Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] PSPNG error repeating (latest)

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] PSPNG error repeating (latest)


Chronological Thread 
  • From: "Gettes, Michael" <>
  • To: "" <>
  • Subject: Re: [grouper-dev] PSPNG error repeating (latest)
  • Date: Wed, 1 May 2019 02:19:50 +0000

I have 2 groups - one has 924 entries (T2) and the other 1691(t3). WIth
standard LDAP search the 924 group shows me as a member:
member: CN=gettes,OU=People,OU=UF,DC=dev-ad,DC=ufl,DC=edu
and goes through full-sync without error
and the 1691 group has me as:
member;range=0-1499: CN=gettes,OU=People,OU=UF,DC=dev-ad,DC=ufl,DC=edu

Clearly, range is the difference. logging shows the desire to add 1691
entries to the group on fullsync.

for the t3 group:
2019-04-30T22:57:55+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 18:57:55,158:
[FullSyncer(psp_UFADdev)-Thread] INFO LdapGroupProvisioner.doFullSync(217) -
- psp_UFADdev-full: Full-sync comparison for
App:UFAD:UF:Groups:Test:subfolder:t3: Target-subject count: Correct/Actual:
1691/0
2019-04-30T22:57:55+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 18:57:55,159:
[FullSyncer(psp_UFADdev)-Thread] INFO LdapGroupProvisioner.doFullSync(230) -
- psp_UFADdev-full: Group App:UFAD:UF:Groups:Test:subfolder:t3 has 0 extra
values
2019-04-30T22:57:55+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 18:57:55,159:
[FullSyncer(psp_UFADdev)-Thread] INFO LdapGroupProvisioner.doFullSync(243) -
- psp_UFADdev-full: Group App:UFAD:UF:Groups:Test:subfolder:t3 has 1691
missing values

and then…

2019-04-30T22:57:55+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 18:57:55,224:
[FullSyncer(psp_UFADdev)-Thread] INFO
LdapGroupProvisioner.scheduleGroupModification(91) - - Will change LDAP: ADD
cn=gettes,ou=people,ou=uf,dc=dev-ad,dc=ufl,dc=edu to member of
LdapGroup[ldap=LdapObject[id=1,cn=t3,samAccountName=$3H8E00-VKS86PPL4SOH,dn=cn=t3,ou=subfolder,ou=test,ou=grouper,ou=groups,ou=uf,dc=dev-ad,dc=ufl,dc=edu,provisioner=LdapGroupProvisioner[psp_UFADdev-full]]]

and my entry is definitely already in the group

i have spent a great deal of time trying to get all the parameters set for
active directory. I have gone from using all the defaults (not specifying to
specifying). I can’t seem to influence what’s going on here. I see in the
range handler for grouper there is a check for BaseDN being set. When I
specify the baseDN as

ldap.UFADdev.url = ldap://ufaddev-dc01.dev-ad.ufl.edu/DC=dev-ad,DC=ufl,DC=edu

I get the following error:

2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,718:
[FullSyncer(psp_UFADdev)-Thread] WARN
LdapSystem.performLdapSearchRequest(685) - - Search base does not exist:
OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu (No such object ldap error)
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,834:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist:
'ou=subfolder,ou=Test,OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,836:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist:
'ou=Test,OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,838:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist:
'OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,840:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist: 'OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,841:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist: 'OU=UF,DC=dev-ad,DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,843:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist: 'DC=dev-ad,DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,845:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist: 'DC=ufl,DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,847:
[FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapRead(631) - -
UFADdev: Ldap object does not exist: 'DC=edu'
2019-05-01T02:06:41+00:00 DAEMON:dev
grouper-api;grouper.log;grouper_dev;daemon;2019-04-30 22:06:41,847:
[FullSyncer(psp_UFADdev)-Thread] ERROR FullSyncProvisioner.fullSyncGroup(739)
- - FullSyncer(psp_UFADdev): Problem doing full sync. Requeuing group
App:UFAD:UF:Groups:Test:subfolder:t3
2019-05-01T02:06:41+00:00 DAEMON:dev java.lang.NullPointerException
2019-05-01T02:06:41+00:00 DAEMON:dev at
edu.internet2.middleware.grouper.pspng.LdapProvisioner.ensureLdapOusExist(LdapProvisioner.java:809)

When I am configured as:
ldap.UFADdev.url = ldap://ufaddev-dc01.dev-ad.ufl.edu/
I don’t get the above errors but I get the fullsyncer problems with the range
for groupers larger than 1500 members.

