Grouper Users - Open Discussion List

[Francesco Malvezzi <>]

Thank you for this great piece of software,

I'm trying to setup a test grouper installation bound to local ldap,
following documentation at:

https://spaces.internet2.edu/display/GrouperWG/Grouper+hosted+on+a+cloud+server
https://spaces.internet2.edu/display/GrouperWG/LDAPPCNG

I'm using release 1.6.0.

I've missed something very basic because when I provision, I receive a
[LDAP: error code 64 - value of naming attribute 'cn' is not present in
entry] on all already-inserted groups.

At first groups get inserted correctly:

# unimore:cesia, groupergroups, unimore.it
dn: cn=unimore:cesia,ou=groupergroups,dc=unimore,dc=it
objectClass: eduMember
objectClass: groupOfNames
objectClass: top
hasMember: malvezzi
member: uid=malvezzi,ou=people,dc=unimore,dc=it
cn: cesia
cn: unimore:cesia

but then when I update the group it tries to change cn, which of course
wont't work, because it is part of the dn. Follows the snippet of the
./gsh.sh -ldappcng -bulkCalc

<ldappc:calcResponse status='success'
requestID='2010/08/04-13:45:04.739_QMQECL0Q'>
    <ldappc:id ID='unimore:cesia'/>
    <ldappc:pso entityName='group'>
      <psoID ID='cn=unimore:cesia,ou=groupergroups,dc=unimore,dc=it'
targetID='ldap'/>
      <data>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
name='objectClass'>
          <dsml:value>top</dsml:value>
          <dsml:value>groupOfNames</dsml:value>
          <dsml:value>eduMember</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>
          <dsml:value>cesia</dsml:value>
        </dsml:attr>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
name='hasMember'>
          <dsml:value>malvezzi</dsml:value>
        </dsml:attr>
      </data>
      <capabilityData mustUnderstand='true'
capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
        <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0'
xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference'
typeOfReference='member'>
          <spmlref:toPsoID ID='uid=malvezzi,ou=people,dc=unimore,dc=it'
targetID='ldap'/>
        </spmlref:reference>
      </capabilityData>
    </ldappc:pso>
  </ldappc:calcResponse>

in ldappc-resolver.xml cn is defined as:

[...]
  <resolver:AttributeDefinition id="group-dn"
xsi:type="ldappc:LdapDnPSOIdentifier"
    structure="${DNstructure}" sourceAttributeID="name"
rdnAttributeName="cn" base="${groupsOU}">
    <resolver:Dependency ref="GroupDataConnector" />
  </resolver:AttributeDefinition>


  <resolver:AttributeDefinition id="cn" xsi:type="ad:Simple"
sourceAttributeID="extension">
    <resolver:Dependency ref="GroupDataConnector" />
  </resolver:AttributeDefinition>
[...]

Why it changes a correct multi-valued cn (actually it's me thinking it
is correct: I might be wrong) to a single-valued cn which is not the one
defined in the dn?

What did I wrong?

Which other configuration files do you need to better understand?

Thank you for the attention,

Francesco Malvezzi
University of Modena and Reggio Emilia