Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Ldappc Provisioning to Active Directory

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Ldappc Provisioning to Active Directory

Chronological Thread 
  • From: Tom Zeller <>
  • To: Richard James <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
  • Date: Wed, 4 Aug 2010 10:06:07 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=cR6F/13a3h0V0/E+H0eEIFA7d4UcPsKst0mili7i8CocFIVl5HV1XOhv6I6Z3Tc9jI CjQlYEQHUt6yzjyMuUrTs6JFvojtVRMdSk6tUE7nx9PoVgN0EPvKupST0kgJfyorH+37 FcdC40mSB03/Dtd7suqCpv8+OXIPFQOpmi/XM=

Did you remove this too ? If so, that error should not be present,
which is why I'm asking.

<member-groups-list list-object-class="eduMember"
list-attribute="isMemberOf" naming-attribute="name" />

On Wed, Aug 4, 2010 at 9:59 AM, Richard James
> Thanks for your help on this Tom, I amended the config file accordingly so
> that it was not using hasMember and we are now able to provision groups and
> their memberships successfully, which is very cool :)
> We do encounter the following error in our log, on looking into it we think
> it may be a mandatory attribute on one of the objects not being set.
> 2010-08-04 15:24:15,654: [main] ERROR - Grouper Provision
> Failed
> edu.internet2.middleware.ldappc.exception.ConfigurationException: Member
> groups list attribute is null
>        at
> edu.internet2.middleware.ldappc.Ldappc.addSubjectDnSet(
>        at
> edu.internet2.middleware.ldappc.Ldappc.buildSourceSubjectDnSet(
>        at
> edu.internet2.middleware.ldappc.Ldappc.provisionMemberships(
>        at edu.internet2.middleware.ldappc.Ldappc.provision(
>        at
>        at edu.internet2.middleware.ldappc.Ldappc.main(
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(
>        at java.lang.reflect.Method.invoke(
>        at
>        at
>        at
> It doesn't have a visible effect on the provisioning, so we will monitor
> this to see if it does cause any issues.
> Thanks again for helping us to get this to work.
> Richard
>>-----Original Message-----
>> On Behalf Of Tom
>>Sent: 03 August 2010 20:23
>>To: Richard James
>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>Apologies for the delay.
>>You're provisioning Active Directory, correct ? If so, remove
>><memberships ... > (memberOf) from ldappc.xml.
>>Did you extend your AD schema to include eduMember ? If not, remove
>><group-members-name-list ...> (hasMember).
>>Take a look at
>>When adding a member to a group, Active Directory automatically
>>manages the memberOf attribute of the member objects. By default,
>>Active Directory does not support the hasMember attribute.
>>On Tue, Aug 3, 2010 at 2:58 AM, Richard James
>> wrote:
>>> Hi Tom,
>>> I have attached our ldappc.xml file and also the properties file for
>>which I have removed any user credentials.
>>> Regards
>>> Richard
>>>>-----Original Message-----
>>>> On Behalf Of Tom
>>>>Sent: 02 August 2010 17:56
>>>>To: Richard James
>>>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>>>Could you reply with a sanitized (passwordless) version of your
>>>>configuration, ldappc.xml, please ?
>>>>On Mon, Aug 2, 2010 at 10:39 AM, Richard James
>>>> wrote:
>>>>> Hi All,
>>>>> We have recently started testing the provisioning of grouper groups
>>>>into our test Active directory using ldappc (we will move towards
>>>>ldappcng once we have got ldappc working correctly). We have managed
>>>>load a number of groups into the active directory but when it comes to
>>>>assigning members to these groups we are coming across a few issues.
>>>>> I have configured our ldappc.xml file in line with the example
>>>>directory configuration which is documented here,
>>>> Initially I
>>>>commented out any memberships config, as per the guidance, but on
>>>>to provision memberships, I got the error attached in
>>>>nomembershipconfig.txt. There is definitely a member within the group
>>>>are trying to provision, so I'm not sure why this message is being
>>>>> I have then tried to add the memberships section into the config
>>>>this time it recognises that there is a member of the group and
>>>>the user with the correct path of the AD, but returns an attribute
>>>>conversion error on attempting to provision the membership.
>>>>> Unfortunately our experience of provisioning items into an ldap
>>>>directory is very limited. The fact that we are able to create the
>>>>groups in the active directory is very promising, but the assigning of
>>>>members is leaving us a little baffled at the moment, so any
>>>>pointers/guidance would be very much appreciated.
>>>>> Many thanks in advance
>>>>> Richard James
>>>>> ISS Middleware Team
>>>>> Newcastle University

Archive powered by MHonArc 2.6.16.

Top of Page