Grouper Developers Forum

[David Langenberg <>]

Yes, there are other classes in there, it's the old LDAPPC-NG application.  I don't think any of those should conflict with Grouper itself.  Are you seeing new errors?  

Dave

On Fri, Jan 17, 2014 at 12:17 PM, Sebastien Gagne <> wrote:

I had the chance to try it and it seems to works properly.

Is there any other classes included in the jar ? any possibility of affecting other parts of Grouper ?

Thanks

---
Sébastien Gagné, M.Ing., ing. jr

On Wed, Jan 15, 2014 at 10:33 AM, David Langenberg <> wrote:

Yeah, /lib/custom should do it.

Dave

On Wed, Jan 15, 2014 at 7:59 AM, Sebastien Gagne <> wrote:

Thanks David,

I'll try it out soon. Where should I place this file ? I don't see one to replace it, so I'm assuming I should put it in $GROUPER_HOME/lib/custom ?

---
Sébastien Gagné, M.Ing., ing. jr

On Tue, Jan 14, 2014 at 3:26 PM, David Langenberg <> wrote:

Yeah, it seems the class is in the old ldappc-ng distribution.  I've attached a jar.  Don't let the 2.2.0-SNAPSHOT scare you, nothing in this package has changed in a long time.

GRP-949 created so that we can get this put back into active distribution.

Dave

On Tue, Jan 14, 2014 at 11:12 AM, Gagné Sébastien <> wrote:

I missed that, but when I’m enabling it I get the following exception :

 

Caused by: java.lang.ClassNotFoundException: edu.internet2.middleware.ldappc.util.RangeSearchResultHandler

 

Is it in a different package ? did the package name change over time ?

 

Also it seems the example line included is outdated since I’ll get a different error if I try it (java.lang.ClassNotFoundException: edu.internet2.middleware.ldappc.util.QuotedDnResultHandler). I tried adding the RangeSearchHandler in the current line, but then I get the above error.

 

De : [mailto:] De la part de David Langenberg
Envoyé : 14 janvier 2014 12:42
À : Sebastien Gagne
Cc : Grouper Dev
Objet : Re: [grouper-dev] PSP Sync error with groups with more than 1500 members in AD

 

Hi Sebastien,

 

Have you enabled the RangeSearchResultHandler in your ldap.properties?

 

# handle Active Directory groups with a large (>1500) number of members

# see https://bugs.internet2.edu/jira/browse/GRP-335

# see http://code.google.com/p/vt-middleware/wiki/vtldapAD#Range_Attributes

 edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.internet2.middleware.ldappc.util.RangeSearchResultHandler

 

Dave

 

On Tue, Jan 14, 2014 at 9:38 AM, Sebastien Gagne <> wrote:

Hi,

it's been a while that I had problems with the PSP, but I ran into something recently :

 

Groups that have more than 1500 members generates an error when synchronizing them to our Active Directory. 

 

Test Group : acad:1801:Cours:A13_SPT6000-A

Number of members : 3059

 

Doing a manual calc on the groups returns the 3059 members that should be in the group.

 

Doing a manual diff on the group return 3059 ADD request, but in Active Directory, I see that the group already has more than 1500  members from an initial sync.

 

I believe the problem comes from an LDAP limitation of a maximum of 1500 retrieved members in a search. If there's more than 1500 members, the query need to have the "range=" option in it. The ldap used by the PSP isn't probably using it so it return no values. Since there's no values, the PSP tries to add the same members again and gets the below errors.

 

http://msdn.microsoft.com/en-us/library/windows/desktop/aa367017(v=vs.85).aspx

 

Since it's only 3 groups, it's not a big problem here, but it would be nice to have a fix for this problem.

 

Thank you

 

 

 

Log from a PSP realtime sync :

 

2014-01-14 06:37:01,856: [main] ERROR BaseSpmlProvider.execute(386) -  - Target 'ldap' - Modify ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0

_]},requestID=2014/01/14-06:36:59.928]

2014-01-14 06:37:01,859: [main] ERROR BaseSpmlProvider.execute(386) -  - Target 'psp' - Modify ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0

_]},requestID=2014/01/14-06:36:59.928]

2014-01-14 06:37:01,859: [main] ERROR Psp.execute(1440) -  - Psp 'psp' - Sync SyncResponse[id=acad:1801:Cours:A13_SPT6000-A,status=failure,error=customError,errorMessages={[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0

_]},requestID=2014/01/14-06:36:55.635,ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0

_]},requestID=2014/01/14-06:36:59.928]]

 

 

PSP Sync (manual)

<psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2014/01/14-11:32:02.059' error='customError'>

  <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2014/01/14-11:32:29.559' error='customError'>

    <errorMessage>[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0

_]</errorMessage>

  </modifyResponse>

  <errorMessage>[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0

_]</errorMessage>

  <psp:id ID='acad:1801:Cours:A13_SPT6000-A'/>

</psp:syncResponse>

 

 

---
Sébastien Gagné, M.Ing., ing. jr

 

--
David Langenberg

Identity & Access Management

The University of Chicago

--
David Langenberg

Identity & Access Management

The University of Chicago

--
David Langenberg

Identity & Access Management

The University of Chicago

--
David Langenberg

Identity & Access Management

The University of Chicago