Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Ldappc missing LDAP sourced members

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Ldappc missing LDAP sourced members


Chronological Thread 
  • From: "Tom Zeller" <>
  • To:
  • Cc:
  • Subject: Re: [grouper-users] Ldappc missing LDAP sourced members
  • Date: Tue, 18 Nov 2008 17:25:54 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=Gc8cCfAUTdjownMroqM1y5Z6HF725l5dMwa/AXHqLblejDKT8//ppmchSa8REmcR3S xsPvktduFkUcQk/NEqFT+lNR2TOMBUriYsG5c56+HZUDm2NV/L9Qde+x6Y1FJ71GfBXq HGYtZaeU1oge8GZGJtknBJ86Mi3W3yAXI4Ekc=

A guess : group-members-dn-list and group-members-name-list are colliding in a strange way since they both provision to uniqueMember - maybe try setting group-members-name-list to a different list-attribute than uniqueMember ?

TomZ

On Tue, Nov 18, 2008 at 12:03 PM, <> wrote:
I have grouper api 1.3.1 running and correctly sourcing subjects from an instance of LDAP. When trying to use ldappc 1.2.0 to populate LDAP with a list of groups and their members, I am encountering some interesting issues.

The groups populate in LDAP as expected, but members of these groups do not show up. I'm looking at working with AD & LDAP so I'm just trying to get UID's to populate as uniqueMember within a group. Groups within groups populate, as I see from the g:gsa subject source, but I'm actually looking to populate deep groups. For example, all members are LDAP sourced:

GroupA consists of person1, person2, & GroupB
GroupB consists of person3

LDAP should look like:
dn: cn=etc:GroupA,ou=grouper,dc=nau,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
cn: etc:GroupA
uniqueMember: person1
uniqueMember: person2
uniqueMember: person3

dn: cn=etc:GroupB,ou=grouper,dc=nau,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
cn: etc:GroupB
uniqueMember: person3

I am executing:
./bin/ldappc.sh -subject GrouperSystem -groups -interval 60
(from what I understand the -membership option is meant to populate an LDAP person with what groups they are in. I am just looking to populate a separate group area with groups and their members at this time.)

In grouper, my current sources are:
source: id='g:gsa' name='Grouper: Group Source Adapter' class='edu.internet2.middleware.grouper.GrouperSourceAdapter'
source: id='g:isa' name='Grouper: Internal Source Adapter' class='edu.internet2.middleware.grouper.InternalSourceAdapter'
source: id='jdbc' name='JDBC Source Adapter' class='edu.internet2.middleware.subject.provider.JDBCSourceAdapter'
source: id='NAU LDAP' name='NAU Edu' class='edu.internet2.middleware.subject.provider.JNDISourceAdapter'

ldappc.xml looks like:

<ldappc>
 <grouper>
   <group-queries>
     <subordinate-stem-queries>
       <stem-list>
         <stem>etc</stem>
       </stem-list>
     </subordinate-stem-queries>
   </group-queries>
   <groups structure="flat"
     root-dn="ou=grouper,dc=nau,dc=edu"
     ldap-object-class="groupOfUniqueNames"
     ldap-rdn-attribute="cn" grouper-attribute="name" >

     <group-members-dn-list list-object-class="groupOfUniqueNames" list-attribute="uniqueMember" list-empty-value=""/>

     <group-members-name-list list-object-class="groupOfUniqueNames" list-attribute="uniqueMember" >
       <source-subject-name-mapping>
         <source-subject-name-map source="NAU LDAP" subject-attribute="id" />
         <source-subject-name-map source="g:gsa" subject-attribute="name" />
     </source-subject-name-mapping>
     </group-members-name-list>

 <source-subject-identifiers>
   <source-subject-identifier source="NAU LDAP" subject-attribute="id" >
     <ldap-search base="ou=people,dc=nau,dc=edu"
       scope="subtree_scope"
       filter="(uid={0})" />
   </source-subject-identifier>
   <source-subject-identifier source="g:gsa" subject-attribute="name" >
     <ldap-search base="ou=grouper,dc=nau,dc=edu"
       scope="subtree_scope"
       filter="(cn={0})" />
   </source-subject-identifier>
 </source-subject-identifiers>
...ldap info removed...

Any ideas of what's going south? This seems like a pretty basic setup. My current setup looks to be doing LDAP queries for LDAP sourced grouper members? Seems somewhat redundant. Thanks much for any info! :D

-Ray Walker




Archive powered by MHonArc 2.6.16.

Top of Page