Skip to Content.
Sympa Menu

grouper-users - Ldappc missing LDAP sourced members

Subject: Grouper Users - Open Discussion List

List archive

Ldappc missing LDAP sourced members

Chronological Thread 
  • From:
  • To:
  • Subject: Ldappc missing LDAP sourced members
  • Date: Tue, 18 Nov 2008 13:03:40 -0500 (EST)

I have grouper api 1.3.1 running and correctly sourcing subjects from an
instance of LDAP. When trying to use ldappc 1.2.0 to populate LDAP with a
list of groups and their members, I am encountering some interesting issues.

The groups populate in LDAP as expected, but members of these groups do not
show up. I'm looking at working with AD & LDAP so I'm just trying to get
UID's to populate as uniqueMember within a group. Groups within groups
populate, as I see from the g:gsa subject source, but I'm actually looking to
populate deep groups. For example, all members are LDAP sourced:

GroupA consists of person1, person2, & GroupB
GroupB consists of person3

LDAP should look like:
dn: cn=etc:GroupA,ou=grouper,dc=nau,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
cn: etc:GroupA
uniqueMember: person1
uniqueMember: person2
uniqueMember: person3

dn: cn=etc:GroupB,ou=grouper,dc=nau,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
cn: etc:GroupB
uniqueMember: person3

I am executing:
./bin/ -subject GrouperSystem -groups -interval 60
(from what I understand the -membership option is meant to populate an LDAP
person with what groups they are in. I am just looking to populate a separate
group area with groups and their members at this time.)

In grouper, my current sources are:
source: id='g:gsa' name='Grouper: Group Source Adapter'
source: id='g:isa' name='Grouper: Internal Source Adapter'
source: id='jdbc' name='JDBC Source Adapter'
source: id='NAU LDAP' name='NAU Edu'

ldappc.xml looks like:

<groups structure="flat"
ldap-rdn-attribute="cn" grouper-attribute="name" >

<group-members-dn-list list-object-class="groupOfUniqueNames"
list-attribute="uniqueMember" list-empty-value=""/>

<group-members-name-list list-object-class="groupOfUniqueNames"
list-attribute="uniqueMember" >
<source-subject-name-map source="NAU LDAP" subject-attribute="id" />
<source-subject-name-map source="g:gsa" subject-attribute="name" />

<source-subject-identifier source="NAU LDAP" subject-attribute="id" >
<ldap-search base="ou=people,dc=nau,dc=edu"
filter="(uid={0})" />
<source-subject-identifier source="g:gsa" subject-attribute="name" >
<ldap-search base="ou=grouper,dc=nau,dc=edu"
filter="(cn={0})" />
...ldap info removed...

Any ideas of what's going south? This seems like a pretty basic setup. My
current setup looks to be doing LDAP queries for LDAP sourced grouper
members? Seems somewhat redundant. Thanks much for any info! :D

-Ray Walker

Archive powered by MHonArc 2.6.16.

Top of Page