PennGroups
From Provider Wiki
|
[1]Download the client
Email the support listserv: penngroups-help@lists.upenn.edu
To request access to PennGroups, submit an access form: [2]http://www.upenn.edu/computing/penngroups/pennGroupsAccess.pdf
[3]Course list description
FAQ:
How can I see the name and description from the grouperClient (or WS)?
[mchyzer@flash pennGroupsClient-1.4.2]$ java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup --subjectAttributeNames=PENNNAME,EMAIL,name,description --outputTemplate='${wsSubject.attributeValues[0]} ${wsSubject.attributeValues[1]} ${wsSubject.attributeValues[2]}: ${wsSubject.attributeValues[3]}$newline$'
bwh bwh@isc.upenn.edu Bryan W Hopkins: Bryan W Hopkins (bwh, 10064187) Pennpay, Staf (active)
mchyzer mchyzer@isc.upenn.edu Michael Christopher Hyzer: Michael Christopher Hyzer (mchyzer, 10021368) Pennpay, Staf (active)
How can I edit group memberships in the UI?
See this page: PennGroupsUi
How can I test connectivity to the PennGroups?
You can try to list a public group we have setup with the PennGroups client:
C:\temp>java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup GroupIndex 0: success: T: code: SUCCESS: group: test:testGroup: subjectIndex: 0: 10064187 GroupIndex 0: success: T: code: SUCCESS: group: test:testGroup: subjectIndex: 1: 10021368
You can list the same group with ldap:
C:\temp>java -jar grouperClient.jar --operation=getMembersLdap --groupName=test:testGroup
How can I return pennkeys from the web service?
You can specify to return pennnames, and you can use them in your output template:
C:\temp>java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup --subjectAttributeNames=PENNNAME --outputTemplate=${wsSubject.attributeValues[0]}$newline$
bwh
mchyzer
How can I query based on pennkey from the web service?
You can use the built in pennkey support in Penn's grouper client (needs custom configuration over the generic Grouper download):
C:\temp>java -jar grouperClient.jar --operation=hasMemberWs --groupName=test:testGroup --pennKeys=mchyzer,bwh Index 0: success: T: code: IS_MEMBER: 10021368: true Index 1: success: T: code: IS_MEMBER: 10064187: true
How can I get pennnames and emails from a WS call?
java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup --subjectAttributeNames=PENNNAME,EMAIL --outputTemplate='${wsSubject.attributeValues[0]} ${wsSubject.attributeValues[1]}$newline$'
abc abc@isc.upenn.edu
def def@isc.upenn.edu
How can I make a group which has a manual membership list and requires users to be faculty student or staff?
First off, you need permission to view the facultyStudentStaff group, email the support listserv penngroups-help@lists.upenn.edu. Then you can make this client request (note, the composite arguments shouldnt be necessary, but until it is fixed, use them and it will work). This makes a group, a system of record group (where the manual entries go), and the overall group is a composite intersection of the manual group and the facultyStudentStaff group.
C:\temp>java -jar grouperClient.jar --operation=groupSaveWs --name=test:isc:astt:chris:myGroup --includeGroupDetail=true --description="test group with requiring active facultyStudentStaff" --displayExtension="My test group" --attributeName0=requireAlsoInGroups --attributeValue0=penn:community:facultyStudentStaff --typeNames=requireInGroups --compositeType=INTERSECTION --leftGroupName=test:isc:astt:chris:myGroup_systemOfRecord --rightGroupName=penn:community:facultyStudentStaff Success: T: code: SUCCESS_INSERTED: test:isc:astt:chris:myGroup
What does that look like in a soap request?
