Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

My understanding is they are created the first time you run the PSPNG.  
(which would do nothing since the attributes don’t exist and aren’t 
assigned).  Then you assign them, and run again, and it provisions.  Anyways, 
you can pre-create.  Your output doesn’t look terrible, attributes should be 
there now :)

Take a look at this wiki:

https://spaces.internet2.edu/display/Grouper/PSPNG+at+Penn

Assign the provision_to attribute to a folder or group or multiple, and run 
it, and see if it works :)

Thanks
Chris



-----Original Message-----
From: Michael R Gettes 
[mailto:]
 
Sent: Tuesday, February 14, 2017 11:27 AM
To: Hyzer, Chris 
<>
Cc: grouper-users 
<>
Subject: Re: [grouper-users] PSPNG (latest)

Thanks Chris.

I got the following output - which seems like there might be an error.  I had 
commented to Bert - I don’t understand why these attributes need to be 
created and the rest of the configuration is in grouper-loader.properties.  
Why not have them all in the same place?  Anyway, am i not supposed to have 
provision_to some place defined some place?  Sorry, I remain a little 
confused as to what to do next.

gsh 0% gsh 1% gsh 2% gsh 3% gsh 4% gsh 5% gsh 6% stem: name='etc:pspng' 
displayName='etc:pspng' uuid='b04ab59001ab4a0da1977aeee0e54d86' 
gsh 7% java.lang.Long: 0
gsh 8% Made change for stem: etc:pspng
gsh 9% Tue Feb 14 11:19:37 EST 2017 Done with folders, objects: 1, expected 
approx total: 8, changes: 1, known errors (view output for full list): 0
gsh 10% Tue Feb 14 11:19:37 EST 2017 Done with groups, objects: 1, expected 
approx total: 8, changes: 1, known errors (view output for full list): 0
gsh 11% Tue Feb 14 11:19:37 EST 2017 Done with composites, objects: 1, 
expected approx total: 8, changes: 1, known errors (view output for full 
list): 0
gsh 12% gsh 13% gsh 14% java.lang.Long: 1
gsh 15% Made change for attributeDef: etc:pspng:do_not_provision_to_def
gsh 16% gsh 17% gsh 18% java.lang.Long: 2
gsh 19% Made change for attributeDef: etc:pspng:provision_to_def
gsh 20% Tue Feb 14 11:19:39 EST 2017 Done with attribute definitions, 
objects: 3, expected approx total: 8, changes: 3, known errors (view output 
for full list): 0
gsh 21% Tue Feb 14 11:19:39 EST 2017 Done with role hierarchies, objects: 3, 
expected approx total: 8, changes: 3, known errors (view output for full 
list): 0
gsh 22% edu.internet2.middleware.grouper.attr.AttributeDef: 
AttributeDef[name=etc:pspng:do_not_provision_to_def,uuid=75bef106a7404aeebb7ad1f622d2a0b1]
gsh 23% gsh 24% edu.internet2.middleware.grouper.attr.AttributeDef: 
AttributeDef[name=etc:pspng:provision_to_def,uuid=1b76d4fb678748ee99a0e3e610929be5]
gsh 25% gsh 26% Tue Feb 14 11:19:39 EST 2017 Done with attribute actions, 
objects: 5, expected approx total: 8, changes: 3, known errors (view output 
for full list): 0
gsh 27% Tue Feb 14 11:19:39 EST 2017 Done with attribute action hierarchies, 
objects: 5, expected approx total: 8, changes: 3, known errors (view output 
for full list): 0
> On Feb 14, 2017, at 11:08 AM, Hyzer, Chris 
> <>
>  wrote:
> 
> Yeah, at some point we should probably move that logic to the same place 
> that creates other attributes for Grouper.
> 
> There is a script at the bottom here that is what Penn used to create the 
> attributes:
> 
> https://spaces.internet2.edu/display/Grouper/PSPNG+at+Penn
> 
> Note, edit the names if you have a different location for "etc".  (e.g. 
> psu:etc?)
> 
> Thanks
> Chris
> 
> 