Is my problem there is something mis-configured with AD? I have no control
over AD and can’t see AD logs.

/mrg

> On Apr 30, 2019, at 5:06 PM, Gettes, Michael <> wrote:
>
> and I am sad to report that the fullsyncer seems to be complaining again.
> Same error - ENTRY_ALREADY_EXISTS. I thought I had this fixed. Guess not.
> I will try to isolate this problem and turn on DEBUG log. It’s now the
> 17K member group with the problem. Any pearls of wisdom of what to look
> for are appreciated. (bang head here).
>
> /mrg
>
>> On Apr 30, 2019, at 2:09 PM, Gettes, Michael <> wrote:
>>
>> After a bit more head-banging (and Carey pointing out my not seeing what
>> Bert saw with top)
>>
>> Here is the config I finally settled on and it works without the errors I
>> was reporting (except for the caching message which Bert is kind enough to
>> address in an upcoming patch).
>>
>> The problem I was trying to solve was to provide groups via PSPNG into AD
>> preserving DIT structure for compatibility so I can use Grouper to take
>> over already provided groups through custom software. I settled on using
>> displayName as a means of linking Grouper and AD instead of the
>> traditional CN which was clearly getting me in trouble. On the user
>> objects we have usernames that end in ‘.’ which is not allowed for
>> samAccountName.
>>
>> I am terribly sorry to have wasted Bert’s time with my mistakes and I am
>> grateful to Bert and Carey for taking time to help me.
>>
>> /mrg
>>
>> changeLog.consumer.psp_UFADdev.provisionerName = psp_UFADdev
>> changeLog.consumer.psp_UFADdev.class =
>> edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
>> changeLog.consumer.psp_UFADdev.type =
>> edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
>> changeLog.consumer.psp_UFADdev.quartzCron = 1/20 * * * * ?
>> changeLog.consumer.psp_UFADdev.ldapPoolName = UFADdev
>> changeLog.consumer.psp_UFADdev.retryOnError = false
>> changeLog.consumer.psp_UFADdev.isActiveDirectory = true
>> changeLog.consumer.psp_UFADdev.grouperIsAuthoritative = true
>> changeLog.consumer.psp_UFADdev.memberAttributeName = member
>> changeLog.consumer.psp_UFADdev.memberAttributeValueFormat =
>> ${ldapUser.getDn()}
>> changeLog.consumer.psp_UFADdev.groupSearchBaseDn =
>> OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>> changeLog.consumer.psp_UFADdev.groupCreationBaseDn =
>> OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>> changeLog.consumer.psp_UFADdev.allGroupsSearchFilter =
>> (&(objectclass=group)(objectclass=posixGroup))
>> changeLog.consumer.psp_UFADdev.singleGroupSearchFilter =
>> (&(objectclass=group)(displayName=${group.name}))
>> changeLog.consumer.psp_UFADdev.groupSearchAttributes =
>> cn,gidNumber,objectclass,samAccountName,name,displayName
>> changeLog.consumer.psp_UFADdev.groupCreationLdifTemplate = dn:
>> ${utils.bushyDn("${group.name.replaceAll('(App:.+:UF:Groups:)(.+):(.*)','$2:'+'$3'.replace(':','_'))}","cn","ou")}||objectclass:
>> top||objectclass: group||objectclass: posixGroup||gidNumber:
>> ${group.idIndex}||displayName: ${group.name}
>> changeLog.consumer.psp_UFADdev.userSearchBaseDn =
>> OU=People,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>> changeLog.consumer.psp_UFADdev.userSearchFilter =
>> userPrincipalName=${subject.id}
>> changeLog.consumer.psp_UFADdev.userSearchAttributes =