<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <ns1:groupSave xmlns:ns1="http://soap.ws.grouper.middleware.internet2.edu/xsd"> <ns1:clientVersion>v1_4_002</ns1:clientVersion> <ns1:wsGroupToSaves> <ns1:wsGroup> <ns1:description> test group with requiring active facultyStudentStaff </ns1:description> <ns1:detail> <ns1:attributeNames>requireAlsoInGroups</ns1:attributeNames> <ns1:attributeValues>penn:community:facultyStudentStaff</ns1:attributeValues> <ns1:compositeType>intersection</ns1:compositeType> <ns1:hasComposite>T</ns1:hasComposite> <ns1:leftGroup> <ns1:description></ns1:description> <ns1:displayExtension></ns1:displayExtension> <ns1:displayName></ns1:displayName> <ns1:extension></ns1:extension> <ns1:name>penn:community:facultyStudentStaff</ns1:name> <ns1:uuid></ns1:uuid> </ns1:leftGroup> <ns1:rightGroup> <ns1:description></ns1:description> <ns1:displayExtension></ns1:displayExtension> <ns1:displayName></ns1:displayName> <ns1:extension></ns1:extension> <ns1:name>test:isc:astt:chris:myGroup_systemOfRecord</ns1:name> <ns1:uuid></ns1:uuid> </ns1:rightGroup> <ns1:typeNames>requireInGroups</ns1:typeNames> </ns1:detail> <ns1:displayExtension>My test group</ns1:displayExtension> <ns1:extension>myGroup</ns1:extension> <ns1:name>test:isc:astt:chris:myGroup</ns1:name> </ns1:wsGroup> <ns1:wsGroupLookup> <ns1:groupName>test:isc:astt:chris:myGroup</ns1:groupName> </ns1:wsGroupLookup> </ns1:wsGroupToSaves> <ns1:actAsSubjectLookup> <ns1:subjectId></ns1:subjectId> </ns1:actAsSubjectLookup> <ns1:txType></ns1:txType> <ns1:includeGroupDetail>T</ns1:includeGroupDetail> </ns1:groupSave> </soapenv:Body> </soapenv:Envelope>
Grouper Client setup:
To use PennGroups, or the Pennkey to PennID translation service, you need a kerberos service principal. You can use the Grouper Client, or web services, you need have a known password. To just use LDAP directly, you can use a known password or another method. Here are the commands that your kadmin (kerberos administrator) can issue to create a kerberos service principal with a known password (ON UNIX), assuming the kadmin principal is lila/kadmin-isc-seo.upenn.edu, and the principal to create is: penngroups/medley-test.isc-seo.upenn.edu
[lila@bastion ~]$ kadmin -p lila/kadmin-isc-seo.upenn.edu Authenticating as principal lila/kadmin-isc-seo.upenn.edu with password. Password for lila/kadmin-isc-seo.upenn.edu@UPENN.EDU:
kadmin: addprinc -randkey +requires_preauth penngroups/medley-test.isc-seo.upenn.edu NOTICE: no policy specified for penngroups/medley-test.isc-seo.upenn.edu@UPENN.EDU; assigning "default" Principal "penngroups/medley-test.isc-seo.upenn.edu@UPENN.EDU" created.
kadmin: cpw penngroups/medley-test.isc-seo.upenn.edu Enter password for principal "penngroups/medley-test.isc-seo.upenn.edu": Re-enter password for principal "penngroups/medley-test.isc-seo.upenn.edu": Password for "penngroups/medley-test.isc-seo.upenn.edu@UPENN.EDU" changed.
For windows, you dont need the -p. http://www.upenn.edu/computing/pennkey/sysadmin/e_install_win/kadmin.html
If you issued those commands, then the principal to login with in grouperClient or web services would be: penngroups/medley-test.isc-seo.upenn.edu. NOTE: the kerberos principal is case-sensitive.
You can test the creation by getting a Kerberos ticket with that login/pass (e.g. leash)
Windows users will need to install the kadmin tool as noted at http://www.upenn.edu/computing/pennkey/sysadmin/e_install_win/kadmin.html. More information on creating and managing non-user Kerberos principals is available at http://www.upenn.edu/computing/pennkey/sysadmin/c_install_gen/kadmin-howto.html.
