Skip to Content.
Sympa Menu

grouper-users - Re: Re: [grouper-users] Ldap import data from grouper fail

Subject: Grouper Users - Open Discussion List

List archive

Re: Re: [grouper-users] Ldap import data from grouper fail


Chronological Thread 
  • From: "chqh" <>
  • To: "Tom Barton" <>
  • Cc: "" <>
  • Subject: Re: Re: [grouper-users] Ldap import data from grouper fail
  • Date: Tue, 7 Aug 2007 10:22:07 +0800

Tom wrote:
 
>The value "list-empty" is not a valid DN, and so is being rejected. For
>the group-members-dn-list I suggest using "".
 
I followed Tom's suggestion and it works now.
 
>          <memberships >
>              <member-groups-list
>                 list-object-class="eduPerson"
>                 list-attribute="ou"
>                 naming-attribute="name" / >
>          </memberships >
 
>Although you haven't provisioned memberships yet, I wonder if it is a
>good idea to use the "ou" attribute to store the names of groups to
>which the LDAP entry belongs. Many LDAP client programs assume that they
>know what to expect in the "ou" attribute, and they'll be surprised...
I comment the memberships element, too.
 
 
But another problem come again.
There are 79 groups in the grouper registry. And when the ldappc program ran, the first 58 groups data provisioning worked well. But the rest 21 groups' provision failed.
Every time it happens.
 
Then I check the grouper_error.log and the same exceptions happened again and again (maybe hundreds).
Here is part of grouper_error.log :
2007-08-07 10:08:17,296: Ldap NamingException: 192.168.23.11:389
javax.naming.CommunicationException: 192.168.23.11:389[Root exception is java.net.BindException: Address already in use: connect]
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
 at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
 at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.InitialContext.<init>(InitialContext.java:197)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getLdapResults(Unknown Source)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getLdapUnique(Unknown Source)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getSubject(Unknown Source)
 at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:249)
 at edu.internet2.middleware.grouper.Member.getSubject(Member.java:463)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.storeGroupData(GroupEntrySynchronizer.java:617)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.addGroupEntry(GroupEntrySynchronizer.java:848)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.performInclude(GroupEntrySynchronizer.java:370)
 at edu.internet2.middleware.ldappc.synchronize.GroupSynchronizer.synchronize(GroupSynchronizer.java:163)
 at edu.internet2.middleware.ldappc.GrouperProvisioner.provisionGroups(GrouperProvisioner.java:293)
 at edu.internet2.middleware.ldappc.GrouperProvisioner.provision(GrouperProvisioner.java:153)
 at edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(LdappcGrouperProvisioner.java:123)
 at edu.internet2.middleware.ldappc.LdappcProvisionControl.run(LdappcProvisionControl.java:78)
 at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:96)
Caused by: java.net.BindException: Address already in use: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
 at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
 at java.net.Socket.connect(Socket.java:519)
 at java.net.Socket.connect(Socket.java:469)
 at java.net.Socket.<init>(Socket.java:366)
 at java.net.Socket.<init>(Socket.java:179)
 at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
 ... 27 more
2007-08-07 10:08:17,312: Ldap NamingException: 192.168.23.11:389
javax.naming.CommunicationException: 192.168.23.11:389[Root exception is java.net.BindException: Address already in use: connect]
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
 at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
 at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.InitialContext.<init>(InitialContext.java:197)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getLdapResults(Unknown Source)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getLdapUnique(Unknown Source)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getSubject(Unknown Source)
 at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:249)
 at edu.internet2.middleware.grouper.Member.getSubject(Member.java:463)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.storeGroupData(GroupEntrySynchronizer.java:617)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.addGroupEntry(GroupEntrySynchronizer.java:848)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.performInclude(GroupEntrySynchronizer.java:370)
 at edu.internet2.middleware.ldappc.synchronize.GroupSynchronizer.synchronize(GroupSynchronizer.java:163)
 at edu.internet2.middleware.ldappc.GrouperProvisioner.provisionGroups(GrouperProvisioner.java:293)
 at edu.internet2.middleware.ldappc.GrouperProvisioner.provision(GrouperProvisioner.java:153)
 at edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(LdappcGrouperProvisioner.java:123)
 at edu.internet2.middleware.ldappc.LdappcProvisionControl.run(LdappcProvisionControl.java:78)
 at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:96)
Caused by: java.net.BindException: Address already in use: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
 at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
 at java.net.Socket.connect(Socket.java:519)
 at java.net.Socket.connect(Socket.java:469)
 at java.net.Socket.<init>(Socket.java:366)
 at java.net.Socket.<init>(Socket.java:179)
 at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
 ... 27 more
2007-08-07 10:08:17,312: Ldap NamingException: 192.168.23.11:389
javax.naming.CommunicationException: 192.168.23.11:389[Root exception is java.net.BindException: Address already in use: connect]
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
 at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
 at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.InitialContext.<init>(InitialContext.java:197)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getLdapResults(Unknown Source)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getLdapUnique(Unknown Source)
 at edu.internet2.middleware.subject.provider.JNDISourceAdapter.getSubject(Unknown Source)
 at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:249)
 at edu.internet2.middleware.grouper.Member.getSubject(Member.java:463)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.storeGroupData(GroupEntrySynchronizer.java:617)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.addGroupEntry(GroupEntrySynchronizer.java:848)
 at edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.performInclude(GroupEntrySynchronizer.java:370)
 at edu.internet2.middleware.ldappc.synchronize.GroupSynchronizer.synchronize(GroupSynchronizer.java:163)
 at edu.internet2.middleware.ldappc.GrouperProvisioner.provisionGroups(GrouperProvisioner.java:293)
 at edu.internet2.middleware.ldappc.GrouperProvisioner.provision(GrouperProvisioner.java:153)
 at edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(LdappcGrouperProvisioner.java:123)
 at edu.internet2.middleware.ldappc.LdappcProvisionControl.run(LdappcProvisionControl.java:78)
 at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:96)
Caused by: java.net.BindException: Address already in use: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
 at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
 at java.net.Socket.connect(Socket.java:519)
 at java.net.Socket.connect(Socket.java:469)
 at java.net.Socket.<init>(Socket.java:366)
 at java.net.Socket.<init>(Socket.java:179)
 at com.sun.jndi.ldap.Connection.createSocket(Connection.java:349)
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
 ... 27 more
I wonder the way that I use the ldappc program( edu.internet2.middleware.ldappc.ldappc -subject  GrouperSystem -groups )
to sychronize the data between ldap and grouper registry is ok. Or I just use some of ldappc api and write my codes to sychronize the data.
Which way is better?

