Grouper Users - Open Discussion List

[Tom Zeller <>]

You have one stem "test", one group "test", and one member "test", correct ?

What does

gsh 1% subject = findSubject("test");

return ?

On Mon, Sep 20, 2010 at 9:37 AM, Richard James
<>
 wrote:
> Hi All,
>
>
>
> We have been successfully provisioning Grouper groups into our live Active
> Directory using LDAPPC and we are now looking at using LDAPPCNG in order to
> keep up to date.
>
>
>
> Our current progress is that we have been able to provision the groups into
> the active directory (see attached successresponse.txt) but unfortunately we
> have not been able to get members to be provisioned. The following messages
> are logged in the logs,
>
>
>
> 2010-09-20 15:06:48,126: [main] ERROR PSP.execute(202) -  -
> CalcResponse[id=test,status=failure,error=noSuchIdentifier,errorMessages={Unable
> to calculate provisioned
> object.},requestID=2010/09/20-15:06:47.658_QOLO3QXH]
>
> 2010-09-20 15:06:48,140: [main] WARN
> PSOReferenceDefinition.getReferences(126) -  - get references for
> 'test:test' ref 'members-jdbc' unable to resolve identifier 'test'
>
> 2010-09-20 15:06:48,773: [main] ERROR PSP.execute(202) -  -
> CalcResponse[id=test,status=failure,error=noSuchIdentifier,errorMessages={Unable
> to calculate provisioned
> object.},requestID=2010/09/20-15:06:48.444_QOLO3QXN]
>
> 2010-09-20 15:06:48,774: [main] ERROR PSP.execute(227) -  -
> DiffResponse[id=test,status=failure,error=noSuchIdentifier,errorMessages={Unable
> to calculate provisioned
> object.},requestID=2010/09/20-15:06:48.444_QOLO3QXM]
>
> 2010-09-20 15:06:49,079: [main] ERROR PSP.execute(626) -  -
> BulkDiffResponse[responses=5,status=failure,error=<null>,errorMessages={},requestID=2010/09/20-15:06:43.986_QOLO3QWS]
>
>
>
>
>
> From the log it does show that it is finding the correct members from the
> group membership list, but for some reason it is not able to make use of
> this user identifier. Within the ldappc-resolver the ldappc filter is
> configured to search against the CN for user which takes the same format as
> the id shown in the log entry. I have attached sanitized versions of the
> main config files that we are using to do this. The main change to the
> ldappc-resolver.xml file that we made was to create the group in the AD with
> the grouper extension attribute rather than the name attribute.
>
>
>
> We have attempted to amend the ldappc-resolve to see if we could this
> working but to no avail, the versions of the files attached currently allow
> us to create the groups.
>
>
>
> Could anyone point us in the right direction for where the problem may be
> occurring? We are a bit unsure if we have missed something out of our
> configuration or if we referencing an incorrect attribute, or if indeed it
> is something on the AD side.
>
>
>
> We are using version 1.6.1.
>
>
>
> Many Thanks
>
>
>
> Richie
>
> ISS Middleware Team
>
> Newcastle University
>
>