Subject/Entity API:
Subject attributes
The following are attributes you can get from WS or grouperClient:
name: person's name. This is private and should not be published
description: description you see in the UI (don't parse this, it is subject to change), this is useful in list results
EMAIL: person's private email address. Do not publish this, it is for university purposes only!
id: pennid
PENNNAME: pennkey
EMAIL_PUBLIC: (future): public email address that you can publish
NAME_PUBLIC: (future): public name that you can publish
FIRST_NAME: (future): private first name
LAST_NAME: (future): private last name
PERSON_ACTIVE: (future): T or F as to whether this person is active
NAME_FIRST_PUBLIC: (future): public first name
NAME_LAST_PUBLIC: (future): public last name
Grouper Client USAGE:
This program runs queries against grouper ldap and web services The system exit code will be 0 for success, and not 0 for failure Output data is printed to stdout, error messages are printed to stderr or logs (configured in grouper.client.properties) Grouper client webpage: https://wiki.internet2.edu/confluence/display/GrouperWG/Grouper+Client
Arguments are in the format: --argName=argValue
Example argument: --operation=encryptPassword
Example argument(OS dependent): --operation="value with whitespace"
Optional arguments below are in [brackets]
Misc Operations
Encrypt passwords for storing passwords in external encrypted files:
java -jar grouperClient.jar --operation=encryptPassword [--dontMask=true|false]
Usage (this message):
java -jar grouperClient.jar
Send file to web service:
java -jar grouperClient.jar --operation=sendFile --urlSuffix=groups/aStem:aGroup/members [fileName=theFileName] [fileContents=theFileContents] [--contentType=text/xml] [--labelForLog=addMember] [--indentOutput=false] [--saveResultsToFile=fileName] [--debug=true] [--clientVersion=someVersion] e.g. java -jar grouperClient.jar --operation=sendFile --fileName="C:/addMember.xml" --urlSuffix=groups/aStem:aGroup/members
LDAP Operations
pennname to pennid usage:
java -jar grouperClient.jar --operation=pennnameToPennid --pennnameToDecode=pennname [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true] e.g.: java -jar grouperClient --operation=pennnameToPennid --pennnameToDecode=jsmith output: pennid: 12341234
pennid to pennname usage:
java -jar grouperClient.jar --operation=pennidToPennkey --pennidToDecode=pennid [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true] e.g.: java -jar grouperClient --operation=pennidToPennkey --pennidToDecode=12341234 output: pennname: jsmith
hasMember ldap usage:
java -jar grouperClient.jar --operation=hasMemberLdap --groupName=a:b:c --pennnameToCheck=pennkey [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true] e.g.: java -jar grouperClient --operation=hasMemberLdap --groupName=penn:myfolder:mygroup --pennnameToCheck=jsmith output: hasMemberLdap: true
getMembers ldap usage:
java -jar grouperClient.jar --operation=getMembersLdap --groupName=a:b:c [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true] e.g.: java -jar grouperClient --operation=getMembersLdap --groupName=penn:myfolder:mygroup output: groupList: jsmith, tsmith, msmith note: extremely large group lists might not display fully (e.g. over 1000 members)
Web Service Operations
addMemberWs web service usage (note: you can replace all members of a group also):
java -jar grouperClient.jar --operation=addMemberWs --groupName=a:b:c [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--fieldName=fieldNameToAdd] [--txType=GcTransactionType] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--replaceAllExisting=true|false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=addMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456 output line: Index 0: success: T: code: SUCCESS: 12345
getMembersWs web service usage:
java -jar grouperClient.jar --operation=getMembersWs --groupNames=a:b:c,a:b:d [--fieldName=fieldNameToAdd] [--memberFilter=GcMemberFilter] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=getMembersWs --groupNames=aStem:aGroup,aStem:aGroup2 output line: GroupIndex 0: success: T: code: SUCCESS: group: aStem:aGroup: subjectIndex: 0: 12345
deleteMemberWs web service usage:
java -jar grouperClient.jar --operation=deleteMemberWs --groupName=a:b:c [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--fieldName=fieldNameToAdd] [--txType=GcTransactionType] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=deleteMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456 output line: Index 0: success: T: code: SUCCESS: 12345
