PSPInstall – Grouper

Context Navigation

Version 3 (modified by uaguest_SPatel1@…, 11 years ago) (diff)
--

This document explains the installation steps for the PSP. Here's an overview of how it was configured:

The PSP writes data to the directory installed on grinnell.
Group objects are created for each Grouper group (excluding the etc folder) in ou=grouper,ou=group,dc=alaska,dc=edu.
The "bushy" structure is used.

Prepare LDAP

Create the base DN that we're using to store groups in LDAP.

[oracle@grinnell ~]$ ldapmodify -a -h localhost -p 1389 -D "cn=directory manager" -W
Enter LDAP Password:
dn: ou=grouper,ou=group,dc=alaska,dc=edu
objectClass: organizationalUnit
ou: grouper
aci: (targetattr="*") (version 3.0; acl "Grouper Write Access";allow (add,delete,read,write,search,compare) (userdn="ldap:///uid=grouper03,ou=resource,dc=alaska,dc=edu" and ip="127.0.0.1");)

adding new entry "ou=grouper,ou=group,dc=alaska,dc=edu"

Install PSP

Download and copy the PSP to /tmp/ on grinnell. The tarball is located at http://www.internet2.edu/grouper/release/2.1.4/grouper.psp-2.1.4.tar.gz.

Extract and copy files. Note that we're using the generic LDAP example configuration as a starting point.

[root@grinnell ~]# cd /srv/grouper
[root@grinnell grouper]# ls
grouper.api-2.1.4  grouper.api-2.1.4.tar
[root@grinnell grouper]# mv /tmp/grouper.psp-2.1.4.tar.gz .
[root@grinnell grouper]# gunzip grouper.psp-2.1.4.tar.gz
[root@grinnell grouper]# tar xf grouper.psp-2.1.4.tar
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/lib/custom/* /srv/grouper/grouper.api-2.1.4/lib/custom/
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/psp* /srv/grouper/grouper.api-2.1.4/conf/
[root@grinnell grouper]# cp /srv/grouper/grouper.psp-2.1.4/conf/psp-example-grouper-to-ldap/ldap.properties /srv/grouper/grouper.api-2.1.4/conf/

Configure PSP

Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/ldap.properties and update the values.

edu.vt.middleware.ldap.ldapUrl=
edu.vt.middleware.ldap.bindDn=
edu.vt.middleware.ldap.bindCredential=
edu.vt.middleware.ldap.baseDn=dc=alaska,dc=edu
edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=group,dc=alaska,dc=edu
edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=alaska,dc=edu

In the file /srv/grouper/grouper.api-2.1.4/conf/psp-services.xml, replace the Service element with id=ldap with the following:

<!-- commenting out
  <Service
    id="ldap"
    xsi:type="psp-ldap-target:LdapTarget"
    logSpml="true"
    ldapPoolId="ldap"
    ldapPoolIdSource="grouper">
    <!-- A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. -->
    <ConfigurationResource
      file="/edu/internet2/middleware/psp/util/empty-bean.xml"
      xsi:type="resource:ClasspathResource" />
  </Service>
-->

  <Service
    id="ldap"
    xsi:type="psp-ldap-target:LdapTarget"
    logSpml="true"
    ldapPoolId="ldap"
    ldapPoolIdSource="spring">
    <!- - A <ConfigurationResource/> is required to instantiate the <Service/>, so supply a do-nothing resource. - ->
    <ConfigurationResource
      file="/psp-vt-ldap-1.xml"
      xsi:type="resource:ClasspathResource">
      <ResourceFilter
        xsi:type="grouper:ClasspathPropertyReplacement"
        xmlns="urn:mace:shibboleth:2.0:resource"
        propertyFile="/ldap.properties" />
    </ConfigurationResource>
  </Service>

Create the file /srv/grouper/grouper.api-2.1.4/conf/psp-vt-ldap-1.xml with the following contents. Be sure to update the password. Also, note that this is connecting to the directory on grinnell using the non-SSL port 1389. If this was connecting to a directory on a remote machine, the SSL port should be used.

