Grouper Developers Forum

[Chris Hyzer <>]

Hey,

 

Ive got a proof of concept in Grouper 2.0 of syncing groups across groupers incrementally:

 

https://spaces.internet2.edu/display/Grouper/Syncing+groups+between+group+management+systems

 

TODOs:

1.       Do the push and pull batch modes (cron)

2.       Make sure the grouperClient can communicate with past versions of grouper

3.       Implement this on the demo server

 

Here is the POC:

 

Add a group to grouper1

gsh 0% grouperSession = GrouperSession.startRootSession();

gsh 1% new GroupSave(grouperSession).assignName("aStem:anotherGroup").assignCreateParentStemsIfNotExist(true).save();

Add group to grouper 2

gsh 0% grouperSession = GrouperSession.startRootSession();

gsh 1% new GroupSave(grouperSession).assignName("aStem2:anotherGroup2").assignCreateParentStemsIfNotExist(true).save();

Test grouper1 with grouper client

C:\temp\grouperClient_v2_0>java -jar grouperClient.jar --operation=addMemberWs --groupName=aStem:anotherGroup --subjectIds=GrouperSystem

C:\temp\grouperClient_v2_0>java -jar grouperClient.jar --operation=getMembersWs --groupNames=aStem:anotherGroup

Test grouper2 with grouper client

C:\temp\grouperClient_v2_0>java -jar grouperClient.jar --operation=groupSaveWs --name=aStem2:anotherGroup2 --createParentStemsIfNotExist=true

C:\temp\grouperClient_v2_0>java -jar grouperClient.jar --operation=addMemberWs --groupName=aStem2:anotherGroup2 --subjectIds=GrouperSystem

C:\temp\grouperClient_v2_0>java -jar grouperClient.jar --operation=getMembersWs --groupNames=aStem2:anotherGroup2

Save this file into subjects.sql and run it to load test subjects

Create a connection from grouper1 to grouper2 in the grouper.properties

######################################

## Grouper client connections

## if this grouper needs to talk to another grouper, this is the client connection information

######################################

 

 

# id of the source, should match the part in the property name

grouperClient.localhostGrouper2.id = localhostGrouper2

 

# url of web service, should include everything up to the first resource to access

# e.g. https://groups.school.edu/grouperWs/servicesRest

grouperClient.localhostGrouper2.properties.grouperClient.webService.url = "http://localhost:8091/grouperWs2/servicesRest

 

# login ID

grouperClient.localhostGrouper2.properties.grouperClient.webService.login = GrouperSystem

 

# password for shared secret authentication to web service

# or you can put a filename with an encrypted password

grouperClient.localhostGrouper2.properties.grouperClient.webService.password = **********

 

# client version should match or be related to the server on the other end...

grouperClient.localhostGrouper2.properties.grouperClient.webService.client.version = v2_0_000

 

# the id of this source, generally the same as the name in the property name.  This is mandatory

grouperClient.localhostGrouper2.source.jdbc.id = jdbc

 

# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs,

# in this case, "jdbc", make sure it has no special chars.  sourceId can be blank if you dont want to specify

grouperClient.localhostGrouper2.source.jdbc.local.sourceId = jdbc

 

# this is the identifier that goes between them, it is "id" or an attribute name.  subjects without this attribute will not be processed

grouperClient.localhostGrouper2.source.jdbc.local.read.subjectId = id

 

# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"

grouperClient.localhostGrouper2.source.jdbc.remote.write.subjectId = idOrIdentifier

 

# if subjects are external and should be created if not exist

#grouperClient.someOtherSchool.source.jdbc.addExternalSubjectIfNotFound = true

 

 

 

 

######################################

## Sync to/from another grouper

######################################

 

# we need to know where our

# connection name in grouper client connections above

syncAnotherGrouper.anotherGroup.connectionName = localhostGrouper2

 

# incremental  or  push  or   pull  or  incremental_push.  Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise)

syncAnotherGrouper.anotherGroup.syncType = incremental_push

 

# quartz cron  to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily)

#syncAnotherGrouper.testGroup0.cron =  0 0 5 * * ?

 

# local group which is being synced

syncAnotherGrouper.anotherGroup.local.groupName = aStem:anotherGroup

 

# remote group at another grouper which is being synced

syncAnotherGrouper.anotherGroup.remote.groupName = aStem2:anotherGroup2

 

 

Make sure the new default change log consumer is in the grouper-loader.properties

changeLog.consumer.syncGroups.class = edu.internet2.middleware.grouper.client.GroupSyncConsumer

changeLog.consumer.syncGroups.quartzCron =

Add a member to grouper1 in the group configured:

gsh 12% addMember("aStem:anotherGroup", "bawi");

true

See the web service call go to grouper2:

<WsRestAddMemberRequest>

  <wsGroupLookup>

   <groupName>aStem2:anotherGroup2</groupName>

  </wsGroupLookup>

  <subjectLookups>

   <WsSubjectLookup>

    <subjectId>bawi</subjectId>

    <subjectIdentifier>bawi</subjectIdentifier>

   </WsSubjectLookup>

  </subjectLookups>

</WsRestAddMemberRequest>

Check grouper2 for the member in the remote group name

gsh 2% hasMember("aStem2:anotherGroup2", "bawi")

true

Delete it from the original

gsh 13% delMember("aStem:anotherGroup", "bawi");

See the XML

<WsRestDeleteMemberRequest>

  <wsGroupLookup>

    <groupName>aStem2:anotherGroup2</groupName>

  </wsGroupLookup>

  <subjectLookups>

    <WsSubjectLookup>

      <subjectId>bawi</subjectId>

      <subjectIdentifier>bawi</subjectIdentifier>

    </WsSubjectLookup>

  </subjectLookups>

</WsRestDeleteMemberRequest>

Check grouper2 for the member in the remote group name

gsh 3% hasMember("aStem2:anotherGroup2", "bawi")

false

 

Regards,

Chris