hasMemberWs web service usage:
java -jar grouperClient.jar --operation=hasMemberWs --groupName=a:b:c [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--fieldName=fieldNameToAdd] [--memberFilter=GcMemberFilter] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=hasMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456 output line: Index 0: success: T: code: IS_MEMBER: 12345: true
getGroupsWs web service usage:
java -jar grouperClient.jar --operation=getGroupsWs [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--memberFilter=GcMemberFilter] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=getGroupsWs --subjectIds=12345,23456 output line: SubjectIndex 0: success: T: code: SUCCESS: subject: 12345: groupIndex: 0: aStem:aGroup2
groupSaveWs web service usage:
java -jar grouperClient.jar --operation=groupSaveWs --name=a:b:c [--includeGroupDetail=true] [--txType=transactionType] [--saveMode=SaveMode] [--groupLookupName=a:b:c] [--groupLookupUuid=sd87f-dsf87-sdf89-df78f] [--description=theDescription] [--displayExtension=theDisplayExtension] [--attributeName0=someName] [--attributeValue0=someValue] [--attributeNameX=xthName] [--attributeValueX=xthValue] [--compositeType=COMPLEMENT|INTERSECTION|UNION] [--leftGroupName=compositeLeft] [--rightGroupName=compositeRight] [--groupDetailParamName0=paramName] [--groupDetailParamValue0=paramValue] [--groupDetailParamNameX=xthName] [--groupDetailParamNameX=xthValue] [--typeNames=namesOfGroupTypes] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=groupSaveWs --name=aStem:aGroup output: Success: T: code: SUCCESS_INSERTED: aStem:aGroup
stemSaveWs web service usage:
java -jar grouperClient.jar --operation=stemSaveWs --name=groupName [--txType=transactionType] [--saveMode=SaveMode] [--stemLookupName=theName] [--stemLookupUuid=theUuid] [--description=theDescription] [--displayExtension=theDisplayExtension] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=stemSaveWs --name=aStem:someStem output: Success: T: code: SUCCESS_INSERTED: aStem:someStem
groupDeleteWs web service usage:
java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=groupName0,groupName1 [--txType=GcTransactionType] [--includeGroupDetail=true|false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=aStem:aGroup0,aStem:aGroup1 output line: Index 0: success: T: code: SUCCESS: aStem:aGroup0
stemDeleteWs web service usage:
java -jar grouperClient.jar --operation=stemDeleteWs --stemNames=a:b,a:c [--txType=GcTransactionType] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=stemDeleteWs --groupNames=aStem:aStem0,aStem:aStem1 output line: Index 0: success: T: code: SUCCESS: aStem:aStem0
getGrouperPrivilegesLiteWs web service usage
java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs [--groupName=a:b:c] [--stemName=a:b] [--privilegeName=admin|view|read|optin|optout|update|stem|create|etc] [--privilegeType=access|naming|etc] [--subjectId=subjId0] [--subjectIdentifier=subjIdent0] [--subjectSource=source0] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --groupName=aStem:aGroup --subjectId=test.subject.0 output line: Index 0: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin
assignGrouperPrivilegesLiteWs web service usage
java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --privilegeName=admin|view|read|optin|optout|update|stem|create|etc --allowed=true|false [--groupName=a:b:c] [--stemName=a:b] [--privilegeType=access|naming|etc] [--subjectId=subjId0] [--subjectIdentifier=subjIdent0] [--subjectSource=source0] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --groupName=aStem:aGroup --subjectId=test.subject.0 --privilegeName=admin --allowed=true output: Success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin
findGroupsWs web service usage
java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=AND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_EXACT_ATTRIBUTE|FIND_BY_GROUP_NAME_APPROXIMATE|FIND_BY_GROUP_NAME_EXACT|FIND_BY_GROUP_UUID|FIND_BY_STEM_NAME|FIND_BY_TYPE|etc [--groupName=a:b:c] [--groupUuid=12as-1234gjth] [--stemName=aStem:someStem] [--stemUuid=sfds-sds234] [--stemNameScope=ONE_LEVEL|ALL_IN_SUBTREE] [--groupTypeName=someName] [--groupAttributeName=someName] [--groupAttributeValue=someValue] [--includeGroupDetail=true|false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup output: Index 0: name: aStem:aGroup, displayName: A stem:A Group
