Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Any course group can be manually verified against SWS data.


Adding an LDAP server ( DRAFT )

Adding an LDAP is complicated by a couple of factors:

  1. Each gws_grouper has a list of ldaps that it updates with member adds and deletes.
    1. Configured in (WEB-APP)/applicationContext.xml
    2. Update requires tomcat restart.
  2. Each ldap_provisioner has a list of ldaps to provision.
    1. One per gws host.
    2. One active, others standby.
    3. Configured in (ldap-provisioning)/provision.conf
    4. Change requires restart of the provisioner.
  3. Startup of the new LDAP requires:
    1. Copy ldap dump from a live ldap.
      1. The ldaps save a dump image every 20min after the hour.
    2. Start the service.
    3. Takes a few minutes.

The transition might go something like this:


  • We have the present configuration:
    • gws hosts: iam21,22,23,26
    • ldap hosts: stilpo21,22,23
  • The active ldap-provisioner is on iam21.
  • We are adding stilpo31 to the LDAP cluster


  1. Add stilpo31 to the ldap-provisioner's config on all gws hosts
  2. Add stilpo31 to the gws_grouper config on all gws hosts
  3. @ 21 after the hour.  ON stilpo31
    1. Copy  stilpo21:/data/au20aa/groups.ldif → /data/groups/data/groups.ldif
    2. Stop slapd:  /data/openldap/libexec/slapd stop
    3. Drop the old database: rm data.mdb
    4. Build new database: ?? where is slapdadd?
    5. fix ownerships
    6. Start:  /data/openldap/libexec/slapd start
  4. Stop the ldap-provisioner on iam22
    1. both the process and the shell script
  5. Restart tomcat on iam22.
    1. Idle, wait for inactivity, restart
  6. Stop the ldap-provisioner on iam21
    1. both the process and the shell script
  7. Start the ldap-provisioner on iam22
  8. Restart tomcat on iam21.
  9. Restart tomcat on iam23.
  10. Restart tomcat on iam26.
  11. ( more to follow )