Grouper Developers Forum

[Tom Zeller <>]

This is my AI from the grouper-dev calls to describe the refactoring
and renaming of the provisioning code.

- Project Naming

"Ldappc", the ldap provisioning connector, was developed up to version 1.5.

"Ldappcng", the ldap provisioning connector new/next generation,
appeared in version 1.6. Previous to ldappcng, I had worked on
provisioning code at Memphis which was based on spmlv1. Since spmlv2
supported group memberships (in the form of references), the idea was
to write an spmlv2 provisioning service provider for grouper.

As a new code base, ldappcng was distinct from ldappc. I was never
sure that the ldappcng moniker would stick, so I retained "ldappc" in
java packages and xml schemas, thinking that ldappcng code would
replace the ldappc code. Adding to the confusion, some configuration
files for ldappcng were prefixed with "ldappc" (like the shibboleth
attribute resolver integration, since it could also be used by
ldappc), others "ldappcng".

As of version 2.1.0, the words "ldappc" and "ldappcng" will have been
replaced with "psp" in java code, xml schemas, and configuration
files. Psp is an acronym for provisioning service provider from the
spmlv2 specification. Since "ldappc" and "ldappcng" have been replaced
with "psp", configuration files for versions previous to 2.1.0 will no
longer work in 2.1.0. The changes are straightfoward and documenting
these changes is on my list. It is perhaps appropriate to move past
"ldappcng" since a target other than ldap (in this case, grouper) will
be available for the first time.

So, psp, appearing in 2.1.0, is ldappcng refactored.

- Java Package Naming

The following are java package names and a brief description (which
should be in package-info.java as well) :

 edu.internet2.middleware.psp
  the provisioning engine (Psp.java)

 edu.internet2.middleware.psp.shibboleth
  attribute resolver extension classes

 edu.internet2.middleware.psp.spring
  shibboleth v2 spring wiring

 edu.internet2.middleware.psp.spml
  extensions to the spmlv2 toolkit

 edu.internet2.middleware.psp.grouper
  grouper source and target

 edu.internet2.middleware.psp.ldap
  ldap target

- Source Code Repository

The refactored java code has been moved to a new maven multi-module
project and repository "java-provisioning-provider". I tried to follow
shibboleth idpv3 conventions where possible, minus separate -api and
-impl modules.

 
http://anonsvn.internet2.edu/viewvc/viewvc.py/i2mi/java-provisioning-provider/trunk/

- Module Names

I hope that the module names are descriptive :

psp
psp-distribution
psp-distribution-for-grouper
psp-example-grouper-to-ldap
psp-example-grouper-to-openldap
psp-example-grouper-to-openldap-memberof
psp-grouper-changelog
psp-grouper-ldap
psp-grouper-source
psp-grouper-target
psp-ldap-target
psp-parent

The "psp-grouper-ldap" module is probably named the worst, perhaps it
should be "psp-grouper-ldap-integration". It contains the shibboleth
attribute resolver extensions which transform grouper names (e.g.
edu:stem:group) to ldap DNs (e.g. cn=group,ou=stem,dc=edu).

The "psp-example-*" modules contain junit tests, and the configuration
files (in src/test/resources) will be included as examples in the
distribution (created by psp-distribution-for-grouper) which will
comprise the software that folks will download to drop into grouper.

There is no psp-ldap-source module since the ldap data connector
supplied with shibboleth is adequate. The grouper data connector
plugin to shibboleth (grouper-shib) is required for provisioning but I
should probably remain in the grouper codebase.

- Examples, Tests, and Grouper Demo OpenLDAP

Although not currently complete, I have attempted to mirror the
psp-example-* modules to the grouperdemo ldap server to provide
examples for the real-time provisioning beta testers. In general there
are two styles for management of the memberOf attribute, automatic
(Active Directory, OpenLDAP+memberof overlay) and manual
(OpenLDAP-memberof overlay).

The grouperdemo openldap DIT looks like :

dc=grouperdemo,dc=internet2,dc=edu
  ou=2.1.0-SNAPSHOT
    ou=psp-example-grouper-to-ldap
      ou=people
      ou=groups
    ou=psp-example-grouper-to-openldap
      ou=people
      ou=groups
    ou=psp-example-grouper-to-openldap-memberof
      ou=people
      ou=groups

If this wraps awkwardly in your mail reader, check out :

 http://grouperdemo.internet2.edu/phpldapadmin

I am thinking that there will be an OU for each version of grouper,
and under each version OU there will be a child OU corresponding to
each of the psp-example-* modules.

It may be interesting to provision from ldap to grouper on grouperdemo as 
well.

- Thanks

Thanks for reading this far. You may be wondering, so what is this
thing called now ? I am leaving that as a variable.

TomZ