Note: to specify group math, use queryFilterType of AND|OR|MINUS, and then specify attribute for the left group with a 0 after attribute name, and 1 for the right group. e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=OR --queryFilterType0=OR --queryFilterType00=FIND_BY_GROUP_NAME_APPROXIMATE --groupName00=aStem:aGroup --queryFilterType01=FIND_BY_GROUP_NAME_APPROXIMATE --groupName01=aStem:aGroup --queryFilterType1=FIND_BY_GROUP_NAME_APPROXIMATE --groupName1=aStem:aGroup
Note: it is not clear which attributes go with which filter types, the rules are in the Java class: WsQueryFilterType or use trial and error
findStemsWs web service usage
java -jar grouperClient.jar --operation=findStemsWs --queryFilterType=AND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_PARENT_STEM_NAME|FIND_BY_STEM_NAME|FIND_BY_STEM_NAME_APPROXIMATE|FIND_BY_STEM_UUID|etc [--stemName=a:b:c] [--stemUuid=12as-1234gjth] [--parentStemName=aStem:someStem] [--parentStemNameScope=ONE_LEVEL|ALL_IN_SUBTREE] [--stemAttributeName=someName] [--stemAttributeValue=someValue] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup output: Index 0: name: aStem:aStem0, displayName: A stem:A Stem 0
Note: to specify group math, use stemQueryFilterType of AND|OR|MINUS, and then specify attribute for the left stem with a 0 after attribute name, and 1 for the right stem. e.g.: java -jar grouperClient.jar --operation=findStemsWs --stemQueryFilterType=OR --stemQueryFilterType0=OR --stemQueryFilterType00=FIND_BY_STEM_NAME --stemName00=aStem --stemQueryFilterType01=FIND_BY_STEM_NAME --stemName01=aStem --stemQueryFilterType1=FIND_BY_STEM_NAME --stemName1=aStem
Note: it is not clear which attributes go with which filter types, the rules are in the Java class: WsStemQueryFilterType or use trial and error
memberChangeSubjectWs web service usage (note: you need to be in the sysAdminGroup or actAs someone who is)
java -jar grouperClient.jar --operation=memberChangeSubjectWs [--oldSubjectId=oldId] [--oldSubjectIdentifier=oldIdent] [--oldSubjectSource=oldSourceId] [--newSubjectId=newId] [--newSubjectIdentifier=newIdent] [--newSubjectSource=newSourceId] [--deleteOldMember=false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: --operation=memberChangeSubjectWs --oldSubjectId=test.subject.0 --newSubjectId=test.subject.1 --actAsSubjectId=GrouperSystem output: Success: T: code: SUCCESS: oldSubject: test.subject.0, newSubject: test.subject.1
Common Options
--outputTemplate=${index}: ${wsGroup.name}
the output template allow the caller to customize what is displayed in the output from the XML
anything in ${} will be evaluated, and there are different variables available for various operations.
if you pass in --debug=true, it will tell you the xml and the variables you can use. You can drill down
in the variables, e.g. ${wsGroupDeleteResult.wsGroup.name}, you can do operations, e.g. ${index+1},
you can do simple string utilities from GrouperClientUtils or GrouperClientCommonUtils, e.g.
${grouperClientUtils.trimToEmpty(wsGroup.name)}
--debug=true
this will display debug information including the request and response to stderr
--saveResultsToFile=/tmp/somefile.txt
you can save the stdout to a file if you like
--actAsSubjectId=subjId --actAsSubjectIdentifier=subjIdent --actAsSubjectSource=source
if you want to run the operation as a different user than the user who is authenticating
to the web service, then specify the actAsSubjectId or actAsSubjectIdentifier (and optionally
the actAsSubjectSource). You would do this e.g. to run a command as admin, or as a user who
is using the end layer application. Note you need permissions to do this in grouper.
--paramName0=name0 --paramValue0=value1 --paramNameX=xthParamName --paramValueX=xthParamValue
you can specify params in name/value pairs if the operation supports it (see grouper
web service documentation for details)
--clientVersion=someVersion
generally this does not need to be changed. This is the version label sent to the web service
which might affect the output from the web service. Not it does not affect the request to the
web service (besides the label), it only affect the response from the web service.
--txType=GcTransactionType affects how batched operations are executed on the server (e.g. adding multiple subjects to a group) generally the only values which make sense are to use a large transaction or not: READ_WRITE_NEW, NONE
--includeGroupDetail=true
if applicable, this option will return not only the group's name, but more information such as the
attribuites, types, composite members, etc.
--subjectAttributeNames=a,b,c
if applicable, subjects will be returned from the server with these attributes in a string array
