Skip to content
Permalink
Browse files

Adapt to cleaned-up Grouper connector (0.5)

Beware! This is an incompatible change. The new connector has no support
for "old" object classes (AccountObjectClass, GroupObjectClass) and uses
a different name for "plain" groups (ri:CustomPlainGroupObjectClass ->
ri:Group). Also the name and uid attribute names has been changed to
ri:name and ri:uuid.

Obsolete midpoint-objects directory was renamed appropriately before
it's definitely deleted.
  • Loading branch information
mederly committed Nov 23, 2019
1 parent c8e15d8 commit a2b389f25d24fed2a8503155b8fcea3adfd54cc7
Showing with 42 additions and 35 deletions.
  1. +2 −3 README.md
  2. 0 ...grouper/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-academic-person.xml
  3. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-affiliation.xml
  4. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-course.xml
  5. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-department.xml
  6. 0 ...r/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-generic-grouper-group.xml
  7. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-mailing-list.xml
  8. 0 .../grouper/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-midpoint-group.xml
  9. 0 ...per/{midpoint-objects → midpoint-objects (obsolete)}/archetypes/archetype-non-academic-person.xml
  10. 0 ...r/{midpoint-objects → midpoint-objects (obsolete)}/functionLibraries/function-library-grouper.xml
  11. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/objectTemplates/template-user.xml
  12. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-affiliations.xml
  13. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-courses.xml
  14. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-departments.xml
  15. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-generic-groups.xml
  16. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-grouper-sysadmin.xml
  17. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-mailing-lists.xml
  18. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/orgs/org-midpoint-groups.xml
  19. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/resources/ldap-main.xml
  20. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/resources/resource-grouper.xml
  21. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/resources/scriptedsql-sis-persons.xml
  22. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/resources/target-cs-portal.xml
  23. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/resources/target-faculty-portal.xml
  24. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/resources/target-mailing-lists.xml
  25. 0 ...rouper/{midpoint-objects → midpoint-objects (obsolete)}/roles/metarole-grouper-provided-group.xml
  26. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/roles/metarole-ldap-group.xml
  27. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/roles/role-ldap-basic.xml
  28. 0 ...per/{midpoint-objects → midpoint-objects (obsolete)}/systemConfigurations/SystemConfiguration.xml
  29. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/tasks/task-group-scavenger.xml
  30. 0 demo/grouper/{midpoint-objects → midpoint-objects (obsolete)}/users/user-banderson.xml
  31. +1 −1 demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
  32. BIN demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.4.jar
  33. BIN demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.5.jar
  34. +29 −25 ...erver/container_files/mp-home/post-initial-objects/functionLibraries/function-library-grouper.xml
  35. +6 −6 ...ouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/resource-grouper.xml
  36. +4 −0 ..._server/container_files/mp-home/post-initial-objects/systemConfigurations/SystemConfiguration.xml
@@ -15,16 +15,15 @@ The image contains the midPoint application along with some TIER-specific compon
- `shibboleth` to show integration with Shibboleth IdP, - `shibboleth` to show integration with Shibboleth IdP,
- `postgresql` to show how to use alternative dockerized repository, - `postgresql` to show how to use alternative dockerized repository,
- `extrepo` to show how to use external repository, - `extrepo` to show how to use external repository,
- `complex` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems. - `grouper` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems.


# Build instructions # Build instructions
``` ```
$ ./build.sh $ ./build.sh
``` ```
You can then continue with one of demo composition, e.g. simple or complex one. You can then continue with one of demo composition.


# Documentation # Documentation
Please see [Dockerized midPoint](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint) wiki page. Please see [Dockerized midPoint](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint) wiki page.


This is a work in progress, suitable for testing. This is a work in progress, suitable for testing.
For details on the project, see [Status of the work](https://spaces.at.internet2.edu/display/MID/Status+of+the+work).
@@ -25,7 +25,7 @@
<name>Grouper reconciliation (groups)</name> <name>Grouper reconciliation (groups)</name>
<extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3" <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType"> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
<mext:objectclass>ri:CustomPlainGroupObjectClass</mext:objectclass> <mext:objectclass>ri:Group</mext:objectclass>
</extension> </extension>
<taskIdentifier>605a0127-a313-442a-9d5e-151eac8b0745</taskIdentifier> <taskIdentifier>605a0127-a313-442a-9d5e-151eac8b0745</taskIdentifier>
<ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType"> <ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
Binary file not shown.
Binary file not shown.
@@ -78,12 +78,16 @@
import static com.evolveum.midpoint.schema.constants.SchemaConstants.* import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
import com.evolveum.midpoint.schema.util.* import com.evolveum.midpoint.schema.util.*
import com.evolveum.midpoint.prism.path.* import com.evolveum.midpoint.prism.path.*
import com.evolveum.midpoint.schema.constants.* import com.evolveum.midpoint.schema.constants.*
import com.evolveum.midpoint.prism.delta.* import com.evolveum.midpoint.prism.delta.*


PLAIN_GROUP_OBJECT_CLASS = new ItemName(MidPointConstants.NS_RI, 'CustomPlainGroupObjectClass') GROUP_OBJECT_CLASS = new ItemName(MidPointConstants.NS_RI, 'Group')
TRIGGER_FIRE_AFTER = 60000 ATTR_NAME = new ItemName(MidPointConstants.NS_RI, 'name')
TRIGGER_SAFETY_MARGIN = 10000 ATTR_UUID = new ItemName(MidPointConstants.NS_RI, 'uuid')
ATTR_MEMBER = new ItemName(MidPointConstants.NS_RI, 'member')

TRIGGER_FIRE_AFTER = 60000
TRIGGER_SAFETY_MARGIN = 10000


esbEvent = midpoint.getMessageBodyAsMap(message)['esbEvent'][0] esbEvent = midpoint.getMessageBodyAsMap(message)['esbEvent'][0]
log.info('esbEvent = {}', esbEvent) log.info('esbEvent = {}', esbEvent)
@@ -94,11 +98,11 @@
log.warn('No group name in membership change message, ignoring it: {}', esbEvent) log.warn('No group name in membership change message, ignoring it: {}', esbEvent)
return null return null
} }
groupId = esbEvent['groupId'] groupId = esbEvent['groupId']
if (groupId == null) { if (groupId == null) {
log.warn('No group ID in membership change message, ignoring it: {}', esbEvent) log.warn('No group ID in membership change message, ignoring it: {}', esbEvent)
return null return null
} }
isExported = matches(groupName, groupIncludePattern, groupExcludePattern) isExported = matches(groupName, groupIncludePattern, groupExcludePattern)
if (!isExported) { if (!isExported) {
log.info('Irrelevant group membership change, ignoring it: {}', groupName) log.info('Irrelevant group membership change, ignoring it: {}', groupName)
@@ -110,29 +114,29 @@
return null return null
} }
subjectId = esbEvent['subjectId'] subjectId = esbEvent['subjectId']
if (subjectId == null) { if (subjectId == null) {
log.info('Null subject ID in membership change message, ignoring it: {}', sourceId) log.info('Null subject ID in membership change message, ignoring it: {}', sourceId)
return null return null
} }
log.info('### {} - {} - {}', subjectId, eventType, groupName) log.info('### {} - {} - {}', subjectId, eventType, groupName)
identifiers = new HashMap() identifiers = new HashMap()
identifiers.put(ICFS_NAME, groupName) identifiers.put(ATTR_NAME, groupName)
identifiers.put(ICFS_UID, groupId) identifiers.put(ATTR_UUID, groupId)
ObjectDeltaType delta ObjectDeltaType delta
itemDelta = new ItemDeltaType() itemDelta = new ItemDeltaType()
itemDelta.modificationType = eventType == 'MEMBERSHIP_ADD' ? ModificationTypeType.ADD : ModificationTypeType.DELETE itemDelta.modificationType = eventType == 'MEMBERSHIP_ADD' ? ModificationTypeType.ADD : ModificationTypeType.DELETE
itemDelta.path = new ItemPathType(ItemPath.create(ShadowType.F_ATTRIBUTES, 'member')) itemDelta.path = new ItemPathType(ItemPath.create(ShadowType.F_ATTRIBUTES, ATTR_MEMBER))
itemDelta.value.add(RawType.fromPropertyRealValue(subjectId, null, prismContext)) itemDelta.value.add(RawType.fromPropertyRealValue(subjectId, null, prismContext))
delta = new ObjectDeltaType() delta = new ObjectDeltaType()
delta.changeType = ChangeTypeType.MODIFY delta.changeType = ChangeTypeType.MODIFY
delta.itemDelta.add(itemDelta) delta.itemDelta.add(itemDelta)


added = midpoint added = midpoint
.getOptimizingTriggerCreator(TRIGGER_FIRE_AFTER, TRIGGER_SAFETY_MARGIN) .getOptimizingTriggerCreator(TRIGGER_FIRE_AFTER, TRIGGER_SAFETY_MARGIN)
.createForNamedUser(subjectId) .createForNamedUser(subjectId)
log.info('Recompute trigger for {}: {}', subjectId, added ? 'added' : 'not added (already present or user not found)') log.info('Recompute trigger for {}: {}', subjectId, added ? 'added' : 'not added (already present or user not found)')


