Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] LDAPPCNG - Members not being provisioned

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] LDAPPCNG - Members not being provisioned


Chronological Thread 
  • From: Richard James <>
  • To: "'Tom Zeller'" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] LDAPPCNG - Members not being provisioned
  • Date: Wed, 22 Sep 2010 16:45:24 +0100
  • Accept-language: en-US, en-GB
  • Acceptlanguage: en-US, en-GB
Hi Tom,

Thanks for sending the below through, from looking at our config files they
all seem to be set correctly. A search on the Active Directory at the
$peopleOU base returns the user as expected.
We are also using the same people base within our current LDAPPC
provisioning, which works without any problems. I also tried specifying the
full base dn for users (OU=Staff Users,OU=Campus
Users,DC=testcampus,DC=ncl,DC=ac,DC=uk) but this brought about the same
results.

I have spent sometime today trying to reconfigure the files in the hope of
spotting any clues but to no avail at the moment. I have asked the guys who
look after our Active Directory if there are any useful logs for us to look
at and see if it logs any of the transaction attempts when we try and
provision the memberships.

Cheers

Richie

>-----Original Message-----
>From:
>
>
>[mailto:]
> On Behalf Of Tom
>Zeller
>Sent: 21 September 2010 21:24
>To: Richard James
>Cc:
>
>Subject: Re: [grouper-users] LDAPPCNG - Members not being provisioned
>
>Do you see ldap searches for cn=test at the $peopleOU base ?
>
>As explanation, the error message below means that the identifier for
>"test" from source "members-jdbc" cannot be resolved (determined) :
>
>>>> 2010-09-20 15:06:48,140: [main] WARN
>>>> PSOReferenceDefinition.getReferences(126) -  - get references for
>>>> 'test:test' ref 'members-jdbc' unable to resolve identifier 'test'
>
>SPML references are defined in ldappcng.xml :
>
> <object id="group" authoritative="true">
> <references name="member">
> <reference ref="members-jdbc" toObject="member" />
> ...
>
>The member identifier is defined in ldappcng.xml :
>
> <object id="member">
> <identifier ref="member-dn" baseId="${peopleOU}">
> ...
>
>which resolves the "member-dn" attribute definition from ldappcng-
>resolver.xml :
>
> <resolver:AttributeDefinition id="member-dn" xsi:type="ad:Simple"
>sourceAttributeID="psoID">
> <resolver:Dependency ref="SpmlDataConnector" />
> </resolver:AttributeDefinition>
>
>which in turn resolves the SpmlDataConnector, which should search ldap :
>
> <resolver:DataConnector id="SpmlDataConnector"
>provider="ldap-provider" xsi:type="ldappc:SPMLDataConnector"
> scope="subTree" base="${peopleOU}" returnData="identifier">
> <resolver:Dependency ref="MemberDataConnector" />
> <ldappc:FilterTemplate>(cn=${id.get(0)})</ldappc:FilterTemplate>
> </resolver:DataConnector>
>
>at your base :
>
># Base DN for members
>peopleOU=OU=Campus Users,DC=testcampus,DC=ncl,DC=ac,DC=uk

Archive powered by MHonArc 2.6.16.

Top of Page