Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] LDAP auth and the wheel group?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] LDAP auth and the wheel group?


Chronological Thread 
  • From: Michael White <>
  • To: "Waldbieser, Carl" <>
  • Cc: "" <>, "Peter St. Onge" <>
  • Subject: RE: [grouper-users] LDAP auth and the wheel group?
  • Date: Tue, 20 Jan 2015 15:29:52 +0000
  • Accept-language: en-US, en-GB
  • Acceptlanguage: en-US, en-GB

Hi Carl,

> When you change the wheel settings in the config, are you rebuilding the
> WAR file and redeploying it?

Nope! It's obvious when you say it, but it hadn't occurred to me to do this!
:-(

So, I deleted the expanded WARs from Tomcat, rebuilt and redeployed the
Grouper UI and Bingo, it worked!!!!!! :-)

I'm now able to log on via LDAP using my own account and I now appear to have
the appropriate admin privileges as expected (and no "Error" in the "Browse
folders" panel).

Phew! I feel a little bit of a banana for not realising I needed to do this,
but also relieved that it was "that simple" :-)

Thanks again Carl.

Peter - any chance this is the cause of your problems too?

Regards,

Mike

Michael White
eLearning Liaison and Development (eLD)
Information Services
S8, Library
University of Stirling
Stirling SCOTLAND
FK9 4LA
Email:


Tel: +44 (0) 1786 466877
Fax: +44 (0) 1786 466880
http://www.stir.ac.uk/is/staff/about/teams/aldt/#eld