<?xml version="1.0" encoding="UTF-8"?>

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:p="http://www.springframework.org/schema/p"
  xmlns:util="http://www.springframework.org/schema/util"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans classpath:/schema/spring-beans-2.5.xsd
    http://www.springframework.org/schema/util classpath:/schema/spring-util-2.5.xsd">

  <bean
    id="ldapFactory1"
    class="edu.vt.middleware.ldap.pool.DefaultLdapFactory"
    p:connectOnCreate="false">
    <constructor-arg
      index="0"
      ref="ldapConfig1" />
  </bean>

  <bean
    id="ldap"
    class="edu.vt.middleware.ldap.pool.SoftLimitLdapPool"
    init-method="initialize"
    p:blockWaitTime="1000">
    <constructor-arg index="0">
      <bean
        class="edu.vt.middleware.ldap.pool.LdapPoolConfig"
        p:minPoolSize="5"
        p:maxPoolSize="20"
        p:validatePeriodically="true"
        p:validateTimerPeriod="30000"
        p:expirationTime="600000"
        p:pruneTimerPeriod="60000" />
    </constructor-arg>
    <constructor-arg
      index="1"
      ref="ldapFactory1" />
  </bean>

  <bean
    id="ldapConfig1"
    class="edu.vt.middleware.ldap.LdapConfig"
    p:ldapUrl="ldap://localhost:1389"
    p:tls="${edu.vt.middleware.ldap.tls}"
    p:ssl="${edu.vt.middleware.ldap.ssl}"
    p:baseDn="${edu.vt.middleware.ldap.baseDn}"
    p:authtype="${edu.vt.middleware.ldap.authtype}"
    p:serviceUser="uid=grouper03,ou=resource,dc=alaska,dc=edu">
    <property
      name="serviceCredential"
      value="<PASSWORD>" />

    <property name="searchResultHandlers">
      <list>
        <bean
          id="quotedDnSrh"
          class="edu.internet2.middleware.psp.ldap.QuotedDnResultHandler" />
        <bean
          id="fqdnSrh"
          class="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler" />
        <bean
          id="entryDnSrh"
          class="edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler" />
      </list>
    </property>

  </bean>
</beans>

Find the following properties in /srv/grouper/grouper.api-2.1.4/conf/grouper-loader.properties and update the values. Properties need to be uncommented.

changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
changeLog.consumer.psp.quartzCron = 0 * * * * ?
changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?

Restart Grouper Daemon

[root@grinnell ~]# cd /srv/grouper/grouper.api-2.1.4
[root@grinnell grouper.api-2.1.4]# ps -ef | grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper
root      5226  5225  0 08:51 pts/3    00:00:22 java -Xms64m -Xmx750m -Dgrouper.home=/srv/grouper/grouper.api-2.1.4/ -classpath /srv/grouper/grouper.api-2.1.4/conf:/srv/grouper/grouper.api-2.1.4/dist/lib/grouper.jar:/srv/grouper/grouper.api-2.1.4/lib/grouper/*:/srv/grouper/grouper.api-2.1.4/lib/custom/*:/srv/grouper/grouper.api-2.1.4/lib/jdbcSamples/*:/srv/grouper/grouper.api-2.1.4/lib/ant/*:/srv/grouper/grouper.api-2.1.4/lib/test/*:/srv/grouper/grouper.api-2.1.4/dist/lib/test/*:/srv/grouper/grouper.api-2.1.4/src/resources: edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper -loader
root     10073  5202  0 09:38 pts/3    00:00:00 grep edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper
[root@grinnell grouper.api-2.1.4]# kill -9 5226
[root@grinnell grouper.api-2.1.4]# nohup ./bin/gsh.sh -loader &
[1] 2217
[root@grinnell grouper.api-2.1.4]# nohup: ignoring input and appending output to `nohup.out'

Run Bulk Sync Manually

[root@grinnell grouper.api-2.1.4]# ./bin/gsh.sh -psp -bulkSync
...

Download in other formats:

Plain Text