Grouper Users - Open Discussion List

[Peter Schober <>]

After what will be 6 years next March I'm building a Grouper prototype
again. This time for central IT's new Active Directory deployment,
where provisioning institutional and manually managed groups to AD
(and other systems after that) will be relevant, as well as providing
some self-service web interface for department admins -- but don't
assume that I remember or understand or know /anything/ about Grouper.
I'm starting completely from scratch.

A few "first" impressions, as long as they're fresh. This is meant in
the spirit of the Shibboleth project, who always encourage people new
to the software to point out what's difficult when beginning, since
that's a perspective you (hopefully) quickly lose.

I started out with the QS, after looking though the wiki serching for
the actual installation docs: there's the "Getting Started" part of
the work-in-progress Grouper Book, the "Admin Guide"'s API
installation -- once you figure out that the "API" is the main Grouper
component, the "Grouper Getting Started Quickly" page, and probably
more institution specific ones. I'm not sure at this point that having
all this helps.

Lots of references to Grouper 1.4 and 1.5 thoughout the docs, but that
of course doesn't mean that they're broken or incorrect when
substituting 2.x for those.

From the QS Linux install (ant ui): "type default and press enter".
What kind of default is this when it defaults to "exit" and you
literally need to type "default"? Very minor blemish and might be some
ant thing, of course.

I haven't yet figured out where to unpack and build stuff vs. where
the software and it's data are installed. I had to fight a bit with
logs not ending up where I would want them, and having the wrong
permissions (since they seemingly needed to be written to by the user
running the stuff on the console, as well as the user the container
runs as; both non-root in my case). I moved logs and software
directories where I wanted them and left a myriad of symlinks where
there where, for now (so I wouldn not have to change all those
properties files with "../grouper" references etc. I did set up
grouper.home property in my containers environment). I'll look into
this later, once I learn more about involved files.

Beyond that I haven't done much yet except explore the UIs:

Simple things like browsing though the groups and trying to add a
member where confusing at first: I saw that there was an "Ian Windsor"
in some group, so I tried to add this user to another group (Admin UI).
But searching for "Ian" or typing "Ia" in the LiteUI (for
auto-completion) didn't bring up any results -- only when written in
lower-case ("ian", "ia") results where found. Even though the results
themselfs were presented in initcaps ("Peter Bush", "Ian ...").

When in the Lite UI I always seem to want to click on folders to
browse the hierarchy but these are not clickable. They are in the
Admin UI, though.

When I select a group in "Create or edit groups and roles" (Lite UI)
and then "edit group/role", and then "memberships" at the bottom, I
lose the standard header with the Internet2 and Grouper logos,
including a link to the "Main Menu". It's all there one click before
that. Looking closely there's "Admin UI" and "Lite UI menu" written in
tiny letters right to the name of the group (in the line "Current
location is").  But I wonder why logos, logout link, etc. all vanish
on that specific level. Using the browsers back button the group I
selected before is of course gone and I'm back to searching for it
again. Making the group itself (in the line "Current location is")
clickable (in the "Group membership update lite" page) would make this
unnecessary, I would hope.

After searching for a group (LiteUI) and selecting "Privileges"
instead of "Memberships", the current page becomes longer and gets a
"Group / role privileges" section. The rest of the page remains the
same ("Main menu", "logout" links, logos are intact).
When selecting "Memberships" the current page is replaced with a new
one, and the header is gone. Probably this is because there might be
many members being shown there (which is not the case in the QS, of
course), but then having the page header there for consistency won't
make things much worse?


I followed "Grouper Getting Started Quickly"[1] setting up non-QS
Grouper (RHEL6, Java6, Tomcat7 and with the Oracle RDBMS) until I had
the grouper client fail to connect to WS (with a HTTP 403 from
Tomcat), but I'll keep those questions for another thread if the error
persists. I'll need to pick this up sometime after the holidays.
Of course I also have non-technical questions about naming plans etc.

General impression: Everything here is insanely complicated and I
didn't even look at the loader, provisioning and the Subject API :)

cheers,
-peter

[1] 
https://spaces.internet2.edu/display/Grouper/Grouper+Getting+Started+Quickly