Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAP provisioning: pre-provision search failing

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAP provisioning: pre-provision search failing


Chronological Thread 
  • From: Tom Zeller <>
  • To: Elliot Kendall <>
  • Cc:
  • Subject: Re: [grouper-users] LDAP provisioning: pre-provision search failing
  • Date: Wed, 10 Feb 2010 10:33:25 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=p19G4dZl7rjnQUyD/92hyo9D+wFfj8Uy1wVnVIow14rlskxFyAfT1ufIYRbiE3dl7d GG8XB/TqVbPNwKM9MfpMbYWgs/bQRk1jitGBipHx2iQrPE0ZHOvcOSbzQKk+WrFRiFf4 qPZT2WyTTSNaNB4avqGMC1YpRNYMJyH+QmQ8I=

Ldappc will delete any objects under the groups root-dn which are not
groups, hence the search

(!(objectClass=groupOfNames))

In your config, the root-dn is the value of the
edu.vt.middleware.ldap.base property in conf/ldappc.properties

<groups structure="flat" root-dn="${edu.vt.middleware.ldap.base}" ...

Could you please increase logging in conf/log4j.properties

log4j.logger.edu.internet2.middleware.ldappc = DEBUG
log4j.logger.edu.vt.middleware = DEBUG

and try again ?


Unrelated, in your configuration, you will want to complete the following
stubs

<source-subject-name-map source="_source_name_"
subject-attribute="_attr_name_" />
<source-subject-identifier source="_source_name_"
subject-attribute="_attr_name_">

Replace _source_name_ with the identifier of your Subject Source, and
_attr_name_ the name of the attribute used to map identifiers.

TomZ

On Wed, Feb 10, 2010 at 10:02 AM, Elliot Kendall
<>
wrote:
> I'm having trouble provisioning groups into LDAP with my Grouper
> install. I invoke ldappc with:
>
> $ bin/gsh.sh -ldappc -groups -memberships
>
> The interesting bit of the error log reads in part:
>
>> 2010-02-10 10:45:59,607: [main] ERROR Ldappc.run(282) - Grouper Provision
>> Failed
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 - LDAP
>> control supported by LDAP data views only.]; remaining name
>> 'dc=emory,dc=edu'
>
> Looking at a packet capture of traffic between Grouper and the LDAP
> server, it appears that this error is coming from a search with the
> following filter:
>
> (!(objectClass=groupOfNames))
>
> As far as I can tell, our LDAP server simply doesn't support negations
> in search filters. Is there any way to prevent ldappc doing this
> search? What's it trying to determine?
>
> This is with Grouper 1.5.1 on Java 1.6.0_18 64 bit. My ldappc.xml file
> is attached. I appreciate any help!
>
> --
> Elliot Kendall
> Lead Applications Analyst
> University Technology Services
> Emory University
>



Archive powered by MHonArc 2.6.16.

Top of Page