Skip to Content.
Sympa Menu

grouper-users - Using GrouperShell to bootstrap the Wheel Group

Subject: Grouper Users - Open Discussion List

List archive

Using GrouperShell to bootstrap the Wheel Group


Chronological Thread 
  • From: Scott Koranda <>
  • To:
  • Subject: Using GrouperShell to bootstrap the Wheel Group
  • Date: Tue, 1 Jul 2008 18:16:42 -0500

Hi,

Apologies for the long note and many questions...we would like
to leverage Grouper but we are not Java/Tomcat experts.

I am following the details at

https://wiki.internet2.edu/confluence/display/GrouperWG/Initializing+Administration+of+Privileges

to try and bootstrap the wheel group but I am confused and
having some problems. Specifically:

- Does Tomcat need to be running when trying to use gsh.sh?
Does gsh.sh talk through Tomcat in some way? Or is gsh.sh
authenticating directly to the underlying relational
database and manipulating it directly?

If it is directly maninpulating the relational database,
then which configuration file(s) is it using to obtain the
necessary information? Is it reading the configuration in
$CATALINA_HOME/webapps/grouper or in $GROUPER_HOME
where I did the building?

Is the model that I am supposed to change configuration
files in $GROUPER_HOME, then redeploy into Tomcat each time
I want to make a configuration change?

- I was able to run these commands:

gsh-0.1.1 2% addRootStem("etc", "Grouper Administration")
gsh-0.1.1 3% addGroup("etc", "sysadmingroup", "SysAdmin Group")

When I try, however, to add a member to that group I am
getting this:

gsh-0.1.1 4% addMember("etc:sysadmingroup", "883")
// Error: subject not found: 883
false

Here '883' is the value for the employeeNumber attribute in
our LDAP for myself. I had configured in sources.xml the
following:

<param-name>SubjectID_AttributeType</param-name>
<param-value>employeeNumber</param-value>

...

<searchType>searchSubject</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp;(employeeNumber=%TERM%)(objectclass=inetOrgPerson))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>ONELEVEL_SCOPE</param-value>
</param>

So I would have thought entering '883' would have worked.

How can I verify that the grouper running under Tomcat and
also gsh.sh are able to search our LDAP correctly?

I appreciate any help you can offer.

Thanks,

Scott



Archive powered by MHonArc 2.6.16.

Top of Page