grouper-dev - [grouper-dev] PSP - existing memberships not matched
Subject: Grouper Developers Forum
List archive
- From: Gagné Sébastien <>
- To: <>
- Cc: <>
- Subject: [grouper-dev] PSP - existing memberships not matched
- Date: Tue, 21 Feb 2012 15:32:27 -0500
Another problem with PSP provisioning using Grouper 2.1 (API, UI and PSP) When using bulkDiff and bulkSync, it seems the psp does not match the AD membership with the Grouper membership. If you look at the bulkDiff below, you will see that there is an add request and a delete request for the same subject ID (test 1234). If I try to sync (see below) the request will fail because it tries to add the same member a second time. Even if I add a new subject I get the same result, the only thing different is there will be a second ID in the ‘add’. Sync will still fail and the new member will NOT be provisioned (which is a big deal). If I start with an empty group and add multiple members they will be provisioned to AD, but after that it will begin to fail in the same way. If I delete all the members in AD before a sync it will sync properly. It might be worth mentioning that I encountered the same problem with the previous LDAPPCNG and was never able to fix it (I decided to wait for the PSP) My hypothesis is that somewhere AD’s sAMAccountName or the group’s member isn’t mapped to the Subject ID (which is mapped to sAMAccountName). Or group’s member dn do not match the subject ID (which is sAMAccountName) Anyone had this problem ? Thanks $ ../bin/gsh.sh -psp -bulkDiff <psp:diffResponse status='success' requestID='2012/02/21-15:06:23.415'> <modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='group' requestID='2012/02/21-15:06:23.536' returnData='everything'> <psoID ID='cn=Test3,ou=Stem2,ou=UdeM,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/> <modification modificationMode='add'> <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'> <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'> <spmlref:toPsoID ID='CN=test 1234,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/> </spmlref:reference> </capabilityData> </modification> <modification modificationMode='delete'> <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'> <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'> <spmlref:toPsoID ID='CN=test 1234,OU=People,DC=devsim,DC=umontreal,DC=ca' targetID='ldap'/> </spmlref:reference> </capabilityData> </modification> </modifyRequest> <psp:id ID='UdeM:Stem2:Test3'/> </psp:diffResponse> $ ../bin/gsh.sh -psp -bulkSync <psp:syncResponse> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2012/02/21-15:07:31.238' error='customError'> <errorMessage>[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0 _]</errorMessage> </modifyResponse> <psp:id ID='UdeM:Stem2:Test3'/> </psp:syncResponse> Sébastien Gagné, | Analyste en informatique 514-343-6111 x33844 | Université de Montréal, | Pavillon Roger-Gaudry, local X-100-11 |
- [grouper-dev] PSP - existing memberships not matched, Gagné Sébastien, 02/21/2012
- <Possible follow-up(s)>
- RE: [grouper-dev] PSP - existing memberships not matched, Gagné Sébastien, 02/22/2012
- [grouper-dev] Re: PSP - existing memberships not matched, Tom Zeller, 02/22/2012
- [grouper-dev] Re: PSP - existing memberships not matched, Tom Zeller, 02/22/2012
- [grouper-dev] Re: PSP - existing memberships not matched, Tom Zeller, 02/22/2012
Archive powered by MHonArc 2.6.16.