Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Advice around TLS, Java, Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Advice around TLS, Java, Grouper


Chronological Thread 
  • From: Olivier Salaün <>
  • To:
  • Subject: Re: [grouper-users] Advice around TLS, Java, Grouper
  • Date: Mon, 28 Jun 2021 16:57:50 +0200

I Michael,

We upgraded from Grouper 2.2.2 to Grouper 2.4.0 in 2019; it required some time and energy, I must admit.

We had 4 options for the upgrade process:

  1. upgrade using grouper installer: it failed because some patches failed;
  2. install a fresh 2.4.0 and export/import groups: failed as described in https://todos.internet2.edu/si/jira.issueviews:issue-html/GRP-947/GRP-947.html
  3. install a fresh 2.4.0 and export/import groups in GSH (see https://spaces.at.internet2.edu/display/Grouper/Grouper+export+to+a+GSH+script): failed for 3 reasons.
  1. the export feature required a Grouper upgrade,
  2. importing took too long (15 hours for 12.000 groups),
  3. importing failed because of group dependencies: if group A includes group B, you need to import group B before A.
install a fresh 2.4.0 and upgrade Groupe DB: this option succeeded :-)


Le 25/06/2021 à 16:05, Michael Carrick a écrit :
Hello.

I'm looking for some advice on a situation I have with TLS1.2, Java 1.7_80 and Grouper 2.2.2.

We have an urgent requirement to use TLS1.2 for our grouperloader service to communicate with our domain controllers, over LDAP.  We are running Grouper 2.2.2 with Java 1.7_80 and I believe TLS1.0/1.1 is currently used, however this about to be disabled on our domain controllers.

Getting TLS1.2 to work with Grouper 2.2.2/Java1.7 seems to be complicated and maybe impossible with Grouper.   
My understanding is that TLS1.2 is the default protocol in java 1.8, however Java 1.8 is not ideal with Grouper 2.2 and despite connecting with LDAP at service start up, it proceeds to give some error messages when pushing a new group in the Active directory and fails to do so.
Has anyone experience of enabling TLS1.2 in Grouper 2.2.2?


I've now began to test the upgrade to Grouper 2.3 (then onto 2.4 ideally).  The upgrade process is taking 26 hours to run the SQL DDL script which is frustrating and I'm yet to complete the upgrade successfully. I'm now on the second attempt but this time plan to upgrade each component (UI, WS API), test thoroughly then move onto the next component.
We tried to upgrade to 2.3 in the past but found PSPNG would not work as reliably for us as PSP did, hence our hesitancy in upgrading.


Any thoughts or advice would be very much appreciated.

Many thanks,

Michael Carrick
Newcastle University 
-- 
Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54



Archive powered by MHonArc 2.6.24.

Top of Page