupNameToEdit("t??st:??Group").assignName("t??st:??Group") [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:419: warning: unmappable character for encoding ASCII [javac] .assignDisplayName("t??st:??Group").assignDescription("t??st:??Group").assignCreateParentStemsIfNotExist(true).save(); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:453: warning: unmappable character for encoding ASCII [javac] assertDoNotFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] /srv/grouper/grouper.api-2.1.4/src/test/edu/internet2/middleware/grouper/xml/importXml/XmlLegacyTest.java:467: warning: unmappable character for encoding ASCII [javac] gA = assertFindGroupByName( s, "t??st:??Group" ); [javac] ^ [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -Xlint:deprecation for details. [javac] Note: Some input files use unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 51 warnings [copy] Copying 7 files to /srv/grouper/grouper.api-2.1.4/dist/build/test dist: [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/lib [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/build/grouper [jar] Building jar: /srv/grouper/grouper.api-2.1.4/dist/lib/grouper-20130602.jar [copy] Copying 1 file to /srv/grouper/grouper.api-2.1.4/dist/lib [mkdir] Created dir: /srv/grouper/grouper.api-2.1.4/dist/lib/test [jar] Building jar: /srv/grouper/grouper.api-2.1.4/dist/lib/test/grouper-test.jar BUILD SUCCESSFUL Total time: 40 seconds
Basic Grouper Configuration
- Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper.properties and update the values.
groups.create.grant.all.read = false groups.create.grant.all.view = false groups.wheel.use = true grouperIncludeExclude.use = true
The first two properties will prevent everybody from having read and view access to newly created groups by default. The third property will allow the use of a wheel group. Members of the wheel group have full access in Grouper. The name of this wheel group is etc:sysadmingroup. And the forth property allows the use of include/exclude groups.
- Configure database settings. Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties and update the values.
hibernate.connection.url = jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT hibernate.connection.username = grouper hibernate.connection.password = <password>
- Configure subject source settings in /srv/grouper/grouper.api-2.1.4/conf/sources.xml.
a) Delete the entire source element with the id jdbc.
b) Add source element for LDAP. Be sure to update the password.
<source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"> <id>ldap</id> <name>Alaska Person Source</name> <type>person</type> <init-param> <param-name>INITIAL_CONTEXT_FACTORY</param-name> <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> </init-param> <init-param> <param-name>PROVIDER_URL</param-name> <param-value>ldaps://edir.alaska.edu:636</param-value> </init-param> <init-param> <param-name>SECURITY_AUTHENTICATION</param-name> <param-value>simple</param-value> </init-param> <init-param> <param-name>SECURITY_PRINCIPAL</param-name> <param-value>uid=grouper03,ou=resource,dc=alaska,dc=edu</param-value> </init-param> <init-param> <param-name>SECURITY_CREDENTIALS</param-name> <param-value>secret</param-value> </init-param> <init-param> <param-name>SubjectID_AttributeType</param-name> <param-value>BannerID</param-value> </init-param> <init-param> <param-name>SubjectID_formatToLowerCase</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>Name_AttributeType</param-name> <param-value>displayName</param-value> </init-param> <init-param> <param-name>Description_AttributeType</param-name> <param-value>displayName</param-value> </init-param> /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE /// For filter use <search> <searchType>searchSubject</searchType> <param> <param-name>filter</param-name> <param-value> (BannerID=%TERM%) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=people,dc=alaska,dc=edu </param-value> </param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value> (UASystemID=%TERM%) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=people,dc=alaska,dc=edu </param-value> </param> </search> <search> <searchType>search</searchType> <param> <param-name>filter</param-name> <param-value> (|(BannerID=%TERM%)(UASystemID=%TERM%)(cn=*%TERM%*)(displayName=*%TERM%*)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=people,dc=alaska,dc=edu </param-value> </param> </search> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name> <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('UASystemID'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('BannerID'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('displayName'), "")}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>sn</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <!-- <!- - ########################## STATUS SECTION for searches to filter out inactives and allow the user to filter by status with e.g. status=all this is optional, and advanced - -> <!- - column or attribute which represents the status - - > <!- - <init-param> <param-name>statusDatastoreFieldName</param-name> <param-value>status</param-value> </init-param> - - > <!- - search string from user which represents the status. e.g. status=active - - > <!- - <init-param> <param-name>statusLabel</param-name> <param-value>status</param-value> </init-param> - - > <!- - available statuses from screen (if not specified, any will be allowed). comma separated list. Note, this is optional and you probably dont want to configure it, it is mostly necessary when you have multiple sources with statuses... if someone types an invalid status and you have this configured, it will not filter by it - - > <!- - <init-param> <param-name>statusesFromUser<param-name> <param-value>Active, Inactive, Pending, All</param-value> </init-param> - - > <!- - all label from the user - - > <!- - <init-param> <param-name>statusAllFromUser</param-name> <param-value>All</param-value> </init-param> - - > <!- - if no status is specified, this will be used (e.g. for active only). Note, the value should be of the form the user would type in - - > <!- - <init-param> <param-name>statusSearchDefault</param-name> <param-value>status=active</param-value> </init-param> - - > <!- - translate between screen values of status, and the data store value. Increment the 0 to 1, 2, etc for more translations. so the user could enter: status=active, and that could translate to status_col=A. The 'user' is what the user types in, the 'datastore' is what is in the datastore. The user part is not case-sensitive. Note, this could be a many to one - - > <!- - <init-param> <param-name>statusTranslateUser0</param-name> <param-value>active</param-value> </init-param> <init-param> <param-name>statusTranslateDatastore0</param-name> <param-value>A</param-value> </init-param> - - > <!- - ########################## END STATUS SECTION - - > --> <internal-attribute>searchAttribute0</internal-attribute> ///Attributes you would like to display when doing a search <attribute>cn</attribute> <attribute>sn</attribute> <attribute>displayName</attribute> <attribute>BannerID</attribute> <attribute>UASystemID</attribute> </source>
With this configuration, the subject id is BannerID. UASystemID is a subject identifier.
