grouper-users - Re: [grouper-users] ldappc + membership
Subject: Grouper Users - Open Discussion List
List archive
- From: Graham Seaman <>
- To: Kathryn Huxtable <>
- Cc: "" <>
- Subject: Re: [grouper-users] ldappc + membership
- Date: Wed, 11 Jun 2008 11:44:36 +0100
That all seems fine now.
Thanks
Graham
Kathryn Huxtable wrote:
Okay, try checking out the code from CVS using the tag LDAPPC_1_1_RC3, e.g.
cvs -z3 -d :pserver::/home/cvs/i2mi login
cvs -z3 -d :pserver::/home/cvs/i2mi co -r ldappc_1_1_RC3 ldappc
I feel incredibly stupid for letting this out.
-K
On Jun 9, 2008, at 8:49 AM, Graham Seaman wrote:
That's great, thanks for such an incredibly quick response!
Graham
Kathryn Huxtable wrote:
Ah. Got it. My code is naively making the assumption that it is managing the attribute and assuming that if no values were found that we must need to add the object class.
This is wrong on several levels, but I understand why my testing didn't uncover the problem. I would have uncovered it if I had removed all the groups from a member and then added one back. (I used the eduMember objectClass.)
I'll note this and get it into the testing suite and I'll also fix it. It shouldnt't take more than a day or two to tag a fix release.
I am so sorry about this.
-K
On Jun 9, 2008, at 8:41 AM, Kathryn Huxtable wrote:
Okay, this is all useful. The particular error being thrown implies that ldappc is attempting to do an "add" operation to add an attribute where the attribute already exists. It may also be thrown when attempting to add a value where the value already exists.
I'll try again to install Fedora DS on my server. Thanks for the link.
On Sun Directory Server and OpenLDAP, which are the main directories I've had much experience with, you can add attribute values to an existing attribute without any problem. I'd be surprised if Fedora DS had different behavior here, but it's always worth checking.
The thing I noticed is that it looked as if it was attempting to add the eduPerson value to the objectClass attribute. It was almost certainly already there. (op = 1 is ADD, op = 2 is REPLACE.) So I'll take a look at that code. There's probably a bug in it that I introduced since I completely replaced the old attribute matching code.
Thanks for trying this out for me,
-K
On Jun 9, 2008, at 4:58 AM, Graham Seaman wrote:
Graham Seaman wrote:
I should have checked: in spite of throwing the exception, it also updated the directory. ldapsearch now shows:
3. I then changed ldappc.xml to use eduPersonEntitlement rather than isMemberOf, expecting the existing value in this field - which is not managed by grouper - to be overwritten (the current value is urn:mace:InCommon:entitlement:common:1). This time ldappc threw an exception as before (plus your diagnostics):
eduPersonEntitlement: testy:ldap1
eduPersonEntitlement: testy:ldap2
isMemberOf: testy:ldap2
Graham
--Sponsor me from London to Brighton on http://www.justgiving.com/grahamseaman
--
Sponsor me from London to Brighton on http://www.justgiving.com/grahamseaman
- Re: [grouper-users] ldappc + membership, (continued)
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/09/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/09/2008
- Re: [grouper-users] ldappc + membership, Tom Barton, 06/09/2008
- Re: [grouper-users] ldappc + membership, Tom Zeller, 06/10/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/10/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/10/2008
- Re: [grouper-users] ldappc + membership, Michael R. Gettes, 06/10/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/10/2008
- Re: [grouper-users] ldappc + membership, Kathryn Huxtable, 06/10/2008
- Re: [grouper-users] ldappc + membership, Graham Seaman, 06/11/2008
Archive powered by MHonArc 2.6.16.