Grouper Developers Forum

[James Vuccolo <>]

On Feb 15, 2012, at 12:41 PM, Jim Fox wrote:

> 
> I mean
> 
>  ldapsearch -h cprdev2.iam.psu.edu -b dc=psu,dc=edu cn=llg5
> 


OK, so we have this, the user's primary entry in our LDAP server has a DN of 
uid=blah, in Lynn's case its uid=llg5,dc=psu,dc=edu.  Because of the 
technology that we are using for our distributed file system, we also have a 
cn=llg5,ou=groups,dc=psu,dc=edu entry which contains POSIX groups 
information.  In the previous version of group, our testing environment was 
set up that way too.

JimmyV.

> Jim
> 
> 
> On Wed, 15 Feb 2012, James Vuccolo wrote:
> 
>> Date: Wed, 15 Feb 2012 09:39:07 -0800
>> From: James Vuccolo 
>> <>
>> To: Jim Fox 
>> <>
>> Cc: Lynn Garrison 
>> <>,
>>  Tom Zeller 
>> <>,
>>    Grouper Dev 
>> <>
>> Subject: Re: [grouper-dev] grouper 2.1.0
>> 
>> On Feb 15, 2012, at 12:33 PM, Jim Fox wrote:
>> 
>>> 
>>> 
>>> Is it possible that an ldap subtree search for (cn=llg5) with base
>>> of 'dc=psu,dc=edu' returns two records, one of which does not include
>>> a 'uid' attribute?
>>> 
>> 
>> 
>> Nope, just one:
>> 
>> ldapsearch -h cprdev2.iam.psu.edu -b dc=psu,dc=edu uid=llg5 dn
>> uid=llg5,dc=psu,dc=edu
>> 
>> Jimmy.
>> 
>>> Jim
>>> 
>>> 
>>> On Wed, 15 Feb 2012, Lynn Garrison wrote:
>>> 
>>>> Date: Wed, 15 Feb 2012 06:16:17 -0800
>>>> From: Lynn Garrison 
>>>> <>
>>>> To: Jim Fox 
>>>> <>
>>>> Cc: James Vuccolo 
>>>> <>,
>>>>  Tom Zeller 
>>>> <>,
>>>>   Grouper Dev 
>>>> <>
>>>> Subject: Re: [grouper-dev] grouper 2.1.0
>>>> Jim, Tom,
>>>>    I have good news and not so good news.   I have been able to 
>>>> reproduce the problem in gsh.   Using the SubjectFinder.findAll command 
>>>> in gsh, I get the same error.   When I changed the search definition in  
>>>> the sources file to  filter on uid instead of cn and  removed the 
>>>> firstlastfilter of sn, I was able to execute the SubjectFinder.findAll 
>>>> in gsh.  I rebuilt the ui and I was able to find a subject.
>>>> 
>>>> Here is a snippet from the sources.xml file that worked
>>>> 
>>>> <search>
>>>>     <searchType>search</searchType>
>>>>       <param>
>>>>          <param-name>filter</param-name>
>>>>          <param-value>
>>>>               (cn=%TERM%)
>>>>          </param-value>
>>>>      </param>
>>>>       <param>
>>>>          <param-name>firstlastfilter</param-name>
>>>>          <param-value>
>>>>              (sn=%TERM%)
>>>>          </param-value>
>>>>      </param>
>>>>      <param>
>>>>          <param-name>scope</param-name>
>>>>          <param-value>SUBTREE_SCOPE</param-value>
>>>>      </param>
>>>>       <param>
>>>>          <param-name>base</param-name>
>>>>          <param-value>dc=psu,dc=edu</param-value>
>>>>      </param>
>>>>  </search>
>>>> 
>>>>    The sources.xml file that I have been using with grouper for the last 
>>>> two years of testing has always had the above search.  I must have run 
>>>> into this problem before but didn't remember the details.   I turned on 
>>>> subject api debug and ran the SubjectFinder.findAll command in gsh 
>>>> before I updated the sources file.   I am attaching the error log.  As 
>>>> we get closer to a production release it would be nice to be able to 
>>>> activate the cn/sn filter.
>>>> 
>>>> 
>>>> 
>>>> 
>> 
>> --
>> James "Jimmy" Vuccolo, 
>> 
>> Technical Manager, Identity and Access Management
>> The Pennsylvania State University
>> 215B Computer Building, University Park, PA 16802
>> Office: 814-865-5635
>> http://www.personal.psu.edu/jvuccolo/
>> 
>> 

--
James "Jimmy" Vuccolo, 

Technical Manager, Identity and Access Management
The Pennsylvania State University
215B Computer Building, University Park, PA 16802
Office: 814-865-5635 
http://www.personal.psu.edu/jvuccolo/