Grouper Users - Open Discussion List

[Tom Zeller <>]

Ldappc will delete any objects under the groups root-dn which are not
groups, hence the search

 (!(objectClass=groupOfNames))

In your config, the root-dn is the value of the
edu.vt.middleware.ldap.base property in conf/ldappc.properties

 <groups structure="flat" root-dn="${edu.vt.middleware.ldap.base}" ...

Could you please increase logging in conf/log4j.properties

 log4j.logger.edu.internet2.middleware.ldappc = DEBUG
 log4j.logger.edu.vt.middleware = DEBUG

and try again ?


Unrelated, in your configuration, you will want to complete the following 
stubs

 <source-subject-name-map source="_source_name_"
subject-attribute="_attr_name_" />
 <source-subject-identifier source="_source_name_"
subject-attribute="_attr_name_">

Replace _source_name_ with the identifier of your Subject Source, and
_attr_name_ the name of the attribute used to map identifiers.

TomZ

On Wed, Feb 10, 2010 at 10:02 AM, Elliot Kendall
<>
 wrote:
> I'm having trouble provisioning groups into LDAP with my Grouper
> install. I invoke ldappc with:
>
> $ bin/gsh.sh -ldappc -groups -memberships
>
> The interesting bit of the error log reads in part:
>
>> 2010-02-10 10:45:59,607: [main] ERROR Ldappc.run(282) - Grouper Provision 
>> Failed
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 - LDAP 
>> control supported by LDAP data views only.]; remaining name 
>> 'dc=emory,dc=edu'
>
> Looking at a packet capture of traffic between Grouper and the LDAP
> server, it appears that this error is coming from a search with the
> following filter:
>
> (!(objectClass=groupOfNames))
>
> As far as I can tell, our LDAP server simply doesn't support negations
> in search filters. Is there any way to prevent ldappc doing this
> search? What's it trying to determine?
>
> This is with Grouper 1.5.1 on Java 1.6.0_18 64 bit. My ldappc.xml file
> is attached. I appreciate any help!
>
> --
> Elliot Kendall
> Lead Applications Analyst
> University Technology Services
> Emory University
>