Grouper Users - Open Discussion List

[Scott Koranda <>]

Hi David,

Based on what I read on that wiki page, is this a fair statement:

The Grouper team may release a version of Grouper in the future that
will not provision to LDAP without a deployer having to take one of
these two actions: (1) Writing Java code, or (2) deploying a message
queue/broker.

Thanks,

Scott K for LIGO


On Thu, Oct 2, 2014 at 12:19 PM, David Langenberg 
<>
 wrote:
> Hi Dave,
>
> The plans for the post-PSP world are being written/discussed/firmed up here:
>
> https://spaces.internet2.edu/display/Grouper/Post+PSP+Provisioning
>
> I welcome any comments, criticisms, suggestions, etc.
>
> Dave
>
>
> On Thu, Oct 2, 2014 at 10:59 AM, David Vezzani 
> <>
> wrote:
>>
>> Dave,
>>
>> Thanks for your response.  I think it is important to know that there are
>> plans for retiring the PSP tool.  In creating our group management 
>> solution,
>> we are hoping to use as much code that is supported and is planned to be
>> supported in the future.
>>
>> Your suggestions for how to better understand PSP are much appreciated.
>>
>> That being said, what would take the place of PSP as the suggested tool
>> for provisioning groups to target LDAPs?
>>
>> Dave
>>
>> David Vezzani
>> (c) 209-756-9688
>> (o) 209-228-4516
>> 
>>
>>
>>
>> On Oct 2, 2014, at 9:48 AM, David Langenberg 
>> <>
>>  wrote:
>>
>> Probably the best way to understand what that psp-resolver.xml is
>> controlling is to first understand Shibboleth and how its 
>> attribute-resolver
>> works. The PSP is using the Shibboleth Attribute Resolver to handle looking
>> up the provisioned information, group source information and also perform
>> necessary transformations to make the two systems (grouper and target)
>> comparable.
>>
>> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAddAttribute
>>
>> I really wouldn't try to generate SPML & feed it directly to the PSPs LDAP
>> Target class, though in theory it could work.  As for the source for
>> OpenSPML, the OpenSPML library upon which the PSP relies is no longer
>> maintained.  I managed to grab a copy of the source at one time and keep a
>> fork of it here:
>>
>> https://github.com/langedb/openspml
>>
>> This is yet another reason why the PSP is going to be retired soon.
>>
>> Dave
>>
>> On Thu, Oct 2, 2014 at 10:25 AM, David Vezzani 
>> <>
>> wrote:
>>>
>>> I’m still trying to understand what the PSP does exactly.  I’m running
>>> through the video tutorials and I’m not getting the same end result as
>>> Patel.  I figure I would be able to resolve the issue with some slight
>>> modifications to the PSP configuration files.  I admit that
>>> https://spaces.internet2.edu/display/Grouper/Grouper+Provisioning has
>>> definitely helped me get a better understanding of how PSP works, but I’m
>>> not finding the detail I need to understand with enough depth so that I
>>> actually know what I’m doing when I make changes to the PSP configuration.
>>>
>>> To start, I want to make sure I understand the big picture.
>>>
>>> PSP is used to provision groups with assigned members by generating SPML2
>>> xml packets that somehow get converted to LDIF which is presented to the
>>> target LDAP.  Is this a fair statement?
>>>
>>> I am currently looking for a SPML2 client I can use to test SPML2 packets
>>> with my target LDAP.  I see that Grouper comes packaged with a JAR that
>>> provides org.openspml.v2.client.Spml2Client , but I haven’t found the 
>>> source
>>> or documentation yet on how to use it.  I already verified it is different
>>> from a SpmlClient class I found on Oracle’s site.  I am hoping that being
>>> somewhat familiar with SPML2 will increase my knowledge base so I can 
>>> better
>>> understand the PSP configuration files, especially the psp-resolver.xml
>>> file.
>>>
>>> David Vezzani
>>> (c) 209-756-9688
>>> (o) 209-228-4516
>>> 
>>>
>>>
>>>
>>
>>
>>
>> --
>> David Langenberg
>> Identity & Access Management
>> The University of Chicago
>>
>>
>
>
>
> --
> David Langenberg
> Identity & Access Management
> The University of Chicago