Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAP user source -> SOLVED ?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAP user source -> SOLVED ?

Chronological Thread 
  • From: Tom Barton <>
  • To: Lutz Suhrbier <>
  • Cc:
  • Subject: Re: [grouper-users] LDAP user source -> SOLVED ?
  • Date: Wed, 12 Nov 2008 07:58:17 -0600

Sorry, I should have been clearer. With an ordinary LDAP client, not grouper, what attributes are returned to dn=cn=admin,dc=org? For example, you could use the command line

% ldapsearch -x -h localhost -b dn=cn=admin,dc=org -s sub -D cn=admin,dc=org -W


Lutz Suhrbier wrote:
Hmm, I can not reproduce it from the old log files and have to reconfigure it first. But, since there are currently some test user's working with the system, I will have to wait until the evening.

BTW, is there a specific logging option for the grouper-UI to debug source queries into the Grouper log-files, which i could turn on ?
Otherwise, I just can provide the LDAP-logs from syslog and the exception from the grouper-ui.log


What kinds of attributes and values are returned when dn=cn=admin,dc=org reads a person entry and does not request a specific set of attributes to be returned? Eg, if you did something like


I'm wondering if some of the attributes that are returned have value types that expose a bug in the JNDISourceAdapter, and that by declaring those four string-valued attributes using the <attribute> element means that the bug is not triggered.


Lutz Suhrbier wrote:
Hi Tom,

here you are !

If I comment out the four attribute elements in lines 148-151, then I get the "Error" information instead of the user name(s), wherever they may be listed.

I think it would be nice to have an option to map individual names to given source attributes to be shown to the user in the UI.


I'm glad you've worked around the problem. Could you send me the <source> element for your LDAP source from your sources.xml?


Lutz Suhrbier wrote:

meanwhile, I found a solution to that error.
Within the sources.xml, I have had to include at least those LDAP elements within "attribute" elements, which are requested in the subject, subjectId and description items of the source. If not, then the error described in my last posting (see below) occures.

As the wiki documentation states, that NOT including "attribute" elements just leads to requesting all available attributes from the given LDAP-source, this would mean that there is a bug in the implementation, or not ?
Or, is it a feature of the implementation, since looking through the documentation, I did not found a hint that Grouper-UI can be configured somewhere else as in sources.xml to define those attributes from the sources, which shall be presented to the user in the UI ?

Archive powered by MHonArc 2.6.16.

Top of Page