Grouper Developers Forum

[Tom Barton <>]

Chris,

I think there are already a number of ways that grouper tools can be 
used to solve this type of integration problem. I wonder if what we more 
urgently need are pages in the wiki illustrating examples of how they 
can be used. For example, use gsh or grouper web services to pull groups 
marked with a mail list attribute and update a mail list manager with them.

We'd make the interfaces we already have better suited to provisioning 
if the core API can provide incremental changes. That's in line with the 
Notification roadmap item.

But this reminds me - is the grouper loader wiki page all set for 1.4.0? 
I think it's currently under U Penn's contribution page. Should it stay 
there?

Thanks,
Tom

Chris Hyzer wrote:
> Hey,
>
>  
>
> For 1.5 I was thinking of having a loader that syncs up groups with 
> email lists.
>
> Basically I was thinking it would be very simple, but would be nice for 
> Grouper to support this (well, really just provide an example).
>
>  
>
> Here is how it could work:
>
>  
>
> 1.       Groups synced to mail lists would have a type and attribute: 
> grouperMailList (type), grouperMailListName(attribute), value is the 
> mail list alias
>
> 2.       The loader would periodically (default is daily?) process all 
> the mail list types, and would probably just make new lists each time 
> (keep it simple at first) if the group membership has changed since the 
> last loader run
>
> 3.       I would assume either you use sympa, or you can make scripts to 
> import data in this format into your mail server
>
> http://www.sympa.org/manual/database#importing_data_from_a_text_file
>
> 4.       The loader will get all the users in the group, then it needs 
> to get the email address somehow.  I think this part can be a hook or a 
> subject attribute.  If hook, you need to implement how to go from 
> subjectId to email address (or maybe 100 subjectIds to 100 email 
> addresses J ).  It could also be a query you configure in your 
> properties file (and put a link in your grouper DB to your IDM DM)
>
> 5.       Then grouper would make the textfield, and run two commands.  
> One to copy the file to another server, and one to load it into your 
> DB.  At penn, our grouper server is not our mail list server, so I was 
> thinking I would just have a command use public key SSH so Grouper 
> thinks it is running a command, but really it is running it on another 
> server.  I can show you this part later… but if both servers are unix 
> (or have SSH support), it should be easy
>
> 6.       Then, we could also have a membership hook which makes this 
> happen more real-time.  So if a membership in a mail group is changed, 
> it will cause the mail list to be changed quicker than daily (maybe for 
> UI it is immediate, but for LOADER/WS it is 2 minutes delayed?)
>
>  
>
> Again, if you are using a different mail server than sympa, no problem, 
> the just configure a script that takes data in the above format (email 
> address space name), and it will work fine.
>
>  
>
> I made this jira issue: https://bugs.internet2.edu/jira/browse/GRP-181
>
>  
>
> Also note, this architecture could easily be used for other things… e.g. 
> website ACLs where you need a group with a list of id’s, and an apache 
> plugin that takes those id’s and handles the authorization…  or it could 
> be a “pull” where we give a component (like the web service client in 
> the grouper-ws-test project) which will get the new list, perhaps only 
> if it has changed…
>
>  
>
> Thoughts?
>
> Chris

begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technologies
email;internet:
title:Sr. Director for Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard