[GAP] Dispatcher configuration

Jeffrey Eaton jeaton at cmu.edu
Thu Mar 17 10:43:50 EDT 2016 

Sure, here's a sample.  We send almost everything to 389 for both isMemberOf and group objects, except for a few intermediate groups used only in composite group math.  AD gets just a part of the applications. We also have queues which have listeners to do other things, like send messages to Oracle Identity Manager to provision or deprovision resources, some other scripts for triggering changes in Google Apps, and some scripts for sending email notifications so if the membership changes people get informed.  The AD, 389 isMemberOf, and 389 Groups ones are using the GAP code to consume the messages and to their thing.  The other queues use slightly different code (mostly because they were developed either by different people, or before GAP was ready), but probably should be moved into the GAP framework where possible.

-jeaton



# Configuration for grouper dispatcher
# use | as field separator
# the group name can use "*" as a wildcard - trailing characters only (at least to start)
# format: [json|xml]
# group-name|queue-name|format

# OIM groups.  Don't bother sending the intermediates, just the composites
+|Apps:oim:*|apps.oim.groups| addMember, removeMember |json
-|Apps:oim:*:Exclude|apps.oim.groups| addMember, removeMember |json
-|Apps:oim:*:Include|apps.oim.groups| addMember, removeMember |json
-|Apps:oim:*:Excludes|apps.oim.groups| addMember, removeMember |json
-|Apps:oim:*:Includes|apps.oim.groups| addMember, removeMember |json

# AD groups
+|Apps:Citrix:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:CMUWorks:HRRPT:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:ISO:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:Library:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:Network:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:Roulette:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:ServiceNow:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:Sharepoint:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:VirtualColo:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json
+|Apps:Windows:*|ad.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, fullSync|json

#389 ismemberof
+|acs:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
+|Apps:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
+|Campus:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
+|cmu:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
+|Community:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
+|Courses:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
+|People:jeaton:*|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
-|Apps:OIM:*:Exclude|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
-|Apps:OIM:*:Include|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
-|Apps:OIM:*:Excludes|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json
-|Apps:OIM:*:Includes|389.ismemberof|deleteGroupIsMemberOf, addIsMemberOf, removeIsMemberOf, fullSyncIsMemberOf|json

#389 groups
+|acs:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
+|Apps:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
+|Campus:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
+|cmu:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
+|Community:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
+|Courses:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
+|People:jeaton:*|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
-|Apps:oim:*:Include|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
-|Apps:oim:*:Exclude|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
-|Apps:oim:*:Includes|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json
-|Apps:oim:*:Excludes|389.groups|deleteGroup, createGroup, updateGroup, renameGroup, addMember, removeMember, addPrivilege, removePrivilege, fullSync, fullSyncPrivilege|json

# Google stuff
+|Apps:GoogleApps:andrew.cmu.edu:STATIC|email.google|*|json
+|Apps:GoogleApps:andrew.cmu.edu:Unprovisioned|identity.email.google|*|json
+|Apps:GoogleApps:andrew.cmu.edu:FERPA|identity.email.google|*|json

# Email notification groups
+|apps:provisioning:verify:noeppn|grouper.email.notifications|addMember, removeMember|json
+|Apps:Provisioning:Verify:AllUsersNotCategorized|grouper.email.notifications|addMember, removeMember|json
+|community:department:computingservices:systemsdevteam|grouper.email.notifications|addMember, removeMember|json

# noeppn
+|apps:provisioning:verify:noeppn|identity.lifecycle.noeppn|addMember, removeMember|json

# alumni
+|apps:alumni:*|apps.alumni|addMember, removeMember|json

> On Mar 16, 2016, at 4:13 PM, Shannon Roddy via Identity-services-gap <identity-services-gap at lists.andrew.cmu.edu> wrote:
> 
> Hello,
> 
> Would it be possible to get a copy of the dispatcher configuration as it
> is being run at CMU?  We are trying to work through which grouper
> changelog messages should go to which provisioners and it would be
> helpful to see how CMU has it divided up.  For instance, it has been
> said that at CMU, IsMemberOf operations go to a different provisioner
> than the group operations.
> 
> Thank you,
> Shannon Roddy
> _______________________________________________
> Identity-services-gap mailing list
> Identity-services-gap at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/identity-services-gap

More information about the Identity-services-gap mailing list