Skip to Content.
Sympa Menu

grouper-users - Ldappc objectClass has no values

Subject: Grouper Users - Open Discussion List

List archive

Ldappc objectClass has no values


Chronological Thread 
  • From: Colin Hudler <>
  • To:
  • Subject: Ldappc objectClass has no values
  • Date: Wed, 20 Aug 2008 14:17:06 -0500

I might be doing something wrong :-). Between 1.1.0 and 2.0 of ldappc I cannot provision subjects that have no ismember of attribute. For each subject it reports:

javax.naming.directory.InvalidAttributeValueException: 'objectClass' has no values.; Remaining name: 'uid=chudler,ou=people,dc=uchicago,dc=edu'

I noticed that GrouperProvisioner.addSubjectDnSet builds an LDAP filter like this:

String ldapFilter = LdapUtil.convertParameterToAsterisk(filter.getFilter(), 0);

"filter" is the source-subject-identifier. Here is that part of my ldappc.xml:

<source-subject-identifier source="uofc" subject-attribute="login">
<ldap-search base="ou=people,dc=uchicago,dc=edu" scope="subtree_scope" filter="(uid={0})"/>

It then combines the filter with listAttribute (ismemberof) which results in the total filter "(&(uid=*)(ismemberof=*))"

Just after, while iterating through the LDAP results, it builds a list of subjects that will need the list-object-class
if (hasObjectClass) { subjectObjectDns.add(subjectDn.toString()); }

Later on up the chain, the provisioner will use subjectOBjectDns to modify the LDAP entry (attempt to add the objectclass). What I don't understand is how it can trust that set, since it was only built off of the query that will return exactly those entries that have an ismemberof value. When list-object-class is null it throws the error, otherwise it tries to add the objectclass and gets an LDAP operations error. I tested up to 1.2-SNAPSHOT.

--
Colin Hudler
The University of Chicago



Archive powered by MHonArc 2.6.16.

Top of Page