grouper-users - Re: [grouper-users] Ldappc missing LDAP sourced members
Subject: Grouper Users - Open Discussion List
List archive
- From: "Tom Zeller" <>
- To:
- Cc:
- Subject: Re: [grouper-users] Ldappc missing LDAP sourced members
- Date: Tue, 18 Nov 2008 17:25:54 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=Gc8cCfAUTdjownMroqM1y5Z6HF725l5dMwa/AXHqLblejDKT8//ppmchSa8REmcR3S xsPvktduFkUcQk/NEqFT+lNR2TOMBUriYsG5c56+HZUDm2NV/L9Qde+x6Y1FJ71GfBXq HGYtZaeU1oge8GZGJtknBJ86Mi3W3yAXI4Ekc=
A guess : group-members-dn-list and group-members-name-list are colliding in a strange way since they both provision to uniqueMember - maybe try setting group-members-name-list to a different list-attribute than uniqueMember ?
TomZ
On Tue, Nov 18, 2008 at 12:03 PM, <> wrote:
I have grouper api 1.3.1 running and correctly sourcing subjects from an instance of LDAP. When trying to use ldappc 1.2.0 to populate LDAP with a list of groups and their members, I am encountering some interesting issues.
The groups populate in LDAP as expected, but members of these groups do not show up. I'm looking at working with AD & LDAP so I'm just trying to get UID's to populate as uniqueMember within a group. Groups within groups populate, as I see from the g:gsa subject source, but I'm actually looking to populate deep groups. For example, all members are LDAP sourced:
GroupA consists of person1, person2, & GroupB
GroupB consists of person3
LDAP should look like:
dn: cn=etc:GroupA,ou=grouper,dc=nau,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
cn: etc:GroupA
uniqueMember: person1
uniqueMember: person2
uniqueMember: person3
dn: cn=etc:GroupB,ou=grouper,dc=nau,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
cn: etc:GroupB
uniqueMember: person3
I am executing:
./bin/ldappc.sh -subject GrouperSystem -groups -interval 60
(from what I understand the -membership option is meant to populate an LDAP person with what groups they are in. I am just looking to populate a separate group area with groups and their members at this time.)
In grouper, my current sources are:
source: id='g:gsa' name='Grouper: Group Source Adapter' class='edu.internet2.middleware.grouper.GrouperSourceAdapter'
source: id='g:isa' name='Grouper: Internal Source Adapter' class='edu.internet2.middleware.grouper.InternalSourceAdapter'
source: id='jdbc' name='JDBC Source Adapter' class='edu.internet2.middleware.subject.provider.JDBCSourceAdapter'
source: id='NAU LDAP' name='NAU Edu' class='edu.internet2.middleware.subject.provider.JNDISourceAdapter'
ldappc.xml looks like:
<ldappc>
<grouper>
<group-queries>
<subordinate-stem-queries>
<stem-list>
<stem>etc</stem>
</stem-list>
</subordinate-stem-queries>
</group-queries>
<groups structure="flat"
root-dn="ou=grouper,dc=nau,dc=edu"
ldap-object-class="groupOfUniqueNames"
ldap-rdn-attribute="cn" grouper-attribute="name" >
<group-members-dn-list list-object-class="groupOfUniqueNames" list-attribute="uniqueMember" list-empty-value=""/>
<group-members-name-list list-object-class="groupOfUniqueNames" list-attribute="uniqueMember" >
<source-subject-name-mapping>
<source-subject-name-map source="NAU LDAP" subject-attribute="id" />
<source-subject-name-map source="g:gsa" subject-attribute="name" />
</source-subject-name-mapping>
</group-members-name-list>
<source-subject-identifiers>
<source-subject-identifier source="NAU LDAP" subject-attribute="id" >
<ldap-search base="ou=people,dc=nau,dc=edu"
scope="subtree_scope"
filter="(uid={0})" />
</source-subject-identifier>
<source-subject-identifier source="g:gsa" subject-attribute="name" >
<ldap-search base="ou=grouper,dc=nau,dc=edu"
scope="subtree_scope"
filter="(cn={0})" />
</source-subject-identifier>
</source-subject-identifiers>
...ldap info removed...
Any ideas of what's going south? This seems like a pretty basic setup. My current setup looks to be doing LDAP queries for LDAP sourced grouper members? Seems somewhat redundant. Thanks much for any info! :D
-Ray Walker
- Ldappc missing LDAP sourced members, ray . walker, 11/18/2008
- Re: [grouper-users] Ldappc missing LDAP sourced members, Tom Zeller, 11/18/2008
Archive powered by MHonArc 2.6.16.