Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] [LDAPPC] weird provisionning behavior

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] [LDAPPC] weird provisionning behavior


Chronological Thread 
  • From: Tom Zeller <>
  • To: "" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] [LDAPPC] weird provisionning behavior
  • Date: Mon, 29 Mar 2010 11:12:14 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=aFKFXQLt1JRsb1vwZOjIltHNbpuNKZwjlGn9qWO4CCck9UCdXsdsoetppPLMcozQDb QeJIvDY95oZOXwUDItwTS2X9biZLT5CajiXGhGNXuUSb4vpTZWasysOqQNh0Yv85mo2B QzZ7SbtU5dmACD3WTA1Xqc69DSm0ZEQY1xWIQ=

First, my mistake, the onNotFound option is in 1.5+, not in 1.4.2.

Second, there is a 'SubjectCache' which persists for the lifetime of
the jvm - the only way to clear the cache is to stop and start ldappc.

The 'subject id' of 'F0900kra entity not found' makes me believe this
is an ldappc caching issue subsequent to the openldap replication
problem.

The persistence of the SubjectCache has been retained in 1.5 but will
not be present in 1.6. I was aware of the potential issue, and thought
a configurable cache (ehcache ?) would be wiser, but hadn't got to it
yet.

TomZ

On Mon, Mar 29, 2010 at 8:46 AM, Tom Zeller
<>
wrote:
> Please see comments below...
>
> On Mar 29, 2010, at 3:05 AM,
>
> wrote:
>
>> Hello,
>>
>> We're experiencing weird behavior with LDAPpc.
>>
>> We're actually using Grouper 1.4.2 and OpenLDAP 2.3.30. Due to some
>> problems during the change of time (France: +1 hour) this W-E, we lost
>> synchronisation between master and replicates LDAP which causes a lost of
>> connection to the replicate used by LDAPpc.
>>
>> As espected, LDAPpc logs a bunch of warnings : subject not found.
>>
>> 2010-03-29 09:33:00,432: [main] WARN  ErrorLog.warn(95) -
>> [edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer]
>> SUBJECT[[ NAME = F0900kra entity not found ][ ID = F0900kra ]] Subject not
>> found using [ subject id = F0900kra entity not found ][ source = esco:ldap
>> ][ filter =
>> [base=ou=people,dc=esco-centre,dc=fr][scope=2][filter=(uid={0})]
>> ], edu.internet2.middleware.ldappc.EntryNotFoundException: Subject not
>> found
>> using [ subject id = F0900kra entity not found ][ source = esco:ldap ][
>> filter = [base=ou=people,dc=esco-centre,dc=fr][scope=2][filter=(uid={0})] ]
>>       at
>> edu.internet2.middleware.ldappc.util.SubjectCache.findSubjectDn(SubjectCache.java:306)
>>       at
>> edu.internet2.middleware.ldappc.util.SubjectCache.findSubjectDn(SubjectCache.java:210)
>>       at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.storeGroupData(GroupEntrySynchronizer.java:611)
>>       at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.updateGroupEntry(GroupEntrySynchronizer.java:378)
>>       at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.performInclude(GroupEntrySynchronizer.java:323)
>>       at
>> edu.internet2.middleware.ldappc.synchronize.GroupSynchronizer.synchronize(GroupSynchronizer.java:169)
>>       at
>> edu.internet2.middleware.ldappc.GrouperProvisioner.provisionGroups(GrouperProvisioner.java:311)
>>       at
>> edu.internet2.middleware.ldappc.GrouperProvisioner.provision(GrouperProvisioner.java:178)
>>       at
>> edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(LdappcGrouperProvisioner.java:121)
>>       at
>> edu.internet2.middleware.ldappc.LdappcProvisionControl.run(LdappcProvisionControl.java:96)
>>       at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:105)
>>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>       at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>       at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>       at java.lang.reflect.Method.invoke(Method.java:585)
>>       at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:167)
>>       at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:108)
>>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>       at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>       at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>       at java.lang.reflect.Method.invoke(Method.java:585)
>>       at com.dawidweiss.invoker.Invoker.loader(Invoker.java:167)
>>       at com.dawidweiss.invoker.Invoker.main(Invoker.java:303)
>>
>> But we've got problems with the LDAP. LDAPpc provisions the LDAP groups
>> with members : F0900kra Entity Not Found.
>
> When I'm not mobile I'll revisit this in the code. Sounds like a bug.
>
>>
>> Generally this problem occurs when LDAPpc lost connection with the LDAP.
>> Does we have anything to do in order to prevent this or stopping LDAPpc
>> when
>> the error occurs?
>>
>> Thanks,
>>
>> Christophe.
>
> Try onNotFound='fail' in the ldap search filter configuration element of
> ldappc.xml.
>
> If I was more facile with a touch I screen would send links to
> documentation. Search for onNotFound on the ldappc page of the grouper
> product wiki.
>
> TomZ



Archive powered by MHonArc 2.6.16.

Top of Page