grouper-users - RE: [grouper-users] PSPNG (latest)
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: Michael R Gettes <>, grouper-users <>
- Subject: RE: [grouper-users] PSPNG (latest)
- Date: Tue, 14 Feb 2017 16:08:24 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:7tRRUxwcdHtFRTvXCy+O+j09IxM/srCxBDY+r6Qd2u8fIJqq85mqBkHD//Il1AaPBtSGraocwLSM+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFIiTanfb9+MBq6oATPusILnYZsN6E9xwfTrHBVYepW32RoJVySnxb4+Mi9+YNo/jpTtfw86cNOSL32cKskQ7NWCjQmKH0169bwtRbfVwuP52ATXXsQnxFVHgXK9hD6XpP2sivnqupw3TSRMMPqQbwoXzmp8qFmQwLqhigaLT406GHZhNJtgqJHrhyvpBJ/zIzVYI6JO/RxcbjQfc8BSmZdQspdSzBND4G6YoASD+QBJ+FYr4zlqlcArxW/BQitC/31yjNQm3T7w6060/4gEQHd0gArAtUDsHHIo9X1NKYTUP66zLPTwDXCdPNZxS3x6JXQch8/p/GMW6h8ftTMxkkyDg7IiEibp4LiPzOQzOsNsm6b4vJhVeKpl24otRtxoj6xyccwlIXFnJwaxU3Z9Sh/3Y07JsW4RVZlbdG+DJdcqiSXO5ZrTs8/Rmxotik3xqEatZO+fiUF1psqywLaZvGCbYSE/g/vWP6MLTp2mH5pYrayiwuo/US+1+HxUtO43EtIoydElNTHq2oD2AbJ6sedT/tw5keh1iiL1wDU8uxKOVw5m63HJ5I827I+i4IdvVnaEi/xg0r5krWadkI5+ui08OvnZajmppmBOINukgH+KKMumtChDuskLggOXm+b+eKm2L3k4E35XLFKjvoxkqnaqpzVOcMbpquhDw9U1IYs9Qq/Ai+43NsCgXULMVdIdA+ag4T0PlzOLv/1Aeujj1mpkjpk2f/LMqHkD5jIMHTPjKrtca5460FGyQozyd5f54hTCrEEOP/zX1P+tNzYDx44LQO02f3qCNRm1owCQ26PH7eZP73UsV+O/O4gPfSDZJINtDbnN/cl/+LujWM+mVIFcqmpx5wXaG2gHvt4OUWVeGfsgswfHmcQpQozV+jqiFyZUT5PfHa+Qbgw5jA9CIK6E4jDXIatj6Kd3CulBJFZeH1JCk3fWUvvIqCFUPcFZSbaGIdOnyAYWKPpH4o72kr2nBfh1vxqIveCvmUXr5X+zNVvovDImAspvWh7FcOAy2yXCnxvk3kTbz4wwK1lp0FhkBGO3bUu0NJCEtkGrdNYQAogcdb3z/Z7EJq6DgfKfsabRUyOQ86tRywpQ9Q3hdICfhAuSJ2Zkhnf0n/yUPcunLuRCcls/w==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Yeah, at some point we should probably move that logic to the same place that
creates other attributes for Grouper.
There is a script at the bottom here that is what Penn used to create the
attributes:
https://spaces.internet2.edu/display/Grouper/PSPNG+at+Penn
Note, edit the names if you have a different location for "etc". (e.g.
psu:etc?)
Thanks
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Michael R Gettes
Sent: Tuesday, February 14, 2017 11:05 AM
To: grouper-users
<>
Subject: [grouper-users] PSPNG (latest)
We have applied patches (all patches) and, from a private conversation with
Bert, I was led to believe when we first start up PSPNG it will create the
attributes for PSPNG in etc:attribute:userData:provision_to and
…:do_not_provision_to
I start up the loader with PSPNG enabled and I do not see these attributes
created. I waited a couple of minutes. I see the PSPNG jobs run in the
GROUPER_LOADER_LOG. No errors for the jobs and no errors in the log files on
startup.
