grouper-users - Re: [grouper-users] ldappc + membership
Subject: Grouper Users - Open Discussion List
List archive
- From: Graham Seaman <>
- To: "" <>
- Cc: Kathryn Huxtable <>
- Subject: Re: [grouper-users] ldappc + membership
- Date: Mon, 09 Jun 2008 10:31:35 +0100
Kathryn Huxtable wrote:
Graham, if you could insert the following lines after line 739 in GrouperProvisioner.java and run it again I'd like to see the results. This is to be inserted after the e.printStackTrace() call in the catch clause where it's attempting to modify the attributes and failing.OK, done.
I can only describe the behaviour I'm getting as erratic. Anyway, this is what happened so far:
1. Starting from the state described in my last email (with ldappc.xml using isMemberOf) I added your code and recompiled, then reran ldappc without making any other changes. The code ran without errors, no exceptions were generated, and ldapsearch showed the change had been made correctly; i.e. the isMemberOf attribute for the users concerned contained the value 'testy:ldap1', my first test group. I don't know why it has suddenly started to work ok when this setup failed on Friday.
2. I then used grouper to create a second group, 'testy:ldap2', and made the same users members of this group too. I ran ldappc, which gave no errors. However ldapsearch shows that rather than appending this group to the isMemberOf attribute, it had overwritten the original value in isMemberOf.
3. I then changed ldappc.xml to use eduPersonEntitlement rather than isMemberOf, expecting the existing value in this field - which is not managed by grouper - to be overwritten (the current value is urn:mace:InCommon:entitlement:common:1). This time ldappc threw an exception as before (plus your diagnostics):
javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - Attribute Or Value Exists]; remaining name 'cn=seamang,ou=flame users,dc=lse,dc=ac,dc=uk'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2969)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1437)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148)
at edu.internet2.middleware.ldappc.GrouperProvisioner.updateSubject(GrouperProvisioner.java:735)
at edu.internet2.middleware.ldappc.GrouperProvisioner.performActualMembershipUpdates(GrouperProvisioner.java:622)
at edu.internet2.middleware.ldappc.GrouperProvisioner.provisionMemberships(GrouperProvisioner.java:437)
at edu.internet2.middleware.ldappc.GrouperProvisioner.provision(GrouperProvisioner.java:185)
at edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(LdappcGrouperProvisioner.java:134)
at edu.internet2.middleware.ldappc.LdappcProvisionControl.run(LdappcProvisionControl.java:98)
at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:96)
Printing ModItems array:
op = 1, id = objectClass
eduPerson
op = 2, id = eduPersonEntitlement
testy:ldap1
Re installing Fedora-DS on ubuntu: the wiki has a page on this; http://directory.fedoraproject.org/wiki/Howto:DebianUbuntu
See also http://www.opencodes.org/fedora-ds-packages
I haven't tried it on ubuntu, though: I am currently running it on CentOS and RHE, and have done a minimal install on debian etch
(following http://directory.fedoraproject.org/wiki/Howto:DebianEtch) which seemd to go ok, but which I haven't tested in earnest yet.
Thanks for the help
Graham
- ldappc + membership, Graham Seaman, 06/05/2008
- Re: [grouper-users] ldappc + membership, Tom Barton, 06/05/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/05/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/05/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/06/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/06/2008
- Re: [grouper-users] ldappc + membership, Michael R. Gettes, 06/06/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/06/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/06/2008
- Re: [grouper-users] ldappc + membership, Michael R. Gettes, 06/06/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/06/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/06/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/09/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/09/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/09/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/09/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Tom Barton, 06/09/2008
- Re: [grouper-users] ldappc + membership, Tom Zeller, 06/10/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/09/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/06/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/05/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/05/2008
- Re: [grouper-users] ldappc + membership, Tom Barton, 06/05/2008
Archive powered by MHonArc 2.6.16.