Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Ldappc Provisioning to Active Directory

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Ldappc Provisioning to Active Directory


Chronological Thread 
  • From: Tom Zeller <>
  • To: Richard James <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
  • Date: Wed, 4 Aug 2010 10:06:07 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=cR6F/13a3h0V0/E+H0eEIFA7d4UcPsKst0mili7i8CocFIVl5HV1XOhv6I6Z3Tc9jI CjQlYEQHUt6yzjyMuUrTs6JFvojtVRMdSk6tUE7nx9PoVgN0EPvKupST0kgJfyorH+37 FcdC40mSB03/Dtd7suqCpv8+OXIPFQOpmi/XM=
Did you remove this too ? If so, that error should not be present,
which is why I'm asking.

<memberships>
<member-groups-list list-object-class="eduMember"
list-attribute="isMemberOf" naming-attribute="name" />
</memberships>

On Wed, Aug 4, 2010 at 9:59 AM, Richard James
<>
wrote:
> Thanks for your help on this Tom, I amended the config file accordingly so
> that it was not using hasMember and we are now able to provision groups and
> their memberships successfully, which is very cool :)
>
> We do encounter the following error in our log, on looking into it we think
> it may be a mandatory attribute on one of the objects not being set.
>
> 2010-08-04 15:24:15,654: [main] ERROR Ldappc.run(283) - Grouper Provision
> Failed
> edu.internet2.middleware.ldappc.exception.ConfigurationException: Member
> groups list attribute is null
>        at
> edu.internet2.middleware.ldappc.Ldappc.addSubjectDnSet(Ldappc.java:962)
>        at
> edu.internet2.middleware.ldappc.Ldappc.buildSourceSubjectDnSet(Ldappc.java:926)
>        at
> edu.internet2.middleware.ldappc.Ldappc.provisionMemberships(Ldappc.java:591)
>        at edu.internet2.middleware.ldappc.Ldappc.provision(Ldappc.java:383)
>        at edu.internet2.middleware.ldappc.Ldappc.run(Ldappc.java:253)
>        at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:208)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:188)
>        at
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:128)
>        at
> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
>
> It doesn't have a visible effect on the provisioning, so we will monitor
> this to see if it does cause any issues.
>
> Thanks again for helping us to get this to work.
>
> Richard
>
>>-----Original Message-----
>>From:
>>
>>
>>[mailto:]
>> On Behalf Of Tom
>>Zeller
>>Sent: 03 August 2010 20:23
>>To: Richard James
>>Cc:
>>
>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>
>>Apologies for the delay.
>>
>>You're provisioning Active Directory, correct ? If so, remove
>><memberships ... > (memberOf) from ldappc.xml.
>>
>>Did you extend your AD schema to include eduMember ? If not, remove
>><group-members-name-list ...> (hasMember).
>>
>>Take a look at ldappc.example.ad.xml.
>>
>>When adding a member to a group, Active Directory automatically
>>manages the memberOf attribute of the member objects. By default,
>>Active Directory does not support the hasMember attribute.
>>
>>TomZ
>>
>>On Tue, Aug 3, 2010 at 2:58 AM, Richard James
>><>
>> wrote:
>>> Hi Tom,
>>>
>>> I have attached our ldappc.xml file and also the properties file for
>>which I have removed any user credentials.
>>>
>>> Regards
>>>
>>> Richard
>>>
>>>>-----Original Message-----
>>>>From:
>>>>
>>>>
>>>>[mailto:]
>>>> On Behalf Of Tom
>>>>Zeller
>>>>Sent: 02 August 2010 17:56
>>>>To: Richard James
>>>>Cc:
>>>>
>>>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>>>
>>>>Could you reply with a sanitized (passwordless) version of your
>>>>configuration, ldappc.xml, please ?
>>>>
>>>>On Mon, Aug 2, 2010 at 10:39 AM, Richard James
>>>><>
>>>> wrote:
>>>>> Hi All,
>>>>>
>>>>> We have recently started testing the provisioning of grouper groups
>>>>into our test Active directory using ldappc (we will move towards
>>using
>>>>ldappcng once we have got ldappc working correctly). We have managed
>>to
>>>>load a number of groups into the active directory but when it comes to
>>>>assigning members to these groups we are coming across a few issues.
>>>>>
>>>>> I have configured our ldappc.xml file in line with the example
>>active
>>>>directory configuration which is documented here,
>>>>https://spaces.internet2.edu/display/GrouperWG/LDAPPC. Initially I
>>>>commented out any memberships config, as per the guidance, but on
>>trying
>>>>to provision memberships, I got the error attached in
>>>>nomembershipconfig.txt. There is definitely a member within the group
>>we
>>>>are trying to provision, so I'm not sure why this message is being
>>>>returned.
>>>>>
>>>>> I have then tried to add the memberships section into the config
>>file,
>>>>this time it recognises that there is a member of the group and
>>locates
>>>>the user with the correct path of the AD, but returns an attribute
>>>>conversion error on attempting to provision the membership.
>>>>(membershipconfig.txt).
>>>>>
>>>>> Unfortunately our experience of provisioning items into an ldap
>>>>directory is very limited. The fact that we are able to create the
>>>>groups in the active directory is very promising, but the assigning of
>>>>members is leaving us a little baffled at the moment, so any
>>>>pointers/guidance would be very much appreciated.
>>>>>
>>>>> Many thanks in advance
>>>>>
>>>>> Richard James
>>>>> ISS Middleware Team
>>>>> Newcastle University
>>>>>
>>>>>
>>>>>
>>>
>

Archive powered by MHonArc 2.6.16.

Top of Page