> -----Original Message-----
> From: Waldbieser, Carl
> [mailto:]
> Sent: 20 January 2015 15:06
> To: Michael White
> Cc:
>
> Subject: Re: [grouper-users] LDAP auth and the wheel group?
>
> Michael,
>
> When you change the wheel settings in the config, are you rebuilding the
> WAR file and redeploying it? I tended to do that a lot when I was playing
> around with settings, including manually deleting files from the tomcat
> `webapps` folder before copying the new WAR file there and starting tomcat.
>
> Thanks,
> Carl
>
> ----- Original Message -----
> From: "Michael White"
> <>
> To: "Carl Waldbieser"
> <>,
> grouper-
>
> Sent: Tuesday, January 20, 2015 9:54:39 AM
> Subject: RE: [grouper-users] LDAP auth and the wheel group?
>
> Hi Carl,
>
> > Did you create the wheel group and add yourself to it via the web UI or
> > via
> GSH?
>
> I did it via the (new) web UI (as a Grouper newbie I've not been brought up
> on
> the gsh command line stuff ;-) ) . . .
>
> > If you drop into GSH and create the group and add your account to it,
> > it ought to work.
>
> Thanks for this suggestion - I've been trying it, but still no joy :-(
>
> I deleted the wheel group via the web UI and then tried recreating it via
> gsh,
> using:
>
> gsh 0% addGroup("etc", "sysadmingroup", "SysAdmin Group")
> group: name='etc:sysadmingroup' displayName='etc:SysAdmin Group'
> uuid='58c1d8dc6360450d93aac212c139b047'
> gsh 1% addMember("etc:sysadmingroup", "mw6") true
>
> - the group is created with me as a member as expected, but when I switch
> back to LDAP authentication I'm still not getting any kind of Admin
> privileges
> when I log on using my account - I still see the "Error" in the "Browse
> Folders"
> panel on the new UI, and I don't have access to any Groups via the Admin GUI
> that I've not been allocated explicit privileges for (i.e. I've still got
> no admin
> privileges via the Admin UI either) :-(
>
> I also tried deleting the group and getting Grouper to recreate it
> automatically
> via "configuration.autocreate.system.groups = true" in grouper.properties .
> . .
>
> This worked in terms of creating the group - I then added myself to it via
> gsh,
> but still no (admin) joy . . .
>
> I've also checked via gsh that Grouper knows I'm a member of the
> sysadmingroup:
>
> gsh 0% GrouperSession.startRootSession();
> edu.internet2.middleware.grouper.GrouperSession:
> 46bca74ce06f40f085da324a2d4c79ca,'GrouperSystem','application'
> gsh 1% subj = findSubject("mw6")
> subject: id='mw6' type='person' source='jndi' name='Michael White'
> gsh 2% sess = GrouperSession.start(subj)
> edu.internet2.middleware.grouper.GrouperSession:
> 68ce3eb0ee3a4ab787466d80ba4885a5,'mw6','person'
> gsh 3% member = MemberFinder.findBySubject(sess, subj)
> member: id='mw6' type='person' source='jndi'
> uuid='5c605c2715de4640829cda8e88aab41f'
> gsh 4% member.getGroups()
> group: name='etc:grouperUi:grouperUiUserData'
> displayName='etc:grouperUi:grouperUiUserData'
> uuid='58cd349ec9904e9786e9c6cbda02e4e2'
> group: name='etc:sysadmingroup' displayName='etc:SysAdmin Group'
> uuid='58c1d8dc6360450d93aac212c139b047'
> group: name='uos_test:apps:vpn:all_users'
> displayName='uos_test:apps:vpn:all_users'
> uuid='197f152a977547c8be432a3888136092'
> .... + other groups snipped out ...
>
> Finally, I've also been trying to upgrade as per Chris's suggestion, but the
> installer is falling on its face when I try and upgrade the UI (saying it
> can't find
> the UI properties file, even though it appears to be there to the naked eye
> -
> the API upgrade that I did first appears to have worked OK) so I can't say
> whether or not that would resolve my problem!
>
> Any additional thoughts, observations or suggestions (on fixing the wheel
> group issue or getting the installer to upgrade from v2.2.0 to v2.2.1
> successfully) would be most welcome!
>
> Cheers,
>
> Mike
>
> Michael White
> eLearning Liaison and Development (eLD)
> Information Services
> S8, Library
> University of Stirling
> Stirling SCOTLAND
> FK9 4LA
> Email:
>
> Tel: +44 (0) 1786 466877
> Fax: +44 (0) 1786 466880
> http://www.stir.ac.uk/is/staff/about/teams/aldt/#eld
>
>
> > -----Original Message-----
> > From: Waldbieser, Carl
> > [mailto:]
> > Sent: 19 January 2015 17:23
> > To: Michael White
> > Cc:
> >
> > Subject: Re: [grouper-users] LDAP auth and the wheel group?
> >
> > Michael,
> >
> > Did you create the wheel group and add yourself to it via the web UI
> > or via GSH?
> > Using the web UI to do this did not work for me. There is a note
> > about it in the online docs, somewhere.
> > If you drop into GSH and create the group and add your account to it,
> > it ought to work.
> >
> > I seem to recall the first time when I made the mistake of creating
> > the wheel group via the new UI, I was able to drop into GSH, remove my
> > account, re-add it, and save the group, and that straightened everything
> > out.
> >
> > Thanks,
> > Carl Waldbieser
> > ITS System Programmer
> > Lafayette College
> >
> > ----- Original Message -----
> > From: "Michael White"
> > <>
> > To:
> >
> > Sent: Monday, January 19, 2015 11:31:04 AM
> > Subject: [grouper-users] LDAP auth and the wheel group?
> >
> > Hi,
> >
> > I'm still in the early stages of playing and learning with Grouper
> > v2.2.0. I've got a basic folder/group hierarchy set up, subjects
> > coming from AD, and a number of groups being successfully populated via
> the Loader :-).
> >
> > I'm now trying to switch to using our AD for authentication by
> > switching to a JNDIRealm in Tomcat's server.xml - of course this means
> > that I can no longer log on using the GrouperSystem account, so I've
> > been trying to enable my AD account to be an admin account in Grouper by
> adding it to my "wheel" group .
> > . .
> >
> > I've added:
> >
> > groups.wheel.use = true
> >
> > - to "grouper.properties", and I note:
> >
> > groups.wheel.group = etc:sysadmingroup
> >
> > - in "grouper.base.properties".
> >
> > I created "etc:sysadmingroup" (as the Grouper System user) and added
> > myself to it, however this doesn't appear to be working as hoped/expected.
> >
> > If I log on using my AD username, authentication appears to work and I
> > arrive at the Grouper (new) UI and I'm correctly identified as me in
> > the "Logged in as" line, but in the "Browse Folders" panel, it just
> > shows "Error", which is reflected in the logs (appropriate snippet
> > attached).
> >
> > If I switch to the old UI, I can browse the folder hierarchy, but I
> > can only see groups that I have been granted explicit permissions for
> > (i.e. still not behaving as an admin user).
> >
> > Have I misunderstood how this is supposed to work? or am I missing
> > something obvious (or done something stupid!)?
> >
> > Any thoughts, observations, or pointers would be most welcome as I'm
> > not sure what to try next.
> >
> > Cheers,
> >
> > Mike
> >
> > Michael White
> > eLearning Liaison and Development (eLD) Information Services S8,
> > Library University of Stirling Stirling SCOTLAND
> > FK9 4LA
> > Email:
> >
> > Tel: +44 (0) 1786 466877
> > Fax: +44 (0) 1786 466880
> > http://www.stir.ac.uk/is/staff/about/teams/aldt/#eld
> >
> >
> >
> > --
> > The University of Stirling has been ranked in the top 12 of UK
> > universities for graduate employment*.
> > 94% of our 2012 graduates were in work and/or further study within six
> > months of graduation.
> > *The Telegraph
> > The University of Stirling is a charity registered in Scotland, number
> > SC 011159.
>
>
> --
> The University of Stirling has been ranked in the top 12 of UK universities
> for
> graduate employment*.
> 94% of our 2012 graduates were in work and/or further study within six
> months of graduation.
> *The Telegraph
> The University of Stirling is a charity registered in Scotland, number SC
> 011159.


--
The University of Stirling has been ranked in the top 12 of UK universities
for graduate employment*.
94% of our 2012 graduates were in work and/or further study within six months
of graduation.
*The Telegraph
The University of Stirling is a charity registered in Scotland, number SC
011159.




Archive powered by MHonArc 2.6.16.

Top of Page