Changes between Initial Version and Version 1 of PSPInstall

Timestamp:

06/09/13 09:32:12 (11 years ago)

Author:

uaguest_SPatel1@…

Comment:

--

PSPInstall

@@ +1 @@
+This document explains the installation steps for the PSP.  Here's an overview of how it was configured:
+
+1.  The PSP writes data to the directory installed on grinnell.
+2.  Group objects are created for each Grouper group (excluding the etc folder) in ou=grouper,ou=groups,dc=alaska,dc=edu.
+3.  The "bushy" structure is used.
+
+
+== Install PSP ==
+
+1.  Download and copy the PSP to /tmp/ on grinnell. The tarball is located at  http://www.internet2.edu/grouper/release/2.1.4/grouper.psp-2.1.4.tar.gz.
+
+2.  Extract and copy files.  Note that we're using the generic LDAP example configuration as a starting point.
+
+{{{
+[root@grinnell ~]# cd /srv/grouper
+[root@grinnell grouper]# ls
+grouper.api-2.1.4  grouper.api-2.1.4.tar
+[root@grinnell grouper]# mv /tmp/grouper.psp-2.1.4.tar.gz .
+[root@grinnell grouper]# gunzip grouper.psp-2.1.4.tar.gz
+[root@grinnell grouper]# tar xf grouper.psp-2.1.4.tar
+[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/lib/custom/* /srv/grouper/grouper.api-2.1.4/lib/custom/
+[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/psp* /srv/grouper/grouper.api-2.1.4/conf/
+[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/ldap.properties /srv/grouper/grouper.api-2.1.4/conf/
+}}}
+
+== Configure PSP ==
+
+1.  Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/ldap.properties and update the values.
+
+{{{
+edu.vt.middleware.ldap.ldapUrl=
+edu.vt.middleware.ldap.bindDn=
+edu.vt.middleware.ldap.bindCredential=
+edu.vt.middleware.ldap.baseDn=dc=alaska,dc=edu
+edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=groups,dc=alaska,dc=edu
+edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=alaska,dc=edu
+}}}
+
+2.  In the file /srv/grouper/grouper.api-2.1.4/conf/psp-services.xml, replace the Service element with id=ldap with the following:
+
+{{{
+<!-- commenting out
+  <Service
+    id="ldap"
+    xsi:type="psp-ldap-target:LdapTarget"
+    logSpml="true"
+    ldapPoolId="ldap"
+    ldapPoolIdSource="grouper">
+    <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. -->
+    <ConfigurationResource
+      file="/edu/internet2/middleware/psp/util/empty-bean.xml"
+      xsi:type="resource:ClasspathResource" />
+  </Service>
+-->
+
+  <Service
+    id="ldap"
+    xsi:type="psp-ldap-target:LdapTarget"
+    logSpml="true"
+    ldapPoolId="ldap"
+    ldapPoolIdSource="spring">
+    <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. -->
+    <ConfigurationResource
+      file="/psp-vt-ldap-1.xml"
+      xsi:type="resource:ClasspathResource">
+      <ResourceFilter
+        xsi:type="grouper:ClasspathPropertyReplacement"
+        xmlns="urn:mace:shibboleth:2.0:resource"
+        propertyFile="/ldap.properties" />
+    </ConfigurationResource>
+  </Service>
+}}}
+
+3.  Create the file /srv/grouper/grouper.api-2.1.4/conf/psp-vt-ldap-1.xml with the following contents.  Be sure to update the password.  Also, note that this is connecting to the directory on grinnell using the non-SSL port 1389.  If this was connecting to a directory on a remote machine, the SSL port should be used.
+
+{{{
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans
+  xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:p="http://www.springframework.org/schema/p"
+  xmlns:util="http://www.springframework.org/schema/util"
+  xsi:schemaLocation="
+    http://www.springframework.org/schema/beans classpath:/schema/spring-beans-2.5.xsd
+    http://www.springframework.org/schema/util classpath:/schema/spring-util-2.5.xsd">
+
+  <bean
+    id="ldapFactory1"
+    class="edu.vt.middleware.ldap.pool.DefaultLdapFactory"
+    p:connectOnCreate="false">
+    <constructor-arg
+      index="0"
+      ref="ldapConfig1" />
+  </bean>
+
+  <bean
+    id="ldap"
+    class="edu.vt.middleware.ldap.pool.SoftLimitLdapPool"
+    init-method="initialize"
+    p:blockWaitTime="1000">
+    <constructor-arg index="0">
+      <bean
+        class="edu.vt.middleware.ldap.pool.LdapPoolConfig"
+        p:minPoolSize="5"
+        p:maxPoolSize="20"
+        p:validatePeriodically="true"
+        p:validateTimerPeriod="30000"
+        p:expirationTime="600000"
+        p:pruneTimerPeriod="60000" />
+    </constructor-arg>
+    <constructor-arg
+      index="1"
+      ref="ldapFactory1" />
+  </bean>
+
+  <bean
+    id="ldapConfig1"
+    class="edu.vt.middleware.ldap.LdapConfig"
+    p:ldapUrl="ldap://localhost:1389"
+    p:tls="${edu.vt.middleware.ldap.tls}"
+    p:ssl="${edu.vt.middleware.ldap.ssl}"
+    p:baseDn="${edu.vt.middleware.ldap.baseDn}"
+    p:authtype="${edu.vt.middleware.ldap.authtype}"
+    p:serviceUser="uid=grouper03,ou=resource,dc=alaska,dc=edu">
+    <property
+      name="serviceCredential"
+      value="<PASSWORD>" />
+
+    <property name="searchResultHandlers">
+      <list>
+        <bean
+          id="quotedDnSrh"
+          class="edu.internet2.middleware.psp.ldap.QuotedDnResultHandler" />
+        <bean
+          id="fqdnSrh"
+          class="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler" />
+        <bean
+          id="entryDnSrh"
+          class="edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler" />
+      </list>
+    </property>
+
+  </bean>
+</beans>
+}}}