Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAP provisioning: pre-provision search failing

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAP provisioning: pre-provision search failing

Chronological Thread 
  • From: Tom Zeller <>
  • To: Elliot Kendall <>
  • Cc:
  • Subject: Re: [grouper-users] LDAP provisioning: pre-provision search failing
  • Date: Wed, 10 Feb 2010 10:33:25 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=p19G4dZl7rjnQUyD/92hyo9D+wFfj8Uy1wVnVIow14rlskxFyAfT1ufIYRbiE3dl7d GG8XB/TqVbPNwKM9MfpMbYWgs/bQRk1jitGBipHx2iQrPE0ZHOvcOSbzQKk+WrFRiFf4 qPZT2WyTTSNaNB4avqGMC1YpRNYMJyH+QmQ8I=

Ldappc will delete any objects under the groups root-dn which are not
groups, hence the search


In your config, the root-dn is the value of the
edu.vt.middleware.ldap.base property in conf/

<groups structure="flat" root-dn="${edu.vt.middleware.ldap.base}" ...

Could you please increase logging in conf/ = DEBUG = DEBUG

and try again ?

Unrelated, in your configuration, you will want to complete the following

<source-subject-name-map source="_source_name_"
subject-attribute="_attr_name_" />
<source-subject-identifier source="_source_name_"

Replace _source_name_ with the identifier of your Subject Source, and
_attr_name_ the name of the attribute used to map identifiers.


On Wed, Feb 10, 2010 at 10:02 AM, Elliot Kendall
> I'm having trouble provisioning groups into LDAP with my Grouper
> install. I invoke ldappc with:
> $ bin/ -ldappc -groups -memberships
> The interesting bit of the error log reads in part:
>> 2010-02-10 10:45:59,607: [main] ERROR - Grouper Provision
>> Failed
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 - LDAP
>> control supported by LDAP data views only.]; remaining name
>> 'dc=emory,dc=edu'
> Looking at a packet capture of traffic between Grouper and the LDAP
> server, it appears that this error is coming from a search with the
> following filter:
> (!(objectClass=groupOfNames))
> As far as I can tell, our LDAP server simply doesn't support negations
> in search filters. Is there any way to prevent ldappc doing this
> search? What's it trying to determine?
> This is with Grouper 1.5.1 on Java 1.6.0_18 64 bit. My ldappc.xml file
> is attached. I appreciate any help!
> --
> Elliot Kendall
> Lead Applications Analyst
> University Technology Services
> Emory University

Archive powered by MHonArc 2.6.16.

Top of Page