Skip to Content.
Sympa Menu

grouper-study - RE: Grouper Real-time Loader

Subject: grouper-study

List archive

RE: Grouper Real-time Loader


Chronological Thread 
  • From: "Coleman, Erik C" <>
  • To: Gail H Lift <>
  • Cc: "" <>
  • Subject: RE: Grouper Real-time Loader
  • Date: Tue, 28 Nov 2017 20:01:29 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.umich.edu; iprev=pass policy.iprev=192.17.82.72 (pps05.cites.illinois.edu); spf=pass ; dkim=none; dmarc=bestguesspass ; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; d=umich.edu; s=arc-2017-08-04; t=1511899298; c=relaxed/relaxed; bh=FTZgv6A+3PsSrwxkee59NaeihrEJ+FY4eFio4oe8sCU=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=FoirQB0CUf7BMRIYBUvYfwG3kDWRgpETUQndWZfasvtxhA2Y115RfO6xoqvXx2n5zjRaVi6241mq3p0XYNmCLnBACM0gqPZzDVBGnZDzeWyxniCFOssG5Var+eWejqZ5p5O3R+TR8kt//poYLipM7BtrvZ5vBxh+8ZYlp6qsQIsHd2Zbu92L9xapG8+u8BNE7eyLcUFiGOlGo5/lGHiZQMgZvBXkm7mPqQ2tyu9Uwy8UrwzLXr4oA7t5xCF3w17jSdKRpjBLNywJyx9xvnW01s2NYpuRoqXEeq0sb5E9HCYVVKclxXGr3zhfFIZEEwtVNCteGD679a5VzEpdVs4I7g==
  • Arc-seal: i=1; a=rsa-sha256; d=umich.edu; s=arc-2017-08-04; t=1511899298; cv=none; b=MTA3XQ7RNwPckaOFrWsqzoKwfzqCVCQy+FFIBFwPiSHn+iQ+I+8pkIYoZviBkkPl8anfID5ijZrhK2Pox0g+lAk7lVFXkpJUqNxjWWQVfshcKvlXV3YDfDbJJxUC3Fw+zUgEXSgmOd5G+3vYY0d+5L84FpcvlS/STRay7tAMihzWlewMnFFWdLNZuKccbHV/wFb3F5R+Zj378U91NMYfJ2mBhw33H/qz3XlQIAzPA/e0SqcAKR+idS4C1AbbekxSH0ptlJLcC8RmHsARhK8fHzOugGW/PRXB3KUI60k+08e++rldLovlyrGX5SIrswAag6y2foQj2ZXt8cYG5RKk/Q==
  • Ironport-phdr: 9a23:f0MbZhH2GYnE9IcCIDPstJ1GYnF86YWxBRYc798ds5kLTJ7zrsywAkXT6L1XgUPTWs2DsrQf2rqQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOT4n/m/Klsx+gqFVoByjqBx+34Hbb5qYO+Bicq/BZ94WWXZNU8RXWidcAo28dYwPD+8ZMOpWsYT9oF8OogW7BQa2AuPj0iJDiHDs3a070OQqDB/L0AI9FN8JrnvbsMn6ObwTUeCxyKnIzDPDb/RX2Tfm8oTHbA0uoeyVUL92bMHfx04vFwbfgVWRr4zoJzKV1uIRs2eF9epgU/ygi3I5pw1rvDeg29osh4/UjYwW0lDJ7St0zYYvKdGlSUN3f8SoHZtUui2ANIZ7QdsuTmBntSog1LEKp4S3cDUJxZg73RLTdvyKfoaQ7h7+UOudPy10iG9ndb6lmRq+7FasxvfiWsWo01tHqDdOnMPWuXAXzRPT79CKSvtj8Uel3jaCzxjT5f9eLk8olarXMoUhwr4xlpoVsETDETX5mED3jKOMaEok9fKo5Pr8YrX9vJOTLZV4igTkPaQvnsyzG/k4Mg0PX2eH+eSwzqPs8lDkQLlSj/02lLfWsIzCKMkVpqO1GRJZ34c95xqlDzqr1M4UkHoEIV5dfRKIlYnpO1XAIPDiCve/hkyhnytwx/DeJLHhGYnNLmXen7bhZ7p95FRcyA0uzdBH+Z1UEKgNL+zpWk/rs9zYFAQ5Phepw+biCdVyyoMeVXiRDaCELaPeqUWI6f43I+mQeI8Vvy7wK/c/5/7pkH85gUESfbOw0ZsMdHC4A+lpIkWCbHrog9cBCnsKvhEgQODwiV2CVyJTaGioX6I6+D47FJyqAZ3dSY+wnbzSlBu8S7JfZ2QOKhioEHn0P9GLW/MkdSeTKc8nnzAZA+uPUYgkgFuFswv3zrNhaqL54Cwb/bmpnIx47Ob7lBU29DpzDt/b3m2QGTIn1lgUTiM7ifgs6Xd2zU2OhPB1

Hi Gail,

 

Yea, I’m still wringing my hands over this—on the one hand I see the potential for performance improvement on the LDAP side, particularly if it could leverage a simple LDAP changelog, rather than a full sync. But on the other, I see an advantage over doing the SQL query instead of LDAP, which we could do in the form of a query to our ‘data warehouse’ of Banner identities. Unfortunately, this excludes a good chunk of our affiliate users (non-student, non-staff), so it’s not a clean break.

 

Further, even if they fix the loader on the LDAP side, I still face the outbound PSPNG connector being the bottleneck syncing those group objects back into our target directory. I’m not convinced that is being done most-efficiently either, particularly for large groups. A message queue may be the answer there.

 

I plan to do some more prototyping later this week with Ester, who is our resident data warehouse guru, to see if switching to SQL-based loader jobs is a viable path. But I will still gladly support and co-sign any such joint request.

 

-Erik

 

 

 

From: Gail H Lift [mailto:]
Sent: Tuesday, November 28, 2017 12:19
To: Coleman, Erik C <>
Cc:
Subject: Re: Grouper Real-time Loader

 

Michigan also has an LDAP primary subject source, with affiliation-related person data changing throughout the day. We have the same concerns about prioritization and queueing of jobs. We are concerned about load, and whether jobs would be re-triggered multiple times while still running. This could also result in provisioning delays.

 

Our IAM system is event-driven. We could easily send changed subject data to grouper in real time.

 

This page:

says 

"Support for LDAP jobs is minimal right now.  If a message is added to the message queue for an LDAP job, a full sync is simply performed.  If you plan to use this feature and would like to see this improved, please contact the Grouper Team."

 

Perhaps we should make a joint request?

 

 

On Thu, Nov 16, 2017 at 10:34 AM, Coleman, Erik C <> wrote:

Bert was promoting the real-time loader in the last conference call, so I’m starting to play around with it. I see already that it is primarily designed for SQL loader jobs not LDAP jobs, but our primary subject source is LDAP-based.  What sort of options do I have for improving our automatic LDAP-based loader processes? We have hundreds of groups, several with up to 100K+ members, and we have a concern with the prioritization and queueing of jobs if we end up stacking a lot of these, or we have other departments on campus creating loader jobs for their groups.  We also sync these large groups to a downstream Active Directory OU as well.

 

Thanks for any tips!

 

Erik Coleman

University of Illinois at Urbana-Champaign

 

 

 

 



 

--


Gail H Lift
MCommunity, IAM-IIA, ITS, University of Michigan


Archive powered by MHonArc 2.6.19.

Top of Page