Install Grouper database and startup GSH to initialize Grouper objects
[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -registry -check Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured> grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities (note, might need to type in your response multiple times (Java stdin is flaky)) (note, you can whitelist or blacklist db urls and users in the grouper.properties) Are you sure you want to schemaexport all tables (dropThenCreate=F,writeAndRunScript=F) in db user 'grouper', db url 'jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT'? (y|n): y Continuing... Grouper ddl object type 'Grouper' has dbVersion: 0 and java version: 26 Grouper ddl object type 'Subject' has dbVersion: 0 and java version: 1 Grouper database schema DDL requires updates (should run script manually and carefully, in sections, verify data before drop statements, backup/export important data before starting, follow change log on confluence, dont run exact same script in multiple envs - generate a new one for each env), script file is: /srv/grouper/grouper.api-2.1.4/ddlScripts/grouperDdl_20130602_08_56_15_817.sql Note: this script was not executed due to option passed in To run script via gsh, carefully review it, then run this: gsh -registry -runsqlfile /srv/grouper/grouper.api-2.1.4/ddlScripts/grouperDdl_20130602_08_56_15_817.sql [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -registry -runsqlfile ddlScripts/grouperDdl_20130602_08_56_15_817.sql Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m (note, might need to type in your response multiple times (Java stdin is flaky)) (note, you can whitelist or blacklist db urls and users in the grouper.properties) Are you sure you want to run the sql file in db user 'grouper', db url 'jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT'? (y|n): y Continuing... Script was executed successfully Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured> grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities [root@grinnell grouper.api-2.1.4]# [root@grinnell grouper.api-2.1.4]# [root@grinnell grouper.api-2.1.4]# [root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured> grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities Grouper warning: cannot find group from config: wheel group from grouper.properties key: groups.wheel.group: etc:sysadmingroup Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInvite Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteExpireDate Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteDate Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectEmailAddress Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteGroupUuids Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteMemberId Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteUuid Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteEmailWhenRegistered Grouper note: auto-created attributeDefName: etc:attribute:attrExternalSubjectInvite:externalSubjectInviteEmail Grouper note: auto-created attributeDefName: etc:attribute:rules:rule Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectIdentifier Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleActAsSubjectSourceId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckType Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckOwnerId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckOwnerName Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckStemScope Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckArg0 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleCheckArg1 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfOwnerId Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfOwnerName Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEl Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnum Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnumArg0 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfConditionEnumArg1 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleIfStemScope Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEl Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnum Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg0 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg1 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleThenEnumArg2 Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleValid Grouper note: auto-created attributeDefName: etc:attribute:rules:ruleRunDaemon Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitExpression Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitIpOnNetworks Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitIpOnNetworkRealm Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitLabelsContain Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitAmountLessThan Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitAmountLessThanOrEqual Grouper note: auto-created attributeDefName: etc:attribute:permissionLimits:limitWeekday9to5 Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoader Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderType Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderDbName Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderScheduleType Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderQuartzCron Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderIntervalSeconds Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderPriority Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrsLike Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrQuery Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderAttrSetQuery Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderActionQuery Grouper note: auto-created attributeDefName: etc:attribute:attrLoader:attributeLoaderActionSetQuery Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdap Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapType Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapServerId Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapFilter Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapQuartzCron Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSearchDn Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectAttribute Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSourceId Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectIdType Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAndGroups Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSearchScope Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapPriority Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupsLike Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupAttribute Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAttributeFilterExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapExtraAttributes Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapErrorUnresolvable Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupNameExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupDisplayNameExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupDescriptionExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapSubjectExpression Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapGroupTypes Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapReaders Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapViewers Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapAdmins Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapUpdaters Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapOptins Grouper note: auto-created attributeDefName: etc:attribute:loaderLdap:grouperLoaderLdapOptouts Grouper note: auto-created attributeDefName: etc:attribute:entities:entitySubjectIdentifier Type help() for instructions gsh 0% addGroup("etc", "sysadmingroup", "sysadmingroup") group: name='etc:sysadmingroup' displayName='etc:sysadmingroup' uuid='481175bb2a9a4e909273eec0a8fc7b21' gsh 1% quit
Start Grouper Daemon
[root@grinnell ~]# cd /srv/grouper/grouper.api-2.1.4 [root@grinnell grouper.api-2.1.4]# nohup ./bin/gsh.sh -loader & [1] 2217 [root@grinnell grouper.api-2.1.4]# nohup: ignoring input and appending output to `nohup.out'
The Grouper Daemon can later be stopped by killing the process.