>> dn,cn,uid,mail,samAccountName,uidNumber,objectclass,memberOf,userPrincipalName
>> changeLog.consumer.psp_UFADdev.groupSearch_batchSize = 100
>> changeLog.consumer.psp_UFADdev.ldapSearchResultPagingSize = 1000
>> changelog.consumer.psp_UFADdev.grouperSubjectCacheSize = 400000
>> changelog.consumer.psp_UFADdev.grouperGroupCacheSize = 50000
>> changelog.consumer.psp_UFADdev.ldapUserCacheSize = 400000
>> changelog.consumer.psp_UFADdev.ldapUserCacheTime_secs = 3600
>> changelog.consumer.psp_UFADdev.maxValuesToChangePerOperation = 900
>> changeLog.consumer.psp_UFADdev.needsTargetSystemUsers = true
>> changeLog.consumer.psp_UFADdev.supportsEmptyGroups = true
>> changeLog.consumer.psp_UFADdev.createMissingUsers = true
>> changeLog.consumer.psp_UFADdev.userCreationBaseDn =
>> OU=People,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>> changeLog.consumer.psp_UFADdev.userCreationLdifTemplate = dn:
>> CN=${subject.getId().toLowerCase().replaceAll('@ufl.edu','').replaceAll('\\.$','')}||sAMAccountName:
>>
>> ${subject.getId().toLowerCase().replaceAll('@ufl.edu','').replaceAll('\\.$','')}||objectclass:
>> top||objectclass: person||objectclass: user||sn:
>> ${subject.getId().toLowerCase().replaceAll('@ufl.edu','')}||userPrincipalName:
>> ${subject.getId()}||displayName: ${subject.name}
>>
>>> On Apr 29, 2019, at 4:43 PM, Gettes, Michael <> wrote:
>>>
>>> see inline...
>>>
>>>> On Apr 29, 2019, at 12:58 PM, Bee-Lindgren, Bert
>>>> <> wrote:
>>>>
>>>> Hello,
>>>>
>>>> 1) Please add the top objectclass to your group template, though this
>>>> problem looks different to me
>>>
>>> objectclass: top is already part of the template.
>>>
>>>> 2) Can you privately send me what you replaced with ' > … (long list of
>>>> DNs) … ‘?
>>>
>>> being sent separately.
>>>
>>>> 3) (particularly with PSPNG p5), Can you run it with INFO or DEBUG log
>>>> level and send the result to me?
>>>
>>> being sent separately.
>>>
>>>> 4) I would suggest adding gidNumber to your groupCreationTemplate and
>>>> then (after gidNumbers are fully provisioned by a full-sync sweep) using
>>>> gidNumber-based searching in your singleGroupSearchFilter
>>>
>>> Done. Much smarter way to go for Active Directory - i think this should
>>> be more strongly recommended in the documentation.
>>>
>>>>
>>>>
>>>> Thanks,
>>>> Bert
>>>>
>>>>
>>>>
>>>>
>>>> From:
>>>> <> on behalf of Gettes, Michael
>>>> <>
>>>> Sent: Friday, April 26, 2019 11:04 PM
>>>> To:
>>>> Subject: [grouper-dev] PSPNG error repeating (latest)
>>>>
>>>> Going against AD - this error keeps repeating. It’s a group with 17K
>>>> members. my pspng config is below. This is on tier/grouper:latest
>>>> published today (2.4.0-a42-u23-w5-p4-20190426-rc1).
>>>>
>>>> 2019-04-27T02:19:09+00:00 DAEMON:dev
>>>> grouper-api;grouper.log;grouper_dev;daemon;2019-04-26 22:19:09,381:
>>>> [FullSyncer(psp_UFADdev)-Thread] WARN LdapSystem.performLdapModify(405)
>>>> - - UFADdev: Problem while modifying ldap system based on grouper
>>>> expectations. Starting to perform adaptive modifications based on data
>>>> already on server: [org.ldaptive.ModifyRequest@1988375000::modifyDn
>>>> … (long list of DNs) …
>>>> controls=null, referralHandler=null, intermediateResponseHandlers=null]:
>>>> ENTRY_ALREADY_EXISTS
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev
>>>> grouper-api;grouper.log;grouper_dev;daemon;2019-04-26 22:15:38,044:
