This document explains the installation steps for the PSP.  Here's an overview of how it was configured:

1.  The PSP writes data to the directory installed on grinnell.
2.  Group objects are created for each Grouper group (excluding the etc folder) in ou=grouper,ou=groups,dc=alaska,dc=edu.
3.  The "bushy" structure is used.


== Install PSP ==

1.  Download and copy the PSP to /tmp/ on grinnell. The tarball is located at  http://www.internet2.edu/grouper/release/2.1.4/grouper.psp-2.1.4.tar.gz.

2.  Extract and copy files.  Note that we're using the generic LDAP example configuration as a starting point.

{{{
[root@grinnell ~]# cd /srv/grouper
[root@grinnell grouper]# ls
grouper.api-2.1.4  grouper.api-2.1.4.tar
[root@grinnell grouper]# mv /tmp/grouper.psp-2.1.4.tar.gz .
[root@grinnell grouper]# gunzip grouper.psp-2.1.4.tar.gz
[root@grinnell grouper]# tar xf grouper.psp-2.1.4.tar
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/lib/custom/* /srv/grouper/grouper.api-2.1.4/lib/custom/
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/psp* /srv/grouper/grouper.api-2.1.4/conf/
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/ldap.properties /srv/grouper/grouper.api-2.1.4/conf/
}}}

== Configure PSP ==

1.  Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/ldap.properties and update the values.

{{{
edu.vt.middleware.ldap.ldapUrl=
edu.vt.middleware.ldap.bindDn=
edu.vt.middleware.ldap.bindCredential=
edu.vt.middleware.ldap.baseDn=dc=alaska,dc=edu
edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=groups,dc=alaska,dc=edu
edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=alaska,dc=edu
}}}

2.  In the file /srv/grouper/grouper.api-2.1.4/conf/psp-services.xml, replace the Service element with id=ldap with the following:

{{{
<!-- commenting out
  <Service
    id="ldap"
    xsi:type="psp-ldap-target:LdapTarget"
    logSpml="true"
    ldapPoolId="ldap"
    ldapPoolIdSource="grouper">
    <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. -->
    <ConfigurationResource
      file="/edu/internet2/middleware/psp/util/empty-bean.xml"
      xsi:type="resource:ClasspathResource" />
  </Service>
-->

  <Service
    id="ldap"
    xsi:type="psp-ldap-target:LdapTarget"
    logSpml="true"
    ldapPoolId="ldap"
    ldapPoolIdSource="spring">
    <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. -->
    <ConfigurationResource
      file="/psp-vt-ldap-1.xml"
      xsi:type="resource:ClasspathResource">
      <ResourceFilter
        xsi:type="grouper:ClasspathPropertyReplacement"
        xmlns="urn:mace:shibboleth:2.0:resource"
        propertyFile="/ldap.properties" />
    </ConfigurationResource>
  </Service>
}}}

3.  Create the file /srv/grouper/grouper.api-2.1.4/conf/psp-vt-ldap-1.xml with the following contents.  Be sure to update the password.  Also, note that this is connecting to the directory on grinnell using the non-SSL port 1389.  If this was connecting to a directory on a remote machine, the SSL port should be used.

{{{
<?xml version="1.0" encoding="UTF-8"?>

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:p="http://www.springframework.org/schema/p"
  xmlns:util="http://www.springframework.org/schema/util"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans classpath:/schema/spring-beans-2.5.xsd
    http://www.springframework.org/schema/util classpath:/schema/spring-util-2.5.xsd">

  <bean
    id="ldapFactory1"
    class="edu.vt.middleware.ldap.pool.DefaultLdapFactory"
    p:connectOnCreate="false">
    <constructor-arg
      index="0"
      ref="ldapConfig1" />
  </bean>

  <bean
    id="ldap"
    class="edu.vt.middleware.ldap.pool.SoftLimitLdapPool"
    init-method="initialize"
    p:blockWaitTime="1000">
    <constructor-arg index="0">
      <bean
        class="edu.vt.middleware.ldap.pool.LdapPoolConfig"
        p:minPoolSize="5"
        p:maxPoolSize="20"
        p:validatePeriodically="true"
        p:validateTimerPeriod="30000"
        p:expirationTime="600000"
        p:pruneTimerPeriod="60000" />
    </constructor-arg>
    <constructor-arg
      index="1"
      ref="ldapFactory1" />
  </bean>

  <bean
    id="ldapConfig1"
    class="edu.vt.middleware.ldap.LdapConfig"
    p:ldapUrl="ldap://localhost:1389"
    p:tls="${edu.vt.middleware.ldap.tls}"
    p:ssl="${edu.vt.middleware.ldap.ssl}"
    p:baseDn="${edu.vt.middleware.ldap.baseDn}"
    p:authtype="${edu.vt.middleware.ldap.authtype}"
    p:serviceUser="uid=grouper03,ou=resource,dc=alaska,dc=edu">
    <property
      name="serviceCredential"
      value="<PASSWORD>" />

    <property name="searchResultHandlers">
      <list>
        <bean
          id="quotedDnSrh"
          class="edu.internet2.middleware.psp.ldap.QuotedDnResultHandler" />
        <bean
          id="fqdnSrh"
          class="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler" />
        <bean
          id="entryDnSrh"
          class="edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler" />
      </list>
    </property>

  </bean>
</beans>
}}}