Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Ldappc Provisioning to Active Directory

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Ldappc Provisioning to Active Directory

Chronological Thread 
  • From: Richard James <>
  • To: "'Tom Zeller'" <>, "" <>
  • Subject: RE: [grouper-users] Ldappc Provisioning to Active Directory
  • Date: Thu, 5 Aug 2010 11:02:06 +0100
  • Accept-language: en-US, en-GB
  • Acceptlanguage: en-US, en-GB

I will create a page within the Newcastle University section on the Grouper
wiki, which will document the configuration involved for the provisioning of
groups/members in Active Directory from our implementation. Hopefully it will
be a good reference page for any users new to provisioning to an AD like
ourselves :)

I will post the link once I have created the page.


>-----Original Message-----
> On Behalf Of Tom
>Sent: 04 August 2010 16:59
>Cc: Richard James
>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>We figured this out off-list. I should make a better example on the
>wiki for configuration and running ldappc when provisioning Active
>On Wed, Aug 4, 2010 at 10:06 AM, Tom Zeller
> wrote:
>> Did you remove this too ? If so, that error should not be present,
>> which is why I'm asking.
>> <memberships>
>>  <member-groups-list list-object-class="eduMember"
>> list-attribute="isMemberOf" naming-attribute="name" />
>> </memberships>
>> On Wed, Aug 4, 2010 at 9:59 AM, Richard James
>> <>
>> wrote:
>>> Thanks for your help on this Tom, I amended the config file
>accordingly so that it was not using hasMember and we are now able to
>provision groups and their memberships successfully, which is very cool
>>> We do encounter the following error in our log, on looking into it we
>think it may be a mandatory attribute on one of the objects not being
>>> 2010-08-04 15:24:15,654: [main] ERROR - Grouper
>Provision Failed
>>> edu.internet2.middleware.ldappc.exception.ConfigurationException:
>Member groups list attribute is null
>>>        at
>>>        at
>>>        at
>>>        at
>>>        at
>>>        at
>>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>        at
>>>        at
>>>        at java.lang.reflect.Method.invoke(
>>>        at
>>>        at
>>>        at
>>> It doesn't have a visible effect on the provisioning, so we will
>monitor this to see if it does cause any issues.
>>> Thanks again for helping us to get this to work.
>>> Richard
>>>>-----Original Message-----
>>>> On Behalf Of Tom
>>>>Sent: 03 August 2010 20:23
>>>>To: Richard James
>>>>Subject: Re: [grouper-users] Ldappc Provisioning to Active Directory
>>>>Apologies for the delay.
>>>>You're provisioning Active Directory, correct ? If so, remove
>>>><memberships ... > (memberOf) from ldappc.xml.
>>>>Did you extend your AD schema to include eduMember ? If not, remove
>>>><group-members-name-list ...> (hasMember).
>>>>Take a look at
>>>>When adding a member to a group, Active Directory automatically
>>>>manages the memberOf attribute of the member objects. By default,
>>>>Active Directory does not support the hasMember attribute.
>>>>On Tue, Aug 3, 2010 at 2:58 AM, Richard James
>>>> wrote:
>>>>> Hi Tom,
>>>>> I have attached our ldappc.xml file and also the properties file
>>>>which I have removed any user credentials.
>>>>> Regards
>>>>> Richard
>>>>>>-----Original Message-----
>>>>>> On Behalf Of
>>>>>>Sent: 02 August 2010 17:56
>>>>>>To: Richard James
>>>>>>Subject: Re: [grouper-users] Ldappc Provisioning to Active
>>>>>>Could you reply with a sanitized (passwordless) version of your
>>>>>>configuration, ldappc.xml, please ?
>>>>>>On Mon, Aug 2, 2010 at 10:39 AM, Richard James
>>>>>> wrote:
>>>>>>> Hi All,
>>>>>>> We have recently started testing the provisioning of grouper
>>>>>>into our test Active directory using ldappc (we will move towards
>>>>>>ldappcng once we have got ldappc working correctly). We have
>>>>>>load a number of groups into the active directory but when it comes
>>>>>>assigning members to these groups we are coming across a few
>>>>>>> I have configured our ldappc.xml file in line with the example
>>>>>>directory configuration which is documented here,
>>>>>> Initially I
>>>>>>commented out any memberships config, as per the guidance, but on
>>>>>>to provision memberships, I got the error attached in
>>>>>>nomembershipconfig.txt. There is definitely a member within the
>>>>>>are trying to provision, so I'm not sure why this message is being
>>>>>>> I have then tried to add the memberships section into the config
>>>>>>this time it recognises that there is a member of the group and
>>>>>>the user with the correct path of the AD, but returns an attribute
>>>>>>conversion error on attempting to provision the membership.
>>>>>>> Unfortunately our experience of provisioning items into an ldap
>>>>>>directory is very limited. The fact that we are able to create the
>>>>>>groups in the active directory is very promising, but the assigning
>>>>>>members is leaving us a little baffled at the moment, so any
>>>>>>pointers/guidance would be very much appreciated.
>>>>>>> Many thanks in advance
>>>>>>> Richard James
>>>>>>> ISS Middleware Team
>>>>>>> Newcastle University

Archive powered by MHonArc 2.6.16.

Top of Page