Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Ldappc missing LDAP sourced members

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Ldappc missing LDAP sourced members


Chronological Thread 
  • From: "Tom Zeller" <>
  • To: "Raymond D Walker" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Ldappc missing LDAP sourced members
  • Date: Wed, 19 Nov 2008 14:32:59 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=MUCMMiC05Zr4nVclJw2a97ptj2NEB4W3msO7tDvynCubo9YsFMUf7Z3FL4Zh7vpZBx yxf3sRJooYpM+WB4SLXrtXxFs+8o0h9wsMIbeD3m5ExfP+N7VXG2DwreAjtTkCgV2/Jc +5+dbwHX0CurruF14BKMSHcZJeZSZ7wxdnvdQ=

How about posting your sanitized ldappc.xml and sources.xml ?

I'll assume source-dubject is a typo just for email...which ldappc will happily not provision.

On Wed, Nov 19, 2008 at 2:20 PM, Raymond D Walker <> wrote:
To further test populating LDAP with grouper information, I changed to
group-members-dn-list with the following configuration:

...
    <group-members-dn-list list-object-class="groupOfUniqueNames"
list-attribute="uniqueMember" list-empty-value=""/>
...
   <source-subject-identifier source="NAU LDAP" subject-attribute="uid" >
     <ldap-search base="ou=people,dc=nau,dc=edu"
       scope="subtree_scope"
       filter="(uid={0})" />
   </source-subject-identifier>
...

This populates user DN's from LDAP into uniqueMember for my groups fine...
which confirms that info is pulling correctly from LDAP. I also see the ldap
queries in my ldap logs.

On the other hand, when disabling dn's and enabling "group-member-name-list"
do not seem to work as well...

<source-dubject-name-map source="NAU LDAP" subject-attribute="uid" />

I've tried id, uid, subjectId, etc as the subject-attribute. All variations
leave a successful LDAP query for the subject that are members of groups,
but ldappc does not populate the group members at all. Heck, even internally
created grouper subjects (jdbc) fail to populate ldap as well using the
following convention:

<source-subject-name-map source="jdbc" subject-attribute="id" />

The only name based source that currently works is the internal group
source:

<source-subject-name-map source="g:gsa" subject-attribute="name" />

Could there possibly be something amiss in my sources.xml? I'm leaning
towards there not being anything wrong, as it's very similar to my DN setup.
-Ray

> From: Tom Zeller <>
> Date: Tue, 18 Nov 2008 17:59:39 -0700
> To: Raymond D Walker <>
> Cc: <>
> Subject: Re: Re: [grouper-users] Ldappc missing LDAP sourced members
>
> I'll second guess replacing subject-attribute="id" with ="uid" for the NAU
> LDAP source.
>
> On Tue, Nov 18, 2008 at 5:38 PM,  <> wrote:
>> Tom,
>>
>> In my tests today, I have removed the group-members-dn-list in lieu of just
>> getting names into uniqueMember. With the 4 sources stated in my original
>> email, only the g:gsa source populates in LDAP (creates uniqueMembers of the
>> groups within groups.)
>>
>> <source-subject-name-map source="g:isa" subject-attribute="id" />
>> <source-dubject-name-map source="NAU LDAP" subject-attribute="id" />
>> <source-subject-name-map source="jdbc" subject-attribute="id" />
>> <source-subject-name-map source="g:gsa" subject-attribute="name" />
>>
>> I've also moved over the sources.xml from the grouper-api/conf so that it
>> takes advantage of the exact source info as the working API does. I assume
>> that ldappc will just be taking advantage of this when bundled(?) Alas, this
>> shows no different results.
>





Archive powered by MHonArc 2.6.16.

Top of Page