wiki:PSPInstall
Last modified 12 years ago Last modified on 06/09/13 11:11:08

This document explains the installation steps for the PSP. Here's an overview of how it was configured:

  1. The PSP writes data to the directory installed on grinnell.
  2. Group objects are created for each Grouper group (excluding the etc folder) in ou=grouper,ou=group,dc=alaska,dc=edu. The description attribute is populated for groups and folders. And the member attribute is populated for groups and contains the DN of members.
  3. The "bushy" structure is used.
  4. Incremental and bulk sync is configured.

Prepare LDAP

  1. Create the base DN that we're using to store groups in LDAP. Note that a new ACL is added which gives the grouper user full access over ou=grouper.
[oracle@grinnell ~]$ ldapmodify -a -h localhost -p 1389 -D "cn=directory manager" -W
Enter LDAP Password:
dn: ou=grouper,ou=group,dc=alaska,dc=edu
objectClass: organizationalUnit
ou: grouper
aci: (targetattr="*") (version 3.0; acl "Grouper Write Access";allow (add,delete,read,write,search,compare) (userdn="ldap:///uid=grouper03,ou=resource,dc=alaska,dc=edu" and ip="127.0.0.1");)

adding new entry "ou=grouper,ou=group,dc=alaska,dc=edu"

Install PSP

  1. Download and copy the PSP to /tmp/ on grinnell. The tarball is located at http://www.internet2.edu/grouper/release/2.1.4/grouper.psp-2.1.4.tar.gz.
  1. Extract and copy files. Note that we're using the generic LDAP example configuration as a starting point.
[root@grinnell ~]# cd /srv/grouper
[root@grinnell grouper]# ls
grouper.api-2.1.4  grouper.api-2.1.4.tar
[root@grinnell grouper]# mv /tmp/grouper.psp-2.1.4.tar.gz .
[root@grinnell grouper]# gunzip grouper.psp-2.1.4.tar.gz
[root@grinnell grouper]# tar xf grouper.psp-2.1.4.tar
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/lib/custom/* /srv/grouper/grouper.api-2.1.4/lib/custom/
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/psp* /srv/grouper/grouper.api-2.1.4/conf/
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/ldap.properties /srv/grouper/grouper.api-2.1.4/conf/

Configure PSP

  1. Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/ldap.properties and update the values.
edu.vt.middleware.ldap.ldapUrl=
edu.vt.middleware.ldap.bindDn=
edu.vt.middleware.ldap.bindCredential=
edu.vt.middleware.ldap.baseDn=dc=alaska,dc=edu
edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=group,dc=alaska,dc=edu
edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=alaska,dc=edu
  1. In the file /srv/grouper/grouper.api-2.1.4/conf/psp-services.xml, replace the Service element with id=ldap with the following:
<!-- commenting out
  <Service
    id="ldap"
    xsi:type="psp-ldap-target:LdapTarget"
    logSpml="true"
    ldapPoolId="ldap"
    ldapPoolIdSource="grouper">
    <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. -->
    <ConfigurationResource
      file="/edu/internet2/middleware/psp/util/empty-bean.xml"
      xsi:type="resource:ClasspathResource" />
  </Service>
-->

  <Service
    id="ldap"
    xsi:type="psp-ldap-target:LdapTarget"
    logSpml="true"
    ldapPoolId="ldap"
    ldapPoolIdSource="spring">
    <!- - A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. - ->
    <ConfigurationResource
      file="/psp-vt-ldap-1.xml"
      xsi:type="resource:ClasspathResource">
      <ResourceFilter
        xsi:type="grouper:ClasspathPropertyReplacement"
        xmlns="urn:mace:shibboleth:2.0:resource"
        propertyFile="/ldap.properties" />
    </ConfigurationResource>
  </Service>
  1. Create the file /srv/grouper/grouper.api-2.1.4/conf/psp-vt-ldap-1.xml with the following contents. Be sure to update the password. Also, note that this is connecting to the directory on grinnell using the non-SSL port 1389. If this was connecting to a directory on a remote machine, the SSL port should be used.
<?xml version="1.0" encoding="UTF-8"?>