Either I misunderstand something or haven’t done something right.
Guidance appreciated.
PSPNG patches from patch file in api:
grouper_v2_3_0_pspng_patch_0.date = 2017/02/10 15:52:42
grouper_v2_3_0_pspng_patch_0.state = applied
grouper_v2_3_0_pspng_patch_1.date = 2017/02/10 15:52:45
grouper_v2_3_0_pspng_patch_1.state = applied
grouper_v2_3_0_pspng_patch_2.date = 2017/02/10 15:52:47
grouper_v2_3_0_pspng_patch_2.state = applied
grouper_v2_3_0_pspng_patch_3.date = 2017/02/10 15:52:49
grouper_v2_3_0_pspng_patch_3.state = applied
grouper_v2_3_0_pspng_patch_4.date = 2017/02/10 15:52:50
grouper_v2_3_0_pspng_patch_4.state = applied
grouper_v2_3_0_pspng_patch_5.date = 2017/02/10 15:52:52
grouper_v2_3_0_pspng_patch_5.state = applied
grouper_v2_3_0_pspng_patch_6.date = 2017/02/10 15:52:53
grouper_v2_3_0_pspng_patch_6.state = applied
grouper_v2_3_0_pspng_patch_7.date = 2017/02/10 15:52:55
grouper_v2_3_0_pspng_patch_7.state = applied
grouper_v2_3_0_pspng_patch_8.date = 2017/02/10 15:52:56
grouper_v2_3_0_pspng_patch_8.state = applied
ldap.openldap.ldapUrl = X
ldap.openldap.bindDn = Y
ldap.openldap.bindCredential = Z
ldap.openldap.ldapUserCacheSize = 150000
ldap.openldap.grouperSubjectCacheSize = 150000
ldap.openldap.ldapSearchResultPagingSize = 1000
ldap.openldap.connectTimeout = 30000
ldap.openldap.useStartTLS = true
#changeLog.consumer.pspng_groupOfNames.ldapPoolName = groupOfNames
changeLog.consumer.pspng_groupOfNames.class =
edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_groupOfNames.type =
edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_groupOfNames.quartzCron = 0/10 * * * * ?
changeLog.consumer.pspng_groupOfNames.ldapPoolName = openldap
changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat =
${ldapUser.getDn()}
changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = TRUE
changeLog.consumer.pspng_groupOfNames.maxValuesToChangePerOperation = 5000
changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn =
ou=ng,ou=group,dc=psu,dc=edu
changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter =
objectclass=groupOfNames
changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter =
(&(objectclass=groupOfNames)(cn=${group.name}))
changeLog.consumer.pspng_groupOfNames.groupSearchAttributes =
cn,gidNumber,objectclass
changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn:
cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames||objectclass:
posixGroup||gidNumber: ${group.idIndex}
changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = dc=psu,dc=edu
changeLog.consumer.pspng_groupOfNames.userSearchFilter =
(&(objectclass=eduPerson)(eduPersonPrincipalName=${subject.id}))
- [grouper-users] PSPNG (latest), Michael R Gettes, 02/14/2017
- RE: [grouper-users] PSPNG (latest), Hyzer, Chris, 02/14/2017
- Re: [grouper-users] PSPNG (latest), Michael R Gettes, 02/14/2017
- RE: [grouper-users] PSPNG (latest), Hyzer, Chris, 02/14/2017
- Re: [grouper-users] PSPNG (latest), Michael R Gettes, 02/14/2017
- RE: [grouper-users] PSPNG (latest), Hyzer, Chris, 02/14/2017
- Re: [grouper-users] PSPNG (latest), Michael R Gettes, 02/14/2017
- RE: [grouper-users] PSPNG (latest), Hyzer, Chris, 02/14/2017
Archive powered by MHonArc 2.6.19.