Grouper Users - Open Discussion List

["Redman, Chad Eric" <>]

Hi,

For the LDAP Loader, yes, that is correct. The configFileFromClasspath option 
to set vt-ldap parameters directly via an external file was working for the 
ldap attributes but not the ldap pool attributes. It doesn't work to set the 
validator because vt-ldap has no mechanism to set it up via parameters. Thus, 
they will remain as pseudo-attributes in the grouper-loader file.

The subject sources uses a different set of classes (in the subject package 
instead of the grouper package) to work a similar way, when using the 
ldapProperties_file option to pull them in.  Pool settings were already 
working there, so I just implemented a similar code block. Note that the 
validator setup needs special handling here as well, which is why there are 
VTLDAP_VALIDATOR* params in sources.xml and not in the external ldap 
properties file.

I didn't have a psp connection set up to test from, so I'm not familiar with 
it. But the config handling looks totally separate, using ldaptive instead of 
vt-ldap. From perusing the code in the pspng module, it looks to be 
converting the endpoint prefixes to "org.ldaptive.*" which would potentially 
allow any available property to be set; E.g., 
ldap.groupOfNames.pool.validatePeriodically = true. And a bonus for fixing 
the vt-ldap bug of not allowing the validation properties to be set because 
they were "is" methods instead of "get" methods. However, just like vt-ldap, 
setting up a validator function may need special handling, if it can't be set 
through properties.

-Chad


-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Hyzer, Chris
Sent: Friday, January 27, 2017 9:37 AM
To: 

 Mailing List 
<>
Subject: [grouper-users] RE: [JIRA] (GRP-1474) ldap loader set pool options 
when using configFileFromClasspath

Chad,

Thanks so much for yet another valuable pull request.

Just to clarify.  Now the loader ldap connections can set the pooling options 
via an external vtldap file right?  And anything that uses those connections 
(loader, pspng, (eventuall) sources) would benefit from that configuration, 
right?

Thanks
Chris


-----Original Message-----
From: Chad Redman (JIRA) 
[mailto:]
 
Sent: Thursday, January 26, 2017 6:29 PM
To: Hyzer, Chris 
<>
Subject: [JIRA] (GRP-1474) ldap loader set pool options when using 
configFileFromClasspath

Chad Redman created GRP-1474:
--------------------------------

             Summary: ldap loader set pool options when using 
configFileFromClasspath
                 Key: GRP-1474
                 URL: 
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.internet2.edu%2Fjira%2Fbrowse%2FGRP-1474&data=01%7C01%7Cchad_redman%40unc.edu%7Cafe998db5ec34c356a7008d446c20f5c%7C58b3d54f16c942d3af081fcabd095666%7C1&sdata=iajxVEZ%2F6WMahUB5FConMKaAWm%2BAYP6MuvCY1ZLVOJY%3D&reserved=0
             Project: Grouper
          Issue Type: Improvement
          Components: grouperLoader
            Reporter: Chad Redman
            Assignee: Chris Hyzer


In the grouper-loader.properties file, there are two ways to set up 
properties for LDAP sources. The primary way, and the one most documented, is 
to define a series of "ldap.<sourceId>.\*" properties that set up the LDAP 
config, the pool, and the optional validator function. However, a second way 
to configure a source is via the property 
"ldap.<sourceId>.configFileFromClasspath". In this method, the properties 
defined in the file refered to in configFileFromClasspath are in the format 
"edu.vt.middleware.ldap.*", and are parsed directly by vt-ldap functions, and 
not by Grouper wrappers. This means that a larger set of the vt-ldap 
properties can be set, rather than just the ones Grouper functions are coded 
to handle.

However, parameters for pooling defined in the file are ignored. They can 
still be set in the grouper-loader.properties as their "ldap.<sourceId>.\*" 
versions, the same as for method #1.

I have a pull request that allows the pooling options to be set in the 
external file. I can also update the documentation to show how to use the 
configFileFromClasspath alternative. This brings the loader config closer in 
line to the sources.xml/subject.properties option for an external file via 
ldapProperties_file, which could already handle pool settings.

The validator-specific properties that can be set for the source (see 
GRP-1428) can't be set in the external file, as vt-ldap has no way to handle 
it. These will need to continue to be set in grouper-loader.properties, as 
per method #1.

Example:

grouper-loader.properties


{code}
ldap.personLdap.configFileFromClasspath = ldap.personLdap.properties
ldap.personLdap.validator = CompareLdapValidator
ldap.personLdap.validatorCompareDn = ou=groups,dc=example,dc=com
ldap.personLdap.validatorCompareSearchFilterString = (ou=groups)
{code}



ldap.personLdap.properties

{code}
edu.vt.middleware.ldap.ldapUrl = ldap://ldap.example.com
edu.vt.middleware.ldap.bindDn = 
cn=grouper.svc,ou=applications,dc=example,dc=com
edu.vt.middleware.ldap.bindCredential = XXXXXXXXXXX
edu.vt.middleware.ldap.pool.minPoolSize = 3
edu.vt.middleware.ldap.pool.maxPoolSize = 5
edu.vt.middleware.ldap.pool.validateOnCheckOut = false
edu.vt.middleware.ldap.pool.validateOnCheckIn = false
edu.vt.middleware.ldap.pool.validatePeriodically = true
edu.vt.middleware.ldap.pool.validateTimerPeriod = 270000
edu.vt.middleware.ldap.searchResultHandlers=edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.internet2.middleware.grouper.ldap.handler.RangeSearchResultHandler

{code}




--
This message was sent by Atlassian JIRA
(v7.2.6#72008)