Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] ldappc + membership

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] ldappc + membership

Chronological Thread 
  • From: Kathryn Huxtable <>
  • To: Graham Seaman <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] ldappc + membership
  • Date: Mon, 9 Jun 2008 08:41:51 -0500

Okay, this is all useful. The particular error being thrown implies that ldappc is attempting to do an "add" operation to add an attribute where the attribute already exists. It may also be thrown when attempting to add a value where the value already exists.

I'll try again to install Fedora DS on my server. Thanks for the link.

On Sun Directory Server and OpenLDAP, which are the main directories I've had much experience with, you can add attribute values to an existing attribute without any problem. I'd be surprised if Fedora DS had different behavior here, but it's always worth checking.

The thing I noticed is that it looked as if it was attempting to add the eduPerson value to the objectClass attribute. It was almost certainly already there. (op = 1 is ADD, op = 2 is REPLACE.) So I'll take a look at that code. There's probably a bug in it that I introduced since I completely replaced the old attribute matching code.

Thanks for trying this out for me,


On Jun 9, 2008, at 4:58 AM, Graham Seaman wrote:

Graham Seaman wrote:

3. I then changed ldappc.xml to use eduPersonEntitlement rather than isMemberOf, expecting the existing value in this field - which is not managed by grouper - to be overwritten (the current value is urn:mace:InCommon:entitlement:common:1) . This time ldappc threw an exception as before (plus your diagnostics):
I should have checked: in spite of throwing the exception, it also updated the directory. ldapsearch now shows:

eduPersonEntitlement: testy:ldap1
eduPersonEntitlement: testy:ldap2
isMemberOf: testy:ldap2


Archive powered by MHonArc 2.6.16.

Top of Page