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:p="http://www.springframework.org/schema/p"
  xmlns:util="http://www.springframework.org/schema/util"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans classpath:/schema/spring-beans-2.5.xsd
    http://www.springframework.org/schema/util classpath:/schema/spring-util-2.5.xsd">

  <bean
    id="ldapFactory1"
    class="edu.vt.middleware.ldap.pool.DefaultLdapFactory"
    p:connectOnCreate="false">
    <constructor-arg
      index="0"
      ref="ldapConfig1" />
  </bean>

  <bean
    id="ldap"
    class="edu.vt.middleware.ldap.pool.SoftLimitLdapPool"
    init-method="initialize"
    p:blockWaitTime="1000">
    <constructor-arg index="0">
      <bean
        class="edu.vt.middleware.ldap.pool.LdapPoolConfig"
        p:minPoolSize="5"
        p:maxPoolSize="20"
        p:validatePeriodically="true"
        p:validateTimerPeriod="30000"
        p:expirationTime="600000"
        p:pruneTimerPeriod="60000" />
    </constructor-arg>
    <constructor-arg
      index="1"
      ref="ldapFactory1" />
  </bean>

  <bean
    id="ldapConfig1"
    class="edu.vt.middleware.ldap.LdapConfig"
    p:ldapUrl="ldap://localhost:1389"
    p:tls="${edu.vt.middleware.ldap.tls}"
    p:ssl="${edu.vt.middleware.ldap.ssl}"
    p:baseDn="${edu.vt.middleware.ldap.baseDn}"
    p:authtype="${edu.vt.middleware.ldap.authtype}"
    p:serviceUser="uid=grouper03,ou=resource,dc=alaska,dc=edu">
    <property
      name="serviceCredential"
      value="<PASSWORD>" />

    <property name="searchResultHandlers">
      <list>
        <bean
          id="quotedDnSrh"
          class="edu.internet2.middleware.psp.ldap.QuotedDnResultHandler" />
        <bean
          id="fqdnSrh"
          class="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler" />
        <bean
          id="entryDnSrh"
          class="edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler" />
      </list>
    </property>

  </bean>
</beans>
  1. Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper-loader.properties and update the values. Properties need to be uncommented.
changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
changeLog.consumer.psp.quartzCron = 0 * * * * ?
changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?

Restart Grouper Daemon

[root@grinnell ~]# cd /srv/grouper/grouper.api-2.1.4
[root@grinnell grouper.api-2.1.4]# ps -ef | grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper
root      5226  5225  0 08:51 pts/3    00:00:22 java -Xms64m -Xmx750m -Dgrouper.home=/srv/grouper/grouper.api-2.1.4/ -classpath /srv/grouper/grouper.api-2.1.4/conf:/srv/grouper/grouper.api-2.1.4/dist/lib/grouper.jar:/srv/grouper/grouper.api-2.1.4/lib/grouper/*:/srv/grouper/grouper.api-2.1.4/lib/custom/*:/srv/grouper/grouper.api-2.1.4/lib/jdbcSamples/*:/srv/grouper/grouper.api-2.1.4/lib/ant/*:/srv/grouper/grouper.api-2.1.4/lib/test/*:/srv/grouper/grouper.api-2.1.4/dist/lib/test/*:/srv/grouper/grouper.api-2.1.4/src/resources: edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper -loader
root     10073  5202  0 09:38 pts/3    00:00:00 grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper
[root@grinnell grouper.api-2.1.4]# kill -9 5226
[root@grinnell grouper.api-2.1.4]# nohup ./bin/gsh.sh -loader &
[1] 2217
[root@grinnell grouper.api-2.1.4]# nohup: ignoring input and appending output to `nohup.out'

Run Bulk Sync Manually

[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -psp -bulkSync
...