Grouper Users - Open Discussion List

[Raymond D Walker <>]

Revisiting this ancient issue with a better understanding...

Currently have provisioning of "group-members-dn-list" working and now  
trying to add "group-members-name-list" via the "name" attribute. The  
provisioning of "group-members-name-list" does not seem to be working  
correctly. My config seems to be properly setup:

<group-members-dn-list list-object-class="nauEduEnterpriseGroup"
  list-attribute="nauEduManualMember"/>

<group-members-name-list list-attribute="memberUid" list-object- 
class="nauEduEnterpriseGroup" list-empty-value="NONE">
  <source-subject-name-mapping>
   <source-subject-name-map source="NAULDAP" subject-attribute="name" />
  </source-subject-name-mapping>
</group-members-name-list>

I have confirmed my source:
source: id='NAULDAP' name='NAU LDAP'  
class='edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter'

I have confirmed the attribute on the subjects to be populating:
subject: id='XXXXXXXXXXXXXXXXXXXXXXXXXX' type='person'  
source='NAULDAP' name='rdw4'

All I get is the empty value "NONE" populated for attribute  
"memberUid" in LDAP for all groups (populated or not) when  
provisioning. Any ideas on this?

Raymond Walker
Software Systems Engineer Sr.
ITS Northern Arizona University

On Nov 18, 2008, at 4:25 PM, Tom Zeller wrote:

> A guess : group-members-dn-list and group-members-name-list are  
> colliding in a strange way since they both provision to uniqueMember  
> - maybe try setting group-members-name-list to a different list- 
> attribute than uniqueMember ?
>
> TomZ
>
> On Tue, Nov 18, 2008 at 12:03 PM, 
> <>
>  wrote:
> I have grouper api 1.3.1 running and correctly sourcing subjects  
> from an instance of LDAP. When trying to use ldappc 1.2.0 to  
> populate LDAP with a list of groups and their members, I am  
> encountering some interesting issues.
>
> The groups populate in LDAP as expected, but members of these groups  
> do not show up. I'm looking at working with AD & LDAP so I'm just  
> trying to get UID's to populate as uniqueMember within a group.  
> Groups within groups populate, as I see from the g:gsa subject  
> source, but I'm actually looking to populate deep groups. For  
> example, all members are LDAP sourced:
>
> GroupA consists of person1, person2, & GroupB
> GroupB consists of person3
>
> LDAP should look like:
> dn: cn=etc:GroupA,ou=grouper,dc=nau,dc=edu
> objectClass: groupOfUniqueNames
> objectClass: top
> cn: etc:GroupA
> uniqueMember: person1
> uniqueMember: person2
> uniqueMember: person3
>
> dn: cn=etc:GroupB,ou=grouper,dc=nau,dc=edu
> objectClass: groupOfUniqueNames
> objectClass: top
> cn: etc:GroupB
> uniqueMember: person3
>
> I am executing:
> ./bin/ldappc.sh -subject GrouperSystem -groups -interval 60
> (from what I understand the -membership option is meant to populate  
> an LDAP person with what groups they are in. I am just looking to  
> populate a separate group area with groups and their members at this  
> time.)
>
> In grouper, my current sources are:
> source: id='g:gsa' name='Grouper: Group Source Adapter'  
> class='edu.internet2.middleware.grouper.GrouperSourceAdapter'
> source: id='g:isa' name='Grouper: Internal Source Adapter'  
> class='edu.internet2.middleware.grouper.InternalSourceAdapter'
> source: id='jdbc' name='JDBC Source Adapter'  
> class='edu.internet2.middleware.subject.provider.JDBCSourceAdapter'
> source: id='NAU LDAP' name='NAU Edu'  
> class='edu.internet2.middleware.subject.provider.JNDISourceAdapter'
>
> ldappc.xml looks like:
>
> <ldappc>
>  <grouper>
>    <group-queries>
>      <subordinate-stem-queries>
>        <stem-list>
>          <stem>etc</stem>
>        </stem-list>
>      </subordinate-stem-queries>
>    </group-queries>
>    <groups structure="flat"
>      root-dn="ou=grouper,dc=nau,dc=edu"
>      ldap-object-class="groupOfUniqueNames"
>      ldap-rdn-attribute="cn" grouper-attribute="name" >
>
>      <group-members-dn-list list-object-class="groupOfUniqueNames"  
> list-attribute="uniqueMember" list-empty-value=""/>
>
>      <group-members-name-list list-object-class="groupOfUniqueNames"  
> list-attribute="uniqueMember" >
>        <source-subject-name-mapping>
>          <source-subject-name-map source="NAU LDAP" subject- 
> attribute="id" />
>          <source-subject-name-map source="g:gsa" subject- 
> attribute="name" />
>      </source-subject-name-mapping>
>      </group-members-name-list>
>
>  <source-subject-identifiers>
>    <source-subject-identifier source="NAU LDAP" subject- 
> attribute="id" >
>      <ldap-search base="ou=people,dc=nau,dc=edu"
>        scope="subtree_scope"
>        filter="(uid={0})" />
>    </source-subject-identifier>
>    <source-subject-identifier source="g:gsa" subject- 
> attribute="name" >
>      <ldap-search base="ou=grouper,dc=nau,dc=edu"
>        scope="subtree_scope"
>        filter="(cn={0})" />
>    </source-subject-identifier>
>  </source-subject-identifiers>
> ...ldap info removed...
>
> Any ideas of what's going south? This seems like a pretty basic  
> setup. My current setup looks to be doing LDAP queries for LDAP  
> sourced grouper members? Seems somewhat redundant. Thanks much for  
> any info! :D
>
> -Ray Walker
>