Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: loader.config.hierarchy question

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: loader.config.hierarchy question


Chronological Thread 
  • From: Jeffrey Williams <>
  • To:
  • Subject: [grouper-users] Re: loader.config.hierarchy question
  • Date: Thu, 15 Feb 2018 16:27:11 -0500
  • Ironport-phdr: 9a23:X+HF9BLiJqHcpn3kW9mcpTZWNBhigK39O0sv0rFitYgRLP7xwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QLYpUjqg8qhrUgflhyUJNzA5/m/ZidF+grxHrx+6vRNz35TZbZuJOPZifK7Qe84RS2pbXsZWUixMGoeyYJUBD+oPJ+ZXsYn8rEYOohu/AQmsAOLvxSVNhn/twKY31OYhEQ/I3QwhG9IOtHXUo8/uOacPV+C60KbIwS/dYPxLxDfw8Y7FeQ0ir/GURb98b8vcxVUtGg7AgFWdqpfqMy+Q2+kCr2SX8/ZvWOezhGI7qAx8pz2iytkih4TGgI8e10rK+j9jwIkvIN21UE57bsCgEJtXryyaMpF5QsImQ21xpSY10KEKtYe0fSQUxpkqyATTa/OAc4iP7RLjUPieLS1ki3JifbKznxey8U6+xe3gTsS4zldHojZHn9TJuHAA1Afc5tSCR/Zy4kutxSqA2gXP5e1YIk05kK/WJ4Avz7M/jpYTtF7MHi7ymEX4lq+WcUAk9/Cq6+TpbLTmp5ucN4t1ig7kKakuh8q/Dvg3MgQUQWeU5Pm82KX5/ULlWLVKkuE2kq7BvZDVP8QbobO5AxdL3YY58hq/Eiym38oCnXkcN19FfBOHj5P1O1HVPvz0F/a/g1KwkDh13fDGOKPuAonTInTZjrjuYKt9uAZgz18819dC/59OT6waLejock73qNHCCBIlaUq5z/u0Js9609Y8VGyBGKKIeJzTtVuJ7+c0a72OapAUvDL8ItA44fXhy3I1hAlOLuGSwZILZSXgTbxdKEKDbC+0jw==
final follow-up:
grouper-loader.properties has its ldap.ADLdap.pass variable commented out, so the variable read from the prior /opt/ext-conf/ldap.ADLdap.pass should have been its only definition.

On Thu, Feb 15, 2018 at 4:25 PM, Jeffrey Williams <> wrote:
Apologies, hit send a little early.


On Thu, Feb 15, 2018 at 4:14 PM, Jeffrey Williams <> wrote:
UNCG is running TIER's Grouper 2.3 container in production and we're looking to promote our LDAP loader config into production.

I've been working on a dual git repo setup where one contains the various Grouper configurations and needed modifications to the container, while the other contains the more senstive parts of the config that need not be included if we were to share our config with others.

vtldap seems to put a wrench into this with not seeming to handle ciphered passwords as indicated in the docs.  I had the idea of using loader.config hierarchy as follows:

# comma separated config files that override each other (files on the right override the left)  
loader.config.hierarchy = classpath:grouper-loader.base.properties, file:/opt/ext-conf/ldap.ADLdap.pass, file:/opt/etc/grouper-loader.properties, file:
/opt/etc/grouper-loader-pspng.properties

I had drop the unciphered ldap.ADLdap.pass variable into a separate file on a separate folder and let the loader read that first, followed by the rest of grouper-loader.properties.  This way, when we test ciphered LDAP loading creds again, we can reference the ciphered file in grouper-loader.properties with no additional changes.

Observations: It seems that while this configuration pans out in a loader-only scenario(i.e. apache, tomcat are not started), if I spin up a UI/WS only container, I get a bind error.  If I drop the unciphered PW back into grouper-loader.properties and restart the container, calling the loader job from the UI returns the same result as calling it from gsh session on the loader.

Question: Is there a significant difference in how the UI calls a loader job vs. how the daemon calls it?



--
Jeffrey Williams, Identity Management Specialist
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)



--
Jeffrey Williams, Identity Management Specialist
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)

Archive powered by MHonArc 2.6.19.

Top of Page