Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAPPC issues with whitespace in Active Directory

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAPPC issues with whitespace in Active Directory


Chronological Thread 
  • From: Tom Zeller <>
  • To: Raymond D Walker <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] LDAPPC issues with whitespace in Active Directory
  • Date: Fri, 23 Oct 2009 08:24:42 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=K5GDllypiJENUK59sdehq6z+NrBVong9kgAnnxE+54ySlrQnD3DMdaBdJhsKBAtzr4 r3VvavV1CWRxg1S08VuobviL9s/gSfT8UAgV3qtwD7J2lTJSdVo41goD7XlUS0lwTs60 GPiNxVpy9w7dxr4syc4sdPX460vsrdDDo7TZE=
On Thu, Oct 22, 2009 at 7:25 PM, Raymond D Walker
<>
wrote:
> Firing this message off at the end of the day without really looking
> for past reports of this particular issue...
>
> When provisioning to Active Directory environment with LDAPPC 1.4, I'm
> noticing that if you are working with user DN's that have whitespaces,
> LDAPPC takes that and converts to "%20" when actually provisioning,
> thus throwing errors/warnings:
>
> ---
> 2009-10-22 16:58:16,976: [Timer-0] ERROR ErrorLog.error(108) -
> [edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer]
> GROUP[[ DISPLAY NAME = ENT:ITS-SIA-TEST ][NAME = ENT:ITS-SIA-TEST][UID
> = 10ea9fd09f744e6fb0ad3cd0baf2dbb0]] ::
> javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525:
> NameErr: DSID-031A11A5, problem 2001 (NO_OBJECT), data 0, best match of:
>        ''
> ---
>
> This error in LDAPPC makes you think it's the group that's at fault,
> my initial guesses were that it wasn't being created due to permission
> issues, etc... This is in fact not the case, but rather due to
> whitespace conversion in user DN's...
>
> Bumped up the log levels and found the attempt to create the group:
>
> ---
> 009-10-22 16:58:16,938: [Timer-0] INFO
> GroupEntrySynchronizer.addGroupEntry(870) - Creating 'cn=ENT:ITS-SIA-
> TEST,ou=Enterprise Groups,dc=froot,dc=nau,dc=edu' attrs
> {grouptype=groupType: -2147483640, objectclass=objectClass: group,
> member=member: CN=rdw4,OU=Student%20Wage,OU=Exchange
> %20Mailboxes,DC=nau,DC=froot,DC=nau,DC=edu, cn=cn: ENT:ITS-SIA-TEST}
> 2009-10-22 16:58:16,976: [Timer-0] ERROR ErrorLog.error(108) -
> [edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer]
> GROUP[[ DISPLAY NAME = ENT:ITS-SIA-TEST ][NAME = ENT:ITS-SIA-TEST][UID
> = 10ea9fd09f744e6fb0ad3cd0baf2dbb0]] ::
> javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525:
> NameErr: DSID-031A11A5, problem 2001 (NO_OBJECT), data 0, best match of:
>        ''
> ---
>
> ...but still the same warning/error... I tried adding by hand... walah!
>
> ---
> changetype: modify
> add: member
> member: CN=aga7,OU=Student%20Wage,OU=Exchange
> %20Mailboxes,DC=nau,DC=froot,DC=nau,DC=edu
>
> modifying entry "CN=ENT:ITS-SIA-TEST,OU=Enterprise
> Groups,DC=froot,DC=nau,DC=edu"
> ldap_modify: No such object (32)
>        additional info: 00000525: NameErr: DSID-031A11A5, problem 2001
> (NO_OBJECT), data 0, best match of:
>        ''
> ---
>
> Converting the %20 back to " " solves the issue in AD. These
> "whitespace" DN users only exist in production thanks to the
> flexibility of Exchange.
>
> I'm assuming there is no configuration changes to get around this issue?

Well, not yet :-). I'll add "member dns containing whitespace" to the
1.5.0 tests and see what happens.

TomZ

Archive powered by MHonArc 2.6.16.

Top of Page