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Michael R Gettes
> Sent: Tuesday, February 14, 2017 11:05 AM
> To: grouper-users 
> <>
> Subject: [grouper-users] PSPNG (latest)
> 
> We have applied patches (all patches) and, from a private conversation with 
> Bert, I was led to believe when we first start up PSPNG it will create the 
> attributes for PSPNG in etc:attribute:userData:provision_to and 
> …:do_not_provision_to
> 
> I start up the loader with PSPNG enabled and I do not see these attributes 
> created.  I waited a couple of minutes.  I see the PSPNG jobs run in the 
> GROUPER_LOADER_LOG.  No errors for the jobs and no errors in the log files 
> on startup.
> 
> Either I misunderstand something or haven’t done something right.
> 
> Guidance appreciated.
> 
> PSPNG patches from patch file in api:
> grouper_v2_3_0_pspng_patch_0.date = 2017/02/10 15:52:42
> grouper_v2_3_0_pspng_patch_0.state = applied
> grouper_v2_3_0_pspng_patch_1.date = 2017/02/10 15:52:45
> grouper_v2_3_0_pspng_patch_1.state = applied
> grouper_v2_3_0_pspng_patch_2.date = 2017/02/10 15:52:47
> grouper_v2_3_0_pspng_patch_2.state = applied
> grouper_v2_3_0_pspng_patch_3.date = 2017/02/10 15:52:49
> grouper_v2_3_0_pspng_patch_3.state = applied
> grouper_v2_3_0_pspng_patch_4.date = 2017/02/10 15:52:50
> grouper_v2_3_0_pspng_patch_4.state = applied
> grouper_v2_3_0_pspng_patch_5.date = 2017/02/10 15:52:52
> grouper_v2_3_0_pspng_patch_5.state = applied
> grouper_v2_3_0_pspng_patch_6.date = 2017/02/10 15:52:53
> grouper_v2_3_0_pspng_patch_6.state = applied
> grouper_v2_3_0_pspng_patch_7.date = 2017/02/10 15:52:55
> grouper_v2_3_0_pspng_patch_7.state = applied
> grouper_v2_3_0_pspng_patch_8.date = 2017/02/10 15:52:56
> grouper_v2_3_0_pspng_patch_8.state = applied
> 
> ldap.openldap.ldapUrl = X
> ldap.openldap.bindDn = Y
> ldap.openldap.bindCredential = Z
> ldap.openldap.ldapUserCacheSize = 150000
> ldap.openldap.grouperSubjectCacheSize = 150000
> ldap.openldap.ldapSearchResultPagingSize = 1000
> ldap.openldap.connectTimeout = 30000
> ldap.openldap.useStartTLS = true
> 
> 
> #changeLog.consumer.pspng_groupOfNames.ldapPoolName = groupOfNames
> 
> changeLog.consumer.pspng_groupOfNames.class = 
> edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
> changeLog.consumer.pspng_groupOfNames.type = 
> edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
> changeLog.consumer.pspng_groupOfNames.quartzCron = 0/10 * * * * ?
> changeLog.consumer.pspng_groupOfNames.ldapPoolName = openldap
> changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
> changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = 
> ${ldapUser.getDn()}
> changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = TRUE
> changeLog.consumer.pspng_groupOfNames.maxValuesToChangePerOperation = 5000
> changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = 
> ou=ng,ou=group,dc=psu,dc=edu
> changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = 
> objectclass=groupOfNames
> changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = 
> (&(objectclass=groupOfNames)(cn=${group.name}))
> changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = 
> cn,gidNumber,objectclass
> changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: 
> cn=${group.name}||cn: ${group.name}||objectclass: 
> groupOfNames||objectclass: posixGroup||gidNumber: ${group.idIndex}
> changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = dc=psu,dc=edu
> changeLog.consumer.pspng_groupOfNames.userSearchFilter = 
> (&(objectclass=eduPerson)(eduPersonPrincipalName=${subject.id}))
>