chqh
2007-08-07

发件人: Tom Barton
发送时间: 2007-08-07 04:34:36
收件人: chqh
抄送: grouper-users
主题: Re: [grouper-users] Ldap import data from grouper fail
 
 
 
chqh wrote:
> When I use the edu.internet2.middleware.ldappc.ldappc -subject 
> GrouperSystem -groups to import data to ldap from grouper.
> But when the program runs in the GroupEntrySynchronizer, then errro 
> happens:
>  
> tore memberdn : {uid=ylzhang2,ou=People,dc=scut,dc=edu,dc=cn} SUBJECT[[ 
> NAME = allen ][ ID = ylzhang2 ]] Invalid name: list-empty
>  
> javax.naming.InvalidNameException: Invalid name: list-empty
>         at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:86)
> ...
>
>  <ldappc >
>  <grouper >
>      <group-queries >
>       
>          <subordinate-stem-queries >
>              <stem-list >                     
>                  <stem >SCUT </stem >                
>                  <stem >etc </stem >                   
>              </stem-list >
>          </subordinate-stem-queries >
>      </group-queries >
>  
>      <groups structure="flat"
>             root-dn="ou=testgrouper,dc=scut,dc=edu,dc=cn"
>             ldap-object-class="groupOfNames"
>             ldap-rdn-attribute="cn" grouper-attribute="name"  >
>        
>          <group-members-dn-list list-object-class="groupOfNames" 
> list-attribute="member" list-empty-value="list-empty"/ >        
 
The value "list-empty" is not a valid DN, and so is being rejected. For
the group-members-dn-list I suggest using "".
 
>        </groups >
>    
>          <memberships >
>              <member-groups-list
>                 list-object-class="eduPerson"
>                 list-attribute="ou"
>                 naming-attribute="name" / >
>          </memberships >
 
Although you haven't provisioned memberships yet, I wonder if it is a
good idea to use the "ou" attribute to store the names of groups to
which the LDAP entry belongs. Many LDAP client programs assume that they
know what to expect in the "ou" attribute, and they'll be surprised...
 
>  </grouper >
>  
>  <source-subject-identifiers >     
>         <source-subject-identifier source="scutjdni" 
> subject-attribute="uid"  >
>          <ldap-search base="ou=People,dc=scut,dc=edu,dc=cn"
>                      scope="subtree_scope"
>                      filter="(uid={0})" / >
>      </source-subject-identifier >
>    
>  </source-subject-identifiers >
>  
>  <ldap >
 



Archive powered by MHonArc 2.6.16.

Top of Page