Last modified 12 years ago
Last modified on 06/09/13 11:11:08
This document explains the installation steps for the PSP. Here's an overview of how it was configured:
- The PSP writes data to the directory installed on grinnell.
- Group objects are created for each Grouper group (excluding the etc folder) in ou=grouper,ou=group,dc=alaska,dc=edu. The description attribute is populated for groups and folders. And the member attribute is populated for groups and contains the DN of members.
- The "bushy" structure is used.
- Incremental and bulk sync is configured.
Prepare LDAP
- Create the base DN that we're using to store groups in LDAP. Note that a new ACL is added which gives the grouper user full access over ou=grouper.
[oracle@grinnell ~]$ ldapmodify -a -h localhost -p 1389 -D "cn=directory manager" -W Enter LDAP Password: dn: ou=grouper,ou=group,dc=alaska,dc=edu objectClass: organizationalUnit ou: grouper aci: (targetattr="*") (version 3.0; acl "Grouper Write Access";allow (add,delete,read,write,search,compare) (userdn="ldap:///uid=grouper03,ou=resource,dc=alaska,dc=edu" and ip="127.0.0.1");) adding new entry "ou=grouper,ou=group,dc=alaska,dc=edu"
Install PSP
- Download and copy the PSP to /tmp/ on grinnell. The tarball is located at http://www.internet2.edu/grouper/release/2.1.4/grouper.psp-2.1.4.tar.gz.
- Extract and copy files. Note that we're using the generic LDAP example configuration as a starting point.
[root@grinnell ~]# cd /srv/grouper [root@grinnell grouper]# ls grouper.api-2.1.4 grouper.api-2.1.4.tar [root@grinnell grouper]# mv /tmp/grouper.psp-2.1.4.tar.gz . [root@grinnell grouper]# gunzip grouper.psp-2.1.4.tar.gz [root@grinnell grouper]# tar xf grouper.psp-2.1.4.tar [root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/lib/custom/* /srv/grouper/grouper.api-2.1.4/lib/custom/ [root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/psp* /srv/grouper/grouper.api-2.1.4/conf/ [root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/ldap.properties /srv/grouper/grouper.api-2.1.4/conf/
Configure PSP
- Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/ldap.properties and update the values.
edu.vt.middleware.ldap.ldapUrl= edu.vt.middleware.ldap.bindDn= edu.vt.middleware.ldap.bindCredential= edu.vt.middleware.ldap.baseDn=dc=alaska,dc=edu edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=group,dc=alaska,dc=edu edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=alaska,dc=edu
- In the file /srv/grouper/grouper.api-2.1.4/conf/psp-services.xml, replace the Service element with id=ldap with the following:
<!-- commenting out <Service id="ldap" xsi:type="psp-ldap-target:LdapTarget" logSpml="true" ldapPoolId="ldap" ldapPoolIdSource="grouper"> <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. --> <ConfigurationResource file="/edu/internet2/middleware/psp/util/empty-bean.xml" xsi:type="resource:ClasspathResource" /> </Service> --> <Service id="ldap" xsi:type="psp-ldap-target:LdapTarget" logSpml="true" ldapPoolId="ldap" ldapPoolIdSource="spring"> <!- - A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. - -> <ConfigurationResource file="/psp-vt-ldap-1.xml" xsi:type="resource:ClasspathResource"> <ResourceFilter xsi:type="grouper:ClasspathPropertyReplacement" xmlns="urn:mace:shibboleth:2.0:resource" propertyFile="/ldap.properties" /> </ConfigurationResource> </Service>
- Create the file /srv/grouper/grouper.api-2.1.4/conf/psp-vt-ldap-1.xml with the following contents. Be sure to update the password. Also, note that this is connecting to the directory on grinnell using the non-SSL port 1389. If this was connecting to a directory on a remote machine, the SSL port should be used.
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/beans classpath:/schema/spring-beans-2.5.xsd http://www.springframework.org/schema/util classpath:/schema/spring-util-2.5.xsd"> <bean id="ldapFactory1" class="edu.vt.middleware.ldap.pool.DefaultLdapFactory" p:connectOnCreate="false"> <constructor-arg index="0" ref="ldapConfig1" /> </bean> <bean id="ldap" class="edu.vt.middleware.ldap.pool.SoftLimitLdapPool" init-method="initialize" p:blockWaitTime="1000"> <constructor-arg index="0"> <bean class="edu.vt.middleware.ldap.pool.LdapPoolConfig" p:minPoolSize="5" p:maxPoolSize="20" p:validatePeriodically="true" p:validateTimerPeriod="30000" p:expirationTime="600000" p:pruneTimerPeriod="60000" /> </constructor-arg> <constructor-arg index="1" ref="ldapFactory1" /> </bean> <bean id="ldapConfig1" class="edu.vt.middleware.ldap.LdapConfig" p:ldapUrl="ldap://localhost:1389" p:tls="${edu.vt.middleware.ldap.tls}" p:ssl="${edu.vt.middleware.ldap.ssl}" p:baseDn="${edu.vt.middleware.ldap.baseDn}" p:authtype="${edu.vt.middleware.ldap.authtype}" p:serviceUser="uid=grouper03,ou=resource,dc=alaska,dc=edu"> <property name="serviceCredential" value="<PASSWORD>" /> <property name="searchResultHandlers"> <list> <bean id="quotedDnSrh" class="edu.internet2.middleware.psp.ldap.QuotedDnResultHandler" /> <bean id="fqdnSrh" class="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler" /> <bean id="entryDnSrh" class="edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler" /> </list> </property> </bean> </beans>
- Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper-loader.properties and update the values. Properties need to be uncommented.
changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer changeLog.consumer.psp.quartzCron = 0 * * * * ? changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?
Restart Grouper Daemon
[root@grinnell ~]# cd /srv/grouper/grouper.api-2.1.4 [root@grinnell grouper.api-2.1.4]# ps -ef | grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper root 5226 5225 0 08:51 pts/3 00:00:22 java -Xms64m -Xmx750m -Dgrouper.home=/srv/grouper/grouper.api-2.1.4/ -classpath /srv/grouper/grouper.api-2.1.4/conf:/srv/grouper/grouper.api-2.1.4/dist/lib/grouper.jar:/srv/grouper/grouper.api-2.1.4/lib/grouper/*:/srv/grouper/grouper.api-2.1.4/lib/custom/*:/srv/grouper/grouper.api-2.1.4/lib/jdbcSamples/*:/srv/grouper/grouper.api-2.1.4/lib/ant/*:/srv/grouper/grouper.api-2.1.4/lib/test/*:/srv/grouper/grouper.api-2.1.4/dist/lib/test/*:/srv/grouper/grouper.api-2.1.4/src/resources: edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper -loader root 10073 5202 0 09:38 pts/3 00:00:00 grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper [root@grinnell grouper.api-2.1.4]# kill -9 5226 [root@grinnell grouper.api-2.1.4]# nohup ./bin/gsh.sh -loader & [1] 2217 [root@grinnell grouper.api-2.1.4]# nohup: ignoring input and appending output to `nohup.out'
Run Bulk Sync Manually
[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -psp -bulkSync ...