return UcfChangeUtil.create(PLAIN_GROUP_OBJECT_CLASS, identifiers, delta, prismContext) return UcfChangeUtil.create(GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
} else if (eventType == 'GROUP_ADD' || eventType == 'GROUP_DELETE') { } else if (eventType == 'GROUP_ADD' || eventType == 'GROUP_DELETE') {
groupName = esbEvent['name'] groupName = esbEvent['name']
groupId = esbEvent['id'] groupId = esbEvent['id']
@@ -142,16 +146,16 @@
return null return null
} }
identifiers = new HashMap() identifiers = new HashMap()
identifiers.put(ICFS_NAME, groupName) identifiers.put(ATTR_NAME, groupName)
identifiers.put(ICFS_UID, groupId) identifiers.put(ATTR_UUID, groupId)
ObjectDeltaType delta ObjectDeltaType delta
if (eventType == 'GROUP_DELETE') { if (eventType == 'GROUP_DELETE') {
delta = new ObjectDeltaType() delta = new ObjectDeltaType()
delta.changeType = ChangeTypeType.DELETE delta.changeType = ChangeTypeType.DELETE
} else { } else {
delta = null delta = null
} }
return UcfChangeUtil.create(PLAIN_GROUP_OBJECT_CLASS, identifiers, delta, prismContext) return UcfChangeUtil.create(GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
} else { } else {
log.warn('Unsupported event type: {} -> {}', eventType, esbEvent) log.warn('Unsupported event type: {} -> {}', eventType, esbEvent)
return null return null
@@ -32,15 +32,15 @@
<rest:baseUrl>https://grouper-ws:443</rest:baseUrl> <rest:baseUrl>https://grouper-ws:443</rest:baseUrl>
<rest:username>banderson</rest:username> <rest:username>banderson</rest:username>
<rest:password>password</rest:password> <rest:password>password</rest:password>
<rest:superGroup>etc:sysadmingroup</rest:superGroup> <!-- parameter name will be changed --> <rest:testStem>:</rest:testStem>
<!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test -->
<rest:exportStem>:</rest:exportStem>
<rest:groupIncludePattern>app:.*</rest:groupIncludePattern> <rest:groupIncludePattern>app:.*</rest:groupIncludePattern>
<rest:groupIncludePattern>test:.*</rest:groupIncludePattern> <rest:groupIncludePattern>test:.*</rest:groupIncludePattern>
<rest:groupIncludePattern>ref:.*</rest:groupIncludePattern> <rest:groupIncludePattern>ref:.*</rest:groupIncludePattern>
<rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern> <rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
<rest:subjectSource>ldap</rest:subjectSource> <rest:subjectSource>ldap</rest:subjectSource>
<rest:groupSource>g:gsa</rest:groupSource>
<rest:ignoreSslValidation>true</rest:ignoreSslValidation> <rest:ignoreSslValidation>true</rest:ignoreSslValidation>
<rest:exportStem>:</rest:exportStem>
</icfc:configurationProperties> </icfc:configurationProperties>
</connectorConfiguration> </connectorConfiguration>
<additionalConnector> <additionalConnector>
@@ -86,10 +86,10 @@
<objectType> <objectType>
<kind>entitlement</kind> <kind>entitlement</kind>
<intent>group</intent> <intent>group</intent>
<objectClass>ri:CustomPlainGroupObjectClass</objectClass> <objectClass>ri:Group</objectClass>
<default>true</default> <default>true</default>
<attribute> <attribute>
<ref>icfs:name</ref> <ref>ri:name</ref>
<inbound> <inbound>
<strength>strong</strength> <strength>strong</strength>
<target> <target>
@@ -139,7 +139,7 @@
<enabled>true</enabled> <enabled>true</enabled>
<kind>entitlement</kind> <kind>entitlement</kind>
<intent>group</intent> <intent>group</intent>
<objectClass>ri:CustomPlainGroupObjectClass</objectClass> <objectClass>ri:Group</objectClass>
<focusType>OrgType</focusType> <focusType>OrgType</focusType>
<correlation> <correlation>
<q:equal> <q:equal>
@@ -49,6 +49,10 @@
<level>INFO</level> <level>INFO</level>
<package>com.evolveum.midpoint.model.impl.lens.Clockwork</package> <package>com.evolveum.midpoint.model.impl.lens.Clockwork</package>
</classLogger> </classLogger>
<classLogger>
<level>DEBUG</level>
<package>com.evolveum.polygon.connector.grouper</package>
</classLogger>
<appender id="11" xsi:type="c:FileAppenderConfigurationType"> <appender id="11" xsi:type="c:FileAppenderConfigurationType">
<pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern> <pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern>
<name>MIDPOINT_LOG</name> <name>MIDPOINT_LOG</name>

0 comments on commit a2b389f

Please sign in to comment.
You can’t perform that action at this time.