>>>> [FullSyncer(psp_UFADdev)-Thread] ERROR
>>>> FullSyncProvisioner.fullSyncGroup(739) - - FullSyncer(psp_UFADdev):
>>>> Problem doing full sync. Requeuing group
>>>> App:UFAD:UF:Groups:Services:Zoom:Service uflphi
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev java.lang.IllegalStateException:
>>>> The active provisioner should be defined when creating LdapObjects
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapObject.<init>(LdapObject.java:95)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapRead(LdapSystem.java:626)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapRead(LdapSystem.java:596)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapModify(LdapSystem.java:448)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapModify(LdapSystem.java:377)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapProvisioner.makeIndividualLdapChanges(LdapProvisioner.java:713)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.LdapProvisioner.finishProvisioningBatch(LdapProvisioner.java:455)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.fullSyncGroup(FullSyncProvisioner.java:721)
>>>> 2019-04-27T02:15:38+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.processQueueItem(FullSyncProvisioner.java:433)
>>>> 9-04-27T02:19:09+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.thread_manageFullSyncProcessing(FullSyncProvisioner.java:254)
>>>> 2019-04-27T02:19:09+00:00 DAEMON:dev at
>>>> edu.internet2.middleware.grouper.pspng.FullSyncProvisioner$1.run(FullSyncProvisioner.java:146)
>>>> 2019-04-27T02:19:09+00:00 DAEMON:dev at
>>>> java.lang.Thread.run(Thread.java:748)
>>>> 2019-04-27T02:53:48+00:00 DAEMON:dev
>>>> grouper-api;grouper.log;grouper_dev;daemon;2019-04-26 22:53:48,840:
>>>> [FullSyncer(psp_UFADdev)-Thread] WARN
>>>> ProvisionerCoordinator$ProvisioningStatus.lockForFullSyncWhenNoIncrementalIsUnderway(73)
>>>> - - psp_UFADdev: Cannot start FullSync of
>>>> App:UFAD:UF:Groups:Services:Zoom:Service uflphi. Incremental
>>>> provisioning underway since Fri Apr 26 22:53:48 EDT 2019. We'll give up
>>>> and move ahead anyway in 300 seconds.
>>>>
>>>> ———
>>>>
>>>> AND this is a poorly formatted message that comes next: not sure what i
>>>> should do to address it if anything.
>>>>
>>>> 2019-04-27T02:19:09+00:00 DAEMON:dev
>>>> grouper-api;grouper.log;grouper_dev;daemon;2019-04-26 22:19:09,461:
>>>> [FullSyncer(psp_UFADdev)-Thread] WARN
>>>> Provisioner.warnAboutCacheSizeConcerns(620) - - Cache is very full
>>>> (%.0f%%). Performance is much higher if 100.0 is large enough to hold
>>>> the number provisioned groups or subjects
>>>>
>>>> ———
>>>>
>>>> pspng config:
>>>>
>>>> ldap.UFADdev.pass = XXXXXXXXXXXX
>>>> ldap.UFADdev.user = XXXXXXXXXXXXXXXXXXXXXXXXX
>>>> ldap.UFADdev.url = ldap://ufadXXXXXXXXXXXXXXXXX.ufl.edu
>>>> ldap.UFADdev.pagedResultsSize = 1000
>>>> ldap.UFADdev.timeout = 100000
>>>> ldap.UFADdev.tls = false
>>>> ldap.UFADdev.searchResultHandlers=org.ldaptive.handler.DnAttributeEntryHandler,edu.internet2.middleware.grouper.ldap.ldaptive.GrouperRangeEntryHandler
>>>> # comma-delimited list of result codes (org.ldaptive.ResultCode) to
>>>> ignore, e.g. TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS
>>>> ldap.UFADdev.searchIgnoreResultCodes=SIZE_LIMIT_EXCEEDED,ATTRIBUTE_OR_VALUE_EXISTS
>>>>
