Grouper Users - Open Discussion List

[Rahul Doshi <>]

I looked into PSP code and I did find  property changeLog.consumer.psp.confDir to specify the configuration directory but when I tested, PSP configuration still appeared to be loaded from the default location $GROPUER_HOME/conf for both the PSP.

Thanks,

Rahul

From: "Bryan E. Wooten" <>
Date: Wednesday, October 9, 2013 11:09 AM
To: Rahul Doshi <>, "" <>
Subject: RE: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons)

> I am aslo considering the idea of running two loader daemons to provision to two different LDAP environments.  I just wanted everyones opinion if there are any shortcomings >to this approach.  I know running two loader daemons is not recommended but can it be run without issues if changelog is disabled in one loader daemon?  

 

This is my current approach. There are other grouper-loader.properties to change also.

 

>?  I previously tried configuring two separate PSP in grouper-loader.properties to provision to AD and 389 but couldn't figure out a way to have separate configuration >files  (psp.xml, psp-resolver.xml) for running the PSP.

 

I thought of this also and also identified this issue. I THINK the problem is that the PSP assumes the psp*.xml files reside in the /conf directory and have known names. This could probably be easily fixed by locating where the files are read in the PSP and have the code read a property first. I may look into this.

 

> I also tried configuring everything in single file but that became complicated quickly.

 

That was my original attempt, following the PSP multiple ldap example. Yes it became very complicated (so many XML attributes with similar names! And references.). I have this “mostly” working. I can get folders and groups provisioned to both AD and OpenDJ. I just can’t members added to groups in OpenDJ. For some reason it tries to use AD DNs for members… That is where I got stuck. I know it is probably some little piece of XML but I can’t find where to make the change. That lead me to the 2 daemon solution.

 

I have one last potential solution I’ll try if I can’t 2 daemons to work. That is I’ll use the Grouper to Grouper sync functionality. One would provision AD and the other OpenDJ. Of course this doubles my infrastructure in a sense (2 DBs, 2 grouper daemon servers).

 

I can’t believe someone else hasn’t had the use case to provision 2 disparate LDAPs using the PSP and solved this issue.

 

Cheers,

 

Bryan

 

 

From: Rahul Doshi []
Sent: Wednesday, October 09, 2013 8:50 AM
To: Bryan E. Wooten;
Subject: Re: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons)

 

Hello,

 

I am aslo considering the idea of running two loader daemons to provision to two different LDAP environments.  I just wanted everyones opinion if there are any shortcomings to this approach.  I know running two loader daemons is not recommended but can it be run without issues if changelog is disabled in one loader daemon?  I previously tried configuring two separate PSP in grouper-loader.properties to provision to AD and 389 but couldn't figure out a way to have separate configuration files  (psp.xml, psp-resolver.xml) for running the PSP.  I also tried configuring everything in single file but that became complicated quickly.

 

Thanks,

Rahul

 

 

From: "Bryan E. Wooten" <>
Date: Tuesday, October 8, 2013 9:00 PM
To: "" <>
Subject: [grouper-users] This wierd, getting 2 CNs in OpenDJ groups (Using PSP and 2 Loader daemons)

 

So this seems to work, mostly.

 

Except like I said, OpenDJ gets 2 CNs while AD just gets one. One is what I expect “(cn=groupname”). The other is like this: “cn=folder:ou:groupname”.

 

Version 2.1.4 running 2 loader daemons, one has a PSP to provisionAD  and the other to provision OpenDJ.

 

The daemon running the OpenDJ PSP has loader functionality disabled via grouper-loader.properties. It is just a platform to run the PSP. It does not process change logs. Both daemons are linked to the same DB.

 

-Bryan