Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Ldappc Provisioning to Active Directory

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Ldappc Provisioning to Active Directory


Chronological Thread 
  • From: Tom Zeller <>
  • To: Richard James <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
  • Date: Tue, 3 Aug 2010 14:23:18 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=wzNJQTqr//wpV3Ay0Cd+r5/z9jyOJ81wbI1O8V7PVBhPNjHW8vhBp2A/aY3TYZIXF0 BHO2CvC+n/eM77bxaqepWWWOw1lwxn0YTYDMDvglmRnWQdPE21mwDUGcJxTYLJyE/NaA 9dD6/Usmwyc1wCVhPnQ8Gh611PB3E/oyNw/Zw=
Apologies for the delay.

You're provisioning Active Directory, correct ? If so, remove
<memberships ... > (memberOf) from ldappc.xml.

Did you extend your AD schema to include eduMember ? If not, remove
<group-members-name-list ...> (hasMember).

Take a look at ldappc.example.ad.xml.

When adding a member to a group, Active Directory automatically
manages the memberOf attribute of the member objects. By default,
Active Directory does not support the hasMember attribute.

TomZ

On Tue, Aug 3, 2010 at 2:58 AM, Richard James
<>
wrote:
> Hi Tom,
>
> I have attached our ldappc.xml file and also the properties file for which
> I have removed any user credentials.
>
> Regards
>
> Richard
>
>>-----Original Message-----
>>From:
>>
>>
>>[mailto:]
>> On Behalf Of Tom
>>Zeller
>>Sent: 02 August 2010 17:56
>>To: Richard James
>>Cc:
>>
>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>
>>Could you reply with a sanitized (passwordless) version of your
>>configuration, ldappc.xml, please ?
>>
>>On Mon, Aug 2, 2010 at 10:39 AM, Richard James
>><>
>> wrote:
>>> Hi All,
>>>
>>> We have recently started testing the provisioning of grouper groups
>>into our test Active directory using ldappc (we will move towards using
>>ldappcng once we have got ldappc working correctly). We have managed to
>>load a number of groups into the active directory but when it comes to
>>assigning members to these groups we are coming across a few issues.
>>>
>>> I have configured our ldappc.xml file in line with the example active
>>directory configuration which is documented here,
>>https://spaces.internet2.edu/display/GrouperWG/LDAPPC. Initially I
>>commented out any memberships config, as per the guidance, but on trying
>>to provision memberships, I got the error attached in
>>nomembershipconfig.txt. There is definitely a member within the group we
>>are trying to provision, so I'm not sure why this message is being
>>returned.
>>>
>>> I have then tried to add the memberships section into the config file,
>>this time it recognises that there is a member of the group and locates
>>the user with the correct path of the AD, but returns an attribute
>>conversion error on attempting to provision the membership.
>>(membershipconfig.txt).
>>>
>>> Unfortunately our experience of provisioning items into an ldap
>>directory is very limited. The fact that we are able to create the
>>groups in the active directory is very promising, but the assigning of
>>members is leaving us a little baffled at the moment, so any
>>pointers/guidance would be very much appreciated.
>>>
>>> Many thanks in advance
>>>
>>> Richard James
>>> ISS Middleware Team
>>> Newcastle University
>>>
>>>
>>>
>

Archive powered by MHonArc 2.6.16.

Top of Page