Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] grouper 2.1.0

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] grouper 2.1.0


Chronological Thread 
  • From: James Vuccolo <>
  • To: Jim Fox <>
  • Cc: Lynn Garrison <>, Tom Zeller <>, Grouper Dev <>
  • Subject: Re: [grouper-dev] grouper 2.1.0
  • Date: Wed, 15 Feb 2012 12:49:25 -0500


On Feb 15, 2012, at 12:41 PM, Jim Fox wrote:

>
> I mean
>
> ldapsearch -h cprdev2.iam.psu.edu -b dc=psu,dc=edu cn=llg5
>


OK, so we have this, the user's primary entry in our LDAP server has a DN of
uid=blah, in Lynn's case its uid=llg5,dc=psu,dc=edu. Because of the
technology that we are using for our distributed file system, we also have a
cn=llg5,ou=groups,dc=psu,dc=edu entry which contains POSIX groups
information. In the previous version of group, our testing environment was
set up that way too.

JimmyV.

> Jim
>
>
> On Wed, 15 Feb 2012, James Vuccolo wrote:
>
>> Date: Wed, 15 Feb 2012 09:39:07 -0800
>> From: James Vuccolo
>> <>
>> To: Jim Fox
>> <>
>> Cc: Lynn Garrison
>> <>,
>> Tom Zeller
>> <>,
>> Grouper Dev
>> <>
>> Subject: Re: [grouper-dev] grouper 2.1.0
>>
>> On Feb 15, 2012, at 12:33 PM, Jim Fox wrote:
>>
>>>
>>>
>>> Is it possible that an ldap subtree search for (cn=llg5) with base
>>> of 'dc=psu,dc=edu' returns two records, one of which does not include
>>> a 'uid' attribute?
>>>
>>
>>
>> Nope, just one:
>>
>> ldapsearch -h cprdev2.iam.psu.edu -b dc=psu,dc=edu uid=llg5 dn
>> uid=llg5,dc=psu,dc=edu
>>
>> Jimmy.
>>
>>> Jim
>>>
>>>
>>> On Wed, 15 Feb 2012, Lynn Garrison wrote:
>>>
>>>> Date: Wed, 15 Feb 2012 06:16:17 -0800
>>>> From: Lynn Garrison
>>>> <>
>>>> To: Jim Fox
>>>> <>
>>>> Cc: James Vuccolo
>>>> <>,
>>>> Tom Zeller
>>>> <>,
>>>> Grouper Dev
>>>> <>
>>>> Subject: Re: [grouper-dev] grouper 2.1.0
>>>> Jim, Tom,
>>>> I have good news and not so good news. I have been able to
>>>> reproduce the problem in gsh. Using the SubjectFinder.findAll command
>>>> in gsh, I get the same error. When I changed the search definition in
>>>> the sources file to filter on uid instead of cn and removed the
>>>> firstlastfilter of sn, I was able to execute the SubjectFinder.findAll
>>>> in gsh. I rebuilt the ui and I was able to find a subject.
>>>>
>>>> Here is a snippet from the sources.xml file that worked
>>>>
>>>> <search>
>>>> <searchType>search</searchType>
>>>> <param>
>>>> <param-name>filter</param-name>
>>>> <param-value>
>>>> (cn=%TERM%)
>>>> </param-value>
>>>> </param>
>>>> <param>
>>>> <param-name>firstlastfilter</param-name>
>>>> <param-value>
>>>> (sn=%TERM%)
>>>> </param-value>
>>>> </param>
>>>> <param>
>>>> <param-name>scope</param-name>
>>>> <param-value>SUBTREE_SCOPE</param-value>
>>>> </param>
>>>> <param>
>>>> <param-name>base</param-name>
>>>> <param-value>dc=psu,dc=edu</param-value>
>>>> </param>
>>>> </search>
>>>>
>>>> The sources.xml file that I have been using with grouper for the last
>>>> two years of testing has always had the above search. I must have run
>>>> into this problem before but didn't remember the details. I turned on
>>>> subject api debug and ran the SubjectFinder.findAll command in gsh
>>>> before I updated the sources file. I am attaching the error log. As
>>>> we get closer to a production release it would be nice to be able to
>>>> activate the cn/sn filter.
>>>>
>>>>
>>>>
>>>>
>>
>> --
>> James "Jimmy" Vuccolo,
>>
>> Technical Manager, Identity and Access Management
>> The Pennsylvania State University
>> 215B Computer Building, University Park, PA 16802
>> Office: 814-865-5635
>> http://www.personal.psu.edu/jvuccolo/
>>
>>

--
James "Jimmy" Vuccolo,

Technical Manager, Identity and Access Management
The Pennsylvania State University
215B Computer Building, University Park, PA 16802
Office: 814-865-5635
http://www.personal.psu.edu/jvuccolo/




Archive powered by MHonArc 2.6.16.

Top of Page