>>>> changeLog.consumer.psp_UFADdev.provisionerName = psp_UFADdev
>>>> changeLog.consumer.psp_UFADdev.class =
>>>> edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
>>>> changeLog.consumer.psp_UFADdev.type =
>>>> edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
>>>> changeLog.consumer.psp_UFADdev.quartzCron = 0/15 * * * * ?
>>>> changeLog.consumer.psp_UFADdev.ldapPoolName = UFADdev
>>>> changeLog.consumer.psp_UFADdev.retryOnError = false
>>>> changeLog.consumer.psp_UFADdev.isActiveDirectory = true
>>>> changeLog.consumer.psp_UFADdev.grouperIsAuthoritative = true
>>>> changeLog.consumer.psp_UFADdev.memberAttributeName = member
>>>> changeLog.consumer.psp_UFADdev.memberAttributeValueFormat =
>>>> ${ldapUser.getDn()}
>>>> changeLog.consumer.psp_UFADdev.groupSearchBaseDn =
>>>> OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>>>> changeLog.consumer.psp_UFADdev.groupCreationBaseDn =
>>>> OU=Grouper,OU=Groups,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>>>> changeLog.consumer.psp_UFADdev.allGroupsSearchFilter = objectclass=group
>>>> changeLog.consumer.psp_UFADdev.singleGroupSearchFilter =
>>>> (&(objectclass=group)(cn=${group.name.replaceAll("(App:.+:UF:Groups:)(.+):(.*)","$3").replace(":","_")}))
>>>> changeLog.consumer.psp_UFADdev.groupSearchAttributes =
>>>> cn,gidNumber,objectclass,samAccountName,name
>>>> changeLog.consumer.psp_UFADdev.groupCreationLdifTemplate = dn:
>>>> ${utils.bushyDn("${group.name.replaceAll('(App:.+:UF:Groups:)(.+):(.*)','$2:'+'$3'.replace(':','_'))}","cn","ou")}||objectclass:
>>>> group
>>>> changeLog.consumer.psp_UFADdev.userSearchBaseDn =
>>>> OU=People,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>>>> changeLog.consumer.psp_UFADdev.userSearchFilter =
>>>> userPrincipalName=${subject.id}
>>>> changeLog.consumer.psp_UFADdev.userSearchAttributes =
>>>> dn,cn,uid,mail,samAccountName,uidNumber,objectclass,memberOf,userPrincipalName
>>>> changeLog.consumer.psp_UFADdev.groupSearch_batchSize = 100
>>>> changeLog.consumer.psp_UFADdev.ldapSearchResultPagingSize = 1000
>>>> changelog.consumer.psp_UFADdev.grouperSubjectCacheSize = 400000
>>>> changelog.consumer.psp_UFADdev.grouperGroupCacheSize = 50000
>>>> changelog.consumer.psp_UFADdev.ldapUserCacheSize = 200000
>>>> changelog.consumer.psp_UFADdev.ldapUserCacheTime_secs = 3600
>>>> changelog.consumer.psp_UFADdev.maxValuesToChangePerOperation = 500
>>>> changeLog.consumer.psp_UFADdev.needsTargetSystemUsers = true
>>>> changeLog.consumer.psp_UFADdev.supportsEmptyGroups = true
>>>> changeLog.consumer.psp_UFADdev.createMissingUsers = true
>>>> changeLog.consumer.psp_UFADdev.userCreationBaseDn =
>>>> OU=People,OU=UF,DC=dev-ad,DC=ufl,DC=edu
>>>> changeLog.consumer.psp_UFADdev.userCreationLdifTemplate = dn:
>>>> CN=${subject.getId().toLowerCase().replaceAll('@ufl.edu','').replaceAll('\\.$','')}||sAMAccountName:
>>>>
>>>> ${subject.getId().toLowerCase().replaceAll('@ufl.edu','').replaceAll('\\.$','')}||objectclass:
>>>> top||objectclass: person||objectclass: user||sn:
>>>> ${subject.getId().toLowerCase().replaceAll('@ufl.edu','')}||userPrincipalName:
>>>> ${subject.getId()}||displayName: ${subject.name}||cn:
>>>> ${subject.getId().toLowerCase().replaceAll('@ufl.edu','')}
>>>
>>
>



  • Re: [grouper-dev] PSPNG error repeating (latest), Gettes, Michael, 05/01/2019

Archive powered by MHonArc 2.6.19.

Top of Page