grouper-dev - Re: [grouper-dev] PSP sourceAttributeID not taken into account in LdapDnFromGrouperNamePSOIdentifierAttributeDefinition
Subject: Grouper Developers Forum
List archive
Re: [grouper-dev] PSP sourceAttributeID not taken into account in LdapDnFromGrouperNamePSOIdentifierAttributeDefinition
Chronological Thread
- From: Tom Zeller <>
- To: Gagné Sébastien <>
- Cc:
- Subject: Re: [grouper-dev] PSP sourceAttributeID not taken into account in LdapDnFromGrouperNamePSOIdentifierAttributeDefinition
- Date: Mon, 5 Nov 2012 12:26:58 -0600
My suggestion is to start with the test which deletes a group via the
grouper changelog. Comparing those logs should help.
The LdapDnFromGrouperNamePSOIdentifierAttributeDefinition, although
horribly named, does what it says and tries to return an ldap dn. The
ldap search you posted from the logs
"(&(sAMAccountName=acad:0310:Autres:Bonjour)(objectclass=person))"
is probably the MemberDataConnector and should be ignored.
The test I am thinking of is GrouperToLdapChangeLogTest.testGroupDelete().
On Mon, Nov 5, 2012 at 10:15 AM, Gagné Sébastien
<>
wrote:
> Hi,
>
> We have some problems with our DeleteGroupChangeLog provisioning.
> CreateGroup from changelog works good. I believe the problem comes from this
> attribute definition :
>
>
>
> <resolver:AttributeDefinition
>
> id="groupDn"
>
> xsi:type="psp-grouper-ldap:LdapDnFromGrouperNamePSOIdentifier"
>
> structure="${edu.internet2.middleware.psp.structure}"
>
> sourceAttributeID="${edu.internet2.middleware.psp.cnSourceAttributeID}"
>
>
>
> Looking at the code and logs, I believe LdapDnFromGrouperNamePSOIdentifier
> is ignoring the sourceAttributeID (name or extension). Here is what I have
> in ldap.properties :
>
>
>
> edu.internet2.middleware.psp.structure=flat
>
> edu.internet2.middleware.psp.cnSourceAttributeID=extension
>
>
>
> The Debug logs shows me that LdapDnFromGrouperNamePSOIdentifier is returning
> the full name instead of the extension :
>
>
>
> 10:39:00,065: Psp.execute(1069) - - PSP 'psp' - Calc
> CalcRequest[id=acad:0310:Autres:Bonjour,requestID=2012/11/05-10:39:00.061,returnData=everything]
> Resolving attributes '[groupDn, groupDnAlternate, groupDnAlternateChangeLog,
> groupObjectclass, cn, groupDescription, membersLdap, membersGsa, memberDn,
> changeLogMembershipGroupDn, changeLogMembershipLdapSubjectId,
> changeLogMembershipGroupSubjectName]'.
>
> 10:39:00,065: SimpleAttributeAuthority.getAttributes(86) - - get attributes
> 'acad:0310:Autres:Bonjour' aa 'psp.AttributeAuthority'
>
> 10:39:00,103: ChangeLogDataConnector.resolve(68) - - ChangeLog data
> connector 'DeleteGroupChangeLogDataConnector' - Resolve principal
> 'acad:0310:Autres:Bonjour'
>
> 10:39:00,104: ChangeLogDataConnector.resolve(81) - - ChangeLog data
> connector 'DeleteGroupChangeLogDataConnector' - Principal name
> 'acad:0310:Autres:Bonjour' does not match prefix
>
> 10:39:00,104: ChangeLogDataConnector.resolve(68) - - ChangeLog data
> connector 'UpdateGroupChangeLogDataConnector' - Resolve principal
> 'acad:0310:Autres:Bonjour'
>
> 10:39:00,104: ChangeLogDataConnector.resolve(81) - - ChangeLog data
> connector 'UpdateGroupChangeLogDataConnector' - Principal name
> 'acad:0310:Autres:Bonjour' does not match prefix
>
> 10:39:00,105:
> LdapDnFromGrouperNamePSOIdentifierAttributeDefinition.doResolve(189) - -
> Ldap dn from grouper name attribute definition 'groupDn' - Resolve principal
> 'acad:0310:Autres:Bonjour'
>
> 10:39:00,106:
> LdapDnFromGrouperNamePSOIdentifierAttributeDefinition.doResolve(189) - -
> Ldap dn from grouper name attribute definition 'groupDnAlternate' - Resolve
> principal 'acad:0310:Autres:Bonjour'
>
> 10:39:00,106:
> LdapDnFromGrouperNamePSOIdentifierAttributeDefinition.doResolve(197) - -
> Ldap dn from grouper name attribute definition 'groupDnAlternate' - Resolve
> principal 'acad:0310:Autres:Bonjour' No dependencies
>
> 10:39:00,106:
> LdapDnFromGrouperNamePSOIdentifierAttributeDefinition.doResolve(189) - -
> Ldap dn from grouper name attribute definition 'groupDnAlternateChangeLog' -
> Resolve principal 'acad:0310:Autres:Bonjour'
>
> 10:39:00,107:
> LdapDnFromGrouperNamePSOIdentifierAttributeDefinition.doResolve(197) - -
> Ldap dn from grouper name attribute definition 'groupDnAlternateChangeLog' -
> Resolve principal 'acad:0310:Autres:Bonjour' No dependencies
>
> 10:39:00,178: AbstractLdap.pagedSearch(290) - - Paginated search with the
> following parameters:
>
> 10:39:00,179: AbstractLdap.pagedSearch(291) - - dn =
> OU=People,DC=devsim,DC=umontreal,DC=ca
>
> 10:39:00,179: AbstractLdap.pagedSearch(292) - - filter =
> (&(sAMAccountName=acad:0310:Autres:Bonjour)(objectclass=person))
>
> 10:39:00,179: AbstractLdap.pagedSearch(293) - - filterArgs = []
>
>
>
> Looking at the LdapDnFromGrouperNamePSOIdentifierAttributeDefinition source
> I see at line 196 :
>
>
>
> if (getStructure().equals(GroupDnStructure.bushy)) {
>
> Use the extension
>
> else
>
> Use the group’s name
>
>
>
> There might be some problems with “AttributeDefinition
> id="groupDnAlternateChangeLog"” since the sourceAttributeID can only be
> "propertyOldValue" and we won’t be able to get the extension or name
> depending on the situation.
>
>
>
> How can we fix this ?
>
> Thanks
>
>
>
>
>
> Sébastien Gagné, | Analyste en informatique
>
> 514-343-6111 x33844 | Université de Montréal,
>
> | Pavillon Roger-Gaudry, local X-100-11
>
>
- [grouper-dev] PSP sourceAttributeID not taken into account in LdapDnFromGrouperNamePSOIdentifierAttributeDefinition, Gagné Sébastien, 11/05/2012
- Re: [grouper-dev] PSP sourceAttributeID not taken into account in LdapDnFromGrouperNamePSOIdentifierAttributeDefinition, Tom Zeller, 11/05/2012
Archive powered by MHonArc 2.6.16.