grouper-users - Re: [grouper-users] warning generated by ldappc 1.4.1
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Scott Koranda <>
- Cc: "" <>
- Subject: Re: [grouper-users] warning generated by ldappc 1.4.1
- Date: Mon, 23 Feb 2009 08:47:54 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=seircSA6KaQMnGMamtch/b9gBqLzuJnJl+rYUJHTHGmgD86BmCRRhEa8v0kkAwWjob 0Gk5cWTxRxWrHz7Rc46vLFJ7r78uvUg3bzVOW0BaDiZs6UbLZUSCyIIwVnE6Tm6OSwBu 5goAvFqJmG0RAucgmoX5VeyafvmJ9xCgoZiaU=
A g:gsa source-subject-identifier appears to be necessary if members are groups.
For a member which is a group, ldappc needs to know how to lookup the group in ldap, something like :
<source-subject-identifier source="g:gsa"
subject-attribute="name">
<ldap-search base="ou=Groups,dc=memphis,dc=edu" scope="subtree_scope"
filter="(cn={0})" />
</source-subject-identifier>
Granted, this does seem redundant, since the <groups> element defines how groups are provisioned to ldap. And, perhaps, this should be included in the ldappc.xml template with explanatory text.
On Mon, Feb 23, 2009 at 8:23 AM, Scott Koranda <> wrote:
Hi,
Aha. I don't have one. I have a single
> Scott,
> Could you please reply with the <source-subject-identifiers> element from
> your ldappc.xml configuration, especially for the g:gsa source ?
<source-subject-identifier>:
<source-subject-identifiers>
<source-subject-identifier
source="ligo"
subject-attribute="krbPrincipalName"
initial-cache-size="2000">
<ldap-search
base="ou=people,dc=ligo,dc=org"
scope="onelevel_scope"
filter="(krbPrincipalName={0})" />
</source-subject-identifier>
</source-subject-identifiers>
Even though all our subjects are defined in that source do I
need one for g:gsa?
If so, why?
Thanks,
Scott
>
> Thanks,
> TomZ
>
> On Fri, Feb 20, 2009 at 1:45 PM, Scott Koranda <
> > wrote:
>
> > Hi,
> >
> > I am using the ldappc command distributed with version 1.4.1
> > of the Grouper API.
> >
> > I am seeing warnings like the one below generated when I use
> > ldappc to provision groups and memberships:
> >
> >
> > 2009-02-20 13:40:19,420: [main] WARN ErrorLog.warn(95) -
> > [edu.internet2.middleware.ldappc.GrouperProvisioner]
> > edu.internet2.middleware.ldappc.EntryNotFoundException ::
> > Subject [ [ NAME =
> >
> > Communities:LVC:LSC:MOU:ACIGA:UWesternAustralia:UWesternAustraliaGroupMembers
> > ][ ID = d8dead72-ef42-4ca3-9e69-86f4261f89ed ] ] source [
> > g:gsa ] does not identify a source subject naming attribute ::
> > MEMBER[ UUID = f639aafd-6ee6-44f5-9b4b-3510b2a26484 ][ SUBJECT
> > ID = d8dead72-ef42-4ca3-9e69-86f4261f89ed ][ SUBJECT SOURCE ID
> > = g:gsa ][ SUBJECT [ NAME =
> >
> > Communities:LVC:LSC:MOU:ACIGA:UWesternAustralia:UWesternAustraliaGroupMembers
> > ][ ID = d8dead72-ef42-4ca3-9e69-86f4261f89ed ] ]
> >
> > I do not understand what the warning means nor why I am seeing
> > it.
> >
> > Provisioning seems to work fine for both groups and
> > memberships.
> >
> > Any ideas?
> >
> > Scott
> >
- warning generated by ldappc 1.4.1, Scott Koranda, 02/20/2009
- Re: [grouper-users] warning generated by ldappc 1.4.1, Tom Zeller, 02/23/2009
- Re: [grouper-users] warning generated by ldappc 1.4.1, Scott Koranda, 02/23/2009
- Re: [grouper-users] warning generated by ldappc 1.4.1, Tom Zeller, 02/23/2009
- Re: [grouper-users] warning generated by ldappc 1.4.1, Scott Koranda, 02/23/2009
- Re: [grouper-users] warning generated by ldappc 1.4.1, Tom Zeller, 02/23/2009
Archive powered by MHonArc 2.6.16.