Add basic folder structure
This is partially based on the structure discussed here: https://iam.alaska.edu/grouper/wiki/Phase1Planning
Folder display names should probably be changed to something more friendly.
[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh Using GROUPER_HOME: /srv/grouper/grouper.api-2.1.4 Using GROUPER_CONF: /srv/grouper/grouper.api-2.1.4/conf Using JAVA: java using MEMORY: 64m-750m Grouper starting up: version: 2.1.4, build date: 2013/06/02 08:38:25, env: <no label configured> grouper.properties read from: /srv/grouper/grouper.api-2.1.4/conf/grouper.properties Grouper current directory is: /srv/grouper/grouper.api-2.1.4 log4j.properties read from: /srv/grouper/grouper.api-2.1.4/conf/log4j.properties Grouper is logging to file: /srv/grouper/grouper.api-2.1.4/logs/grouper_error.log, at min level WARN for package: edu.internet2.middleware.grouper, based on log4j.properties grouper.hibernate.properties: /srv/grouper/grouper.api-2.1.4/conf/grouper.hibernate.properties grouper.hibernate.properties: grouper@jdbc:oracle:thin:@msct.alaska.edu:1536:MSCT sources.xml read from: /srv/grouper/grouper.api-2.1.4/conf/sources.xml sources.xml groupersource id: g:gsa sources.xml ldap source id: ldap: uid=grouper03,ou=resource,dc=alaska,dc=edu@ldaps://edir.alaska.edu:636 sources.xml groupersource id: grouperEntities Type help() for instructions gsh 0% addRootStem("ua", "ua") stem: name='ua' displayName='ua' uuid='11c11b24137f4c28834d5a9b6e45fee4' gsh 1% addStem("ua", "inst", "inst") stem: name='ua:inst' displayName='ua:inst' uuid='1a35d8a7ca804572a5adb894bf25aa0c' gsh 2% addStem("ua:inst", "buildings", "buildings") stem: name='ua:inst:buildings' displayName='ua:inst:buildings' uuid='05ccd68f773d420aab4769f2a728b79d'
Set up loader for the office building for people
- Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper-loader.properties and update the values. Be sure to uncomment the properties too. Set the password correctly.
ldap.personLdap.url = ldaps://edir.alaska.edu:636/dc=alaska,dc=edu ldap.personLdap.user = uid=grouper03,ou=resource,dc=alaska,dc=edu ldap.personLdap.pass = secret
- Configure LDAP loader job via GSH.
[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh ... gsh 0% grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.GrouperSession: 59e31f6e3f774419838719a09fe13f3f,'GrouperSystem','application' gsh 1% group = addGroup("ua:inst:buildings", "loaderDefinition", "loaderDefinition") group: name='ua:inst:buildings:loaderDefinition' displayName='ua:inst:buildings:loaderDefinition' uuid='d889e9cf79004bf4b396f33ed61d43e5' gsh 2% attributeAssign = group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign(); edu.internet2.middleware.grouper.attr.assign.AttributeAssign: AttributeAssign[id=6451f0a6328f44aa8dbbba21212aea22,action=assign,attributeDefName=etc:attribute:loaderLdap:grouperLoaderLdap, group=Group[name=ua:inst:buildings:loaderDefinition,uuid=d889e9cf79004bf4b396f33ed61d43e5]] gsh 3% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@f1599908 gsh 4% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(officeLocation=BUTRO)"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@147362e0 gsh 5% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 0 0 * * ?"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@3c2d09a4 gsh 6% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=people"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@ef3aa71c gsh 7% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "personLdap"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@99104c4a gsh 8% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@796d51f8 gsh 9% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "officeLocation"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@ecb2991b gsh 10% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@df23167e gsh 11% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), "groups:${groupAttribute}"); edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@c0a6cbf3 gsh 12% attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "BannerID") edu.internet2.middleware.grouper.attr.value.AttributeValueResult: edu.internet2.middleware.grouper.attr.value.AttributeValueResult@e95bf032
Loader scheduled to run once a day at midnight.
- Run loader manually
[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh ... gsh 0% grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.GrouperSession: fb0abbdd2dcc4aeca2927263937469f6,'GrouperSystem','application' gsh 1% group = GroupFinder.findByName(grouperSession, "ua:inst:buildings:loaderDefinition") group: name='ua:inst:buildings:loaderDefinition' displayName='ua:inst:buildings:loaderDefinition' uuid='d889e9cf79004bf4b396f33ed61d43e5' gsh 2% loaderRunOneJob(group); .....