Grouper Users - Open Discussion List

[Richard James <>]

That's correct, I should really have differentiated the names for each of the 
elements.

The following is returned from GSH,

gsh 4% subject = findSubject("test")
subject: id='test' type='person' source='jdbc' name='Test User'

And also retrieving member from test group;

getMembers("test:test")
member: id='test' type='person' source='jdbc' 
uuid='4797cf643e5b47c5b0bd4f7fbea04d6a'

Thanks

Richie
 

>-----Original Message-----
>From: 
>
> 
>[mailto:]
> On Behalf Of Tom
>Zeller
>Sent: 20 September 2010 21:04
>To: Richard James
>Cc: 
>
>Subject: Re: [grouper-users] LDAPPCNG - Members not being provisioned
>
>You have one stem "test", one group "test", and one member "test",
>correct ?
>
>What does
>
>gsh 1% subject = findSubject("test");
>
>return ?
>
>On Mon, Sep 20, 2010 at 9:37 AM, Richard James
><>
> wrote:
>> Hi All,
>>
>>
>>
>> We have been successfully provisioning Grouper groups into our live
>Active
>> Directory using LDAPPC and we are now looking at using LDAPPCNG in
>order to
>> keep up to date.
>>
>>
>>
>> Our current progress is that we have been able to provision the groups
>into
>> the active directory (see attached successresponse.txt) but
>unfortunately we
>> have not been able to get members to be provisioned. The following
>messages
>> are logged in the logs,
>>
>>
>>
>> 2010-09-20 15:06:48,126: [main] ERROR PSP.execute(202) -  -
>>
>CalcResponse[id=test,status=failure,error=noSuchIdentifier,errorMessages
>={Unable
>> to calculate provisioned
>> object.},requestID=2010/09/20-15:06:47.658_QOLO3QXH]
>>
>> 2010-09-20 15:06:48,140: [main] WARN
>> PSOReferenceDefinition.getReferences(126) -  - get references for
>> 'test:test' ref 'members-jdbc' unable to resolve identifier 'test'
>>
>> 2010-09-20 15:06:48,773: [main] ERROR PSP.execute(202) -  -
>>
>CalcResponse[id=test,status=failure,error=noSuchIdentifier,errorMessages
>={Unable
>> to calculate provisioned
>> object.},requestID=2010/09/20-15:06:48.444_QOLO3QXN]
>>
>> 2010-09-20 15:06:48,774: [main] ERROR PSP.execute(227) -  -
>>
>DiffResponse[id=test,status=failure,error=noSuchIdentifier,errorMessages
>={Unable
>> to calculate provisioned
>> object.},requestID=2010/09/20-15:06:48.444_QOLO3QXM]
>>
>> 2010-09-20 15:06:49,079: [main] ERROR PSP.execute(626) -  -
>>
>BulkDiffResponse[responses=5,status=failure,error=<null>,errorMessages={
>},requestID=2010/09/20-15:06:43.986_QOLO3QWS]
>>
>>
>>
>>
>>
>> From the log it does show that it is finding the correct members from
>the
>> group membership list, but for some reason it is not able to make use
>of
>> this user identifier. Within the ldappc-resolver the ldappc filter is
>> configured to search against the CN for user which takes the same
>format as
>> the id shown in the log entry. I have attached sanitized versions of
>the
>> main config files that we are using to do this. The main change to the
>> ldappc-resolver.xml file that we made was to create the group in the
>AD with
>> the grouper extension attribute rather than the name attribute.
>>
>>
>>
>> We have attempted to amend the ldappc-resolve to see if we could this
>> working but to no avail, the versions of the files attached currently
>allow
>> us to create the groups.
>>
>>
>>
>> Could anyone point us in the right direction for where the problem may
>be
>> occurring? We are a bit unsure if we have missed something out of our
>> configuration or if we referencing an incorrect attribute, or if
>indeed it
>> is something on the AD side.
>>
>>
>>
>> We are using version 1.6.1.
>>
>>
>>
>> Many Thanks
>>
>>
>>
>> Richie
>>
>> ISS Middleware Team
>>
>> Newcastle University
>>
>>