Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Ldappc Provisioning to Active Directory

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Ldappc Provisioning to Active Directory

Chronological Thread 
  • From: Richard James <>
  • To: "'Tom Zeller'" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] Ldappc Provisioning to Active Directory
  • Date: Wed, 4 Aug 2010 15:59:42 +0100
  • Accept-language: en-US, en-GB
  • Acceptlanguage: en-US, en-GB

Thanks for your help on this Tom, I amended the config file accordingly so
that it was not using hasMember and we are now able to provision groups and
their memberships successfully, which is very cool :)

We do encounter the following error in our log, on looking into it we think
it may be a mandatory attribute on one of the objects not being set.

2010-08-04 15:24:15,654: [main] ERROR - Grouper Provision
edu.internet2.middleware.ldappc.exception.ConfigurationException: Member
groups list attribute is null
at edu.internet2.middleware.ldappc.Ldappc.provision(
at edu.internet2.middleware.ldappc.Ldappc.main(
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.lang.reflect.Method.invoke(

It doesn't have a visible effect on the provisioning, so we will monitor this
to see if it does cause any issues.

Thanks again for helping us to get this to work.


>-----Original Message-----
> On Behalf Of Tom
>Sent: 03 August 2010 20:23
>To: Richard James
>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>Apologies for the delay.
>You're provisioning Active Directory, correct ? If so, remove
><memberships ... > (memberOf) from ldappc.xml.
>Did you extend your AD schema to include eduMember ? If not, remove
><group-members-name-list ...> (hasMember).
>Take a look at
>When adding a member to a group, Active Directory automatically
>manages the memberOf attribute of the member objects. By default,
>Active Directory does not support the hasMember attribute.
>On Tue, Aug 3, 2010 at 2:58 AM, Richard James
> wrote:
>> Hi Tom,
>> I have attached our ldappc.xml file and also the properties file for
>which I have removed any user credentials.
>> Regards
>> Richard
>>>-----Original Message-----
>>> On Behalf Of Tom
>>>Sent: 02 August 2010 17:56
>>>To: Richard James
>>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>>Could you reply with a sanitized (passwordless) version of your
>>>configuration, ldappc.xml, please ?
>>>On Mon, Aug 2, 2010 at 10:39 AM, Richard James
>>> wrote:
>>>> Hi All,
>>>> We have recently started testing the provisioning of grouper groups
>>>into our test Active directory using ldappc (we will move towards
>>>ldappcng once we have got ldappc working correctly). We have managed
>>>load a number of groups into the active directory but when it comes to
>>>assigning members to these groups we are coming across a few issues.
>>>> I have configured our ldappc.xml file in line with the example
>>>directory configuration which is documented here,
>>> Initially I
>>>commented out any memberships config, as per the guidance, but on
>>>to provision memberships, I got the error attached in
>>>nomembershipconfig.txt. There is definitely a member within the group
>>>are trying to provision, so I'm not sure why this message is being
>>>> I have then tried to add the memberships section into the config
>>>this time it recognises that there is a member of the group and
>>>the user with the correct path of the AD, but returns an attribute
>>>conversion error on attempting to provision the membership.
>>>> Unfortunately our experience of provisioning items into an ldap
>>>directory is very limited. The fact that we are able to create the
>>>groups in the active directory is very promising, but the assigning of
>>>members is leaving us a little baffled at the moment, so any
>>>pointers/guidance would be very much appreciated.
>>>> Many thanks in advance
>>>> Richard James
>>>> ISS Middleware Team
>>>> Newcastle University

Archive powered by MHonArc 2.6.16.

Top of Page