Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Re: loader.config.hierarchy question

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Re: loader.config.hierarchy question

Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Jeffrey Williams <>, "Redman, Chad" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] Re: loader.config.hierarchy question
  • Date: Fri, 16 Mar 2018 18:25:25 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:MHcG2xVlyDYt/JWRuboLu6i4ik/V8LGtZVwlr6E/grcLSJyIuqrYbRGPt8tkgFKBZ4jH8fUM07OQ7/i7HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba98IRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94RWGhPUdtLVyFZAo2ycZYBD/YPM+hboYnypVoOogexCgS3Huzj1iNEi2Xq0aEm0eksFxzN0gw6H9IJtXTZtNv5OqUSUOG00qbI1y3PZO5I1Df98ojIcwshrf+RVr93dMre1UkvFgPEj1qOs4zoJDKV1v8RvGSB8upgTfygi2ghqw1rvDeg29osh5DPi4kIyV7E7T10zJgoKdC5UkJ2b8CoHIFNuyyZK4d6WN4uTmJ0tCoi17ELt4K3cDIOxZg63RLTdeGLfoyS7h7+VuucIC90hHx7d7+8mxq/9E2tx+L8W8S1y1lHqy5InsfSun0P0hHe5dWLReFy80qkwjmC2Rzf5+VCLEspj6TUMYQhzaQ1lpcLsUTMACv2mELugaGOakgq/fSk5/n+brj7vpGROZZ4igblPaswgMC/Bvk4MhQVUGic5OS80qDs8VfhQLVQif02jrfWv4zGJcQaoa65BRVZ0oE+6xajCzem19MYnXodIF1ZfxKHipDlO1DIIP/mEfeym0qgnCpqyvzcMLDtHI/BImXAnbv9Z7px9k1RxBYrwdBa/Z1UC7UBIPzpWk/2sdzVFho5PBC0w+fnCdRyyJkeVHmOAq+CLKzeq0KI5voxLOmKYo8ZoijyJOU45/L2l382hUcdfbW13ZsQcH24Ee5mI0KEYXr0nNgBC34GvhclTOP0kl2CSiVeZ3KzX6In+jE7E5yqAZ3CRoCrnLyOwj27HptIaWBaFFyAC2nneJiZW6REVCXHAMJvnCYJRPCeSosl1Birr0euybR4L+7Q+yQwqJTo25546/CF0Vl4zzF4Cs2blymmT2h41CtcTD8/0JdlrEB4w1GrzK5zxfFUCIoAyelOV1JwFY/OwvY+Q/vyQAPaNJ/dTV2mU8erGxkwVdl33scDZUA7Ftm/2EOQlxG2CqMYwuTYTKc/9bjRij2of55w
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Yes all envs read the properties files similarly


From: [mailto:] On Behalf Of Jeffrey Williams
Sent: Thursday, February 22, 2018 12:35 PM
To: Redman, Chad <>
Subject: Re: [grouper-users] Re: loader.config.hierarchy question


Turned out to be an issue on where that instance of was landing in the image upon build.  Once I had that adjusted, it works as expected.


Thanks for the follow-up.





On Thu, Feb 22, 2018 at 12:08 PM, Redman, Chad <> wrote:

Hi Jeffrey,


I tried to replicate this with a demo server, but in my case both gsh and the UI worked. I am trying with the most recent 2.3 source code, which should be close to a patched system but not exact. By encrypted password, I assume this means the MorphString utility, right? I tried it both encrypted and plain, and either way it worked. Does your config look similar to either one of these? Was there a stack trace with the bind error?






                loader.config.hierarchy =, file:/opt/ext-conf/ldap.ADLdap.pass,

                ldap.ADLdap.url = "ldap://localhost:389

                ldap.ADLdap.user = cn=manager,dc=example,dc=edu



                ldap.ADLdap.pass = secret






                loader.config.hierarchy =, file:/opt/ext-conf/ldap.ADLdap.pass.morphFile,


                ldap.ADLdap.url = "ldap://localhost:389

                ldap.ADLdap.user = cn=manager,dc=example,dc=edu

                #ldap.ADLdap.pass = /opt/ext-conf/ADLdap.pass



                encrypt.key = /opt/ext-conf/morphString.pass




                ldap.ADLdap.pass = /opt/ext-conf/ADLdap.pass





/opt/ext-conf/ADLdap.pass (this is "secret" encrypted)





You can try these diagnostic calls in GSH to verify things are working, but it sounds like GSH wasn't the problem.




import edu.internet2.middleware.morphString.Morph








From: [mailto:] On Behalf Of Jeffrey Williams
Sent: Thursday, February 15, 2018 4:27 PM
Subject: [grouper-users] Re: loader.config.hierarchy question


final follow-up: has its ldap.ADLdap.pass variable commented out, so the variable read from the prior /opt/ext-conf/ldap.ADLdap.pass should have been its only definition.


On Thu, Feb 15, 2018 at 4:25 PM, Jeffrey Williams <> wrote:

Apologies, hit send a little early.



On Thu, Feb 15, 2018 at 4:14 PM, Jeffrey Williams <> wrote:

UNCG is running TIER's Grouper 2.3 container in production and we're looking to promote our LDAP loader config into production.


I've been working on a dual git repo setup where one contains the various Grouper configurations and needed modifications to the container, while the other contains the more senstive parts of the config that need not be included if we were to share our config with others.


vtldap seems to put a wrench into this with not seeming to handle ciphered passwords as indicated in the docs.  I had the idea of using loader.config hierarchy as follows:


# comma separated config files that override each other (files on the right override the left)  

loader.config.hierarchy =, file:/opt/ext-conf/ldap.ADLdap.pass, file:/opt/etc/, file:



I had drop the unciphered ldap.ADLdap.pass variable into a separate file on a separate folder and let the loader read that first, followed by the rest of  This way, when we test ciphered LDAP loading creds again, we can reference the ciphered file in with no additional changes.


Observations: It seems that while this configuration pans out in a loader-only scenario(i.e. apache, tomcat are not started), if I spin up a UI/WS only container, I get a bind error.  If I drop the unciphered PW back into and restart the container, calling the loader job from the UI returns the same result as calling it from gsh session on the loader.


Question: Is there a significant difference in how the UI calls a loader job vs. how the daemon calls it?





Jeffrey Williams, Identity Management Specialist
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)



Jeffrey Williams, Identity Management Specialist
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)



Jeffrey Williams, Identity Management Specialist
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)

  • RE: [grouper-users] Re: loader.config.hierarchy question, Hyzer, Chris, 03/16/2018

Archive powered by MHonArc 2.6.19.

Top of Page