Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] RE: Grouper hooks and a possible alternate approach?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] RE: Grouper hooks and a possible alternate approach?


Chronological Thread 
  • From: Julio Polo <>
  • To: "Hyzer, Chris" <>
  • Cc: "Farmer, Jacob" <>, "" <>
  • Subject: Re: [grouper-users] RE: Grouper hooks and a possible alternate approach?
  • Date: Mon, 1 May 2017 09:16:57 -1000
  • Ironport-phdr: 9a23:dBItLBF/Sbmlv80GWO3IEJ1GYnF86YWxBRYc798ds5kLTJ7zocWwAkXT6L1XgUPTWs2DsrQf2rSQ7vyrADdcqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdzIRmsrQjcucYajZZsJ6s+1xDEvmZGd+NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLDTRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljjoMOiUn+2/LlMN/kKNboAqgpxNhxY7UfJqVP+d6cq/EYN8WWXZNUsNXWidcAI2zcpEPAvIDMuZWr4fzqVgAowagCwawH+7g0CNEi2Xs0KEmz+gsEwfL1xEgEdIUt3TUqc34OqMPUeCxzanIyijIYelR2Tf574jDbxcsofORXbJ0cMrRzlIiFwPfgVSes4PlPjKV2v4TvGeG8uptTOSigHMppQF2pzig3MYsio/Ri4IUzFDE6Tt2wJwzJdKmVE53f8SoH4VNuCGHL4d2TcIiQ31ouCYn0bIKo4K0fC8PyJkh2hXRaOSHfpCW7h/iSOqcIzJ1hHxmdb2kmxq/9EetxvHgWsWp1VtFsjZJn9jJu30IyRDf9NSIR/1g9Um7wzmPzRrc6uRcLEA0i6XbL5khz6Y1lpUJsETDGjb6mETxjKOKb0kl9fak5/r7bbn8qZ+cMIh0ig76MqswgMCwHeM4Mg0WU2ia/+SzyqHj8FXnTLhLkvE7kKzUsJ7ZKMsAuqK0BgBY3po/5xqiCjqpzMgUkHgCIV9AZh6LkZTmN0nLIP/iDPe/h1qskC1sx/DDJrDhAIjNLnzCkLfmZrt961RTyQQpwtBe5pJYEK8OL+/uWkPprtzXEgc5MxCow+bgENh92ZkeWWWSAq+BLqzSq0aE5v80I+aSfo8Voy3wK/wk5/71kX85gkERcbOo3ZsRdHC3AO5mI0OHbnrwnNsNC3kFsRcjTL+itFrXGx5CdXuoG+oX5is6E8juWYLIRpG/jaap3TywWIBOa2ZATF2ADCG7WZ+DXqIudSaTJYdZlTgDHeyjVosg0jmuvRDzyrshI+bJrH5L/an/3cR4srWA3So58iZ5WoHEizmA

-julio

On Mon, May 1, 2017 at 8:20 AM, Hyzer, Chris <> wrote:

There is built in grouper messaging.  You can configure a change log consumer (already exists, no need to write code), to filter on that group name and send a grouper message.  The thing that needs to be notified can change grouper messaging.

 

We could use better docs for this, and I can improve them if you like, but heres the current link

 

https://spaces.internet2.edu/display/Grouper/Grouper+Messaging+System

https://spaces.internet2.edu/display/Grouper/Grouper+messaging+send+receive+example

 

Do you do messaging at Indiana with AWS, activeMQ, rabbitMQ, azure, etc?  We don’t have adapters for those yet, but if we had one (shouldn’t be hard and we actually are starting to work on them now), we could configure the above connector to just send messages to your message queue system instead of the built in grouper one.

 

The Grouper ESB can send messages out as well, though your system would need to implement a certain HTTP spec or you could do XMPP, though the messaging I think would be preferable…

 

https://spaces.internet2.edu/display/Grouper/Grouper+ESB+Connector

 

If you don’t want to do either of these, then yes, writing a change log consumer would be ideal.  I would use a helper class though, e.g. extend ChangeLogConsumerImpl, and you can mark your class(es) to listen for with an attribute, even if you only have one.

 

https://spaces.internet2.edu/pages/viewpage.action?pageId=14517905

 

Thanks

Chris

 

 

From: [mailto:] On Behalf Of Farmer, Jacob
Sent: Monday, May 01, 2017 1:51 PM
To:
Subject: [grouper-users] Grouper hooks and a possible alternate approach?

 

Colleagues,

 

We have been presented with a business need and I’m not sure the best way to resolve it. I would appreciate it if you would be willing to help me brainstorm/consider alternate approaches. I will add that we are new to Grouper and so apologies in advance if this is a trivial problem.

 

We have primarily been working with Grouper to manage LDAP groups in our Active Directory. As we start to consider expanded use cases, we have an application that needs to be notified when a calculated group’s membership changes. Reviewing the docs, there seems to be at least two options: writing a custom grouper hook and creating a worker process that monitors the changelog. We also have a third option in this case: write a separate process that triggers on an update to the LDAP group membership.

 

For those of you who are more experienced -- do any of these jump out as the “right answer”? I’m tempted to write a process to watch the change log because it seems architecturally easiest, but I would appreciate learning from this group’s collective experience.

 

Jacob

 

=========================

Jacob Farmer

Identity Management Systems

(812) 856-0186

 





Archive powered by MHonArc 2.6.19.

Top of Page