Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] RE: Unix GID's in Grouper

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] RE: Unix GID's in Grouper


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Dirk Kastens <>, "" <>
  • Subject: RE: [grouper-users] RE: Unix GID's in Grouper
  • Date: Fri, 11 Jun 2010 10:01:01 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US
Dirk,

Sorry for the delay, I updated the new hooks example so that it assigns a gid
and the gid is not editable by nonwheel/root.

There was one bug:

https://bugs.internet2.edu/jira/browse/GRP-451

Also, I run the hook as root user since the security will preclude it...

Here is the doc which I believe works in 1.5:

https://spaces.internet2.edu/display/GrouperWG/Getting+started+with+hooks2

Please try it out and let me know if there are any problems.

Thanks,
Chris


-----Original Message-----
From: Dirk Kastens
[mailto:]

Sent: Wednesday, June 09, 2010 10:47 AM
To:

Subject: Re: [grouper-users] RE: Unix GID's in Grouper

Hi again,

it seems, that the hook only works with ADMIN privileges. I created the
root stem "uos" and tried to add a group. Group "g1" has been created as
GrouperSysAdmin - this works. Group "g2" has been created as user
"dkastens":

-------------------
gsh 0% grantPriv("uos", "dkastens", NamingPrivilege.STEM)
true
gsh 1% grantPriv("uos", "dkastens", NamingPrivilege.CREATE)
true
gsh 2% addGroup("uos", "g1", "Group 1")
group: name='uos:g1' displayName='Uni Osnabrueck:Group 1'
uuid='4c5be8e01c5f42c8a06af6bd5b404529'
gsh 3% subj = findSubject("dkastens")
subject: id='dkastens' type='person' source='uosldap' name='Dirk Kastens'
gsh 4% sess = GrouperSession.start(subj)
edu.internet2.middleware.grouper.GrouperSession:
3346e568089b4c189c682c9f6dbb3f3e,'dkastens','person'
gsh 5% addGroup("uos", "g2", "Group 2")
// Error: unable to evaluate command: Sourced file: inline evaluation
of: ``addGroup("uos", "g2", "Group 2");'' : Error invoking compiled
command: : Error in compiled command: java.lang.RuntimeException:
subject cannot ADMIN,
Problem in HibernateSession: HibernateSession: isNew: false, isReadonly:
false, grouperTransactionType: READ_WRITE_NEW,
Hook GroupAddUosHook.groupPostInsert id: QKII325A,
Problem in HibernateSession: HibernateSession: isNew: false, isReadonly:
false, grouperTransactionType: READ_WRITE_NEW,
Problem in HibernateSession: HibernateSession: isNew: true, isReadonly:
false, grouperTransactionType: READ_WRITE_NEW
gsh 6% groupGetTypes("uos:g1")
type: 'posixGroup'
type: 'base'
gsh 7% groupGetTypes("uos:g2")
gsh 8%
---------------

What does the error "subject cannot ADMIN" mean? Group "g2" has been
created but it doesn't have any types. So the hook doesn't seem to work
without admin rights. Can this be changed or do I miss something?

Thanks,
Dirk


Archive powered by MHonArc 2.6.16.

Top of Page