grouper-users - Re: [grouper-users] LDAPPCNG——noSuchIdentifi er error
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: lucy <>
- Cc:
- Subject: Re: [grouper-users] LDAPPCNG——noSuchIdentifi er error
- Date: Fri, 15 Oct 2010 08:02:55 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=XjiSAeJ6qiXG9mx2K7sOaJrsFswrJwkg7CA0z/nh9ITq1ejzc5OZ2L9oM76aoC9dSj 08Z9D7o3BHSA3iszA4ixQwZ1FbyS5Icdg6D8TNOT8OukT3PkaEafTv+ye/mz4zX4gm1e dD72g1qMyaQ+nkX3ze/JO/BDVkjU8cfvCJpPI=
It would be helpful if you could post complete configuration files
(minus any passwords), specifically :
ldappcng.xml
ldappc-resolver.xml
Does the member '91' of the group "aa:aa" exist in LDAP with the DN :
cn=91,ou=people,dc=informationDepartment,dc=wti.ac.cn
?
On Thu, Oct 14, 2010 at 8:48 PM, lucy
<>
wrote:
> Hi All,
>
> We are now trying to use Grouper for user group manager. Our current
> progress
> is that we had successfully use our own mysql database, and our own subject
> source.
>
> and now we want to use the LDAPPC-NG to export to groups data to a ldap
> service getting the following error:
>
> i type bin/gsh -ldappcng -bulkCalc
> getting the following imfornation
>
>
> <ldappc:bulkCalcResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> stat
> us='failure' requestID='2010/10/14-21:20:46.062_QPJX0190'>
> <ldappc:calcResponse status='success'
> requestID='2010/10/14-21:20:46.312_QPJX0197'>
> <ldappc:id ID='aa'/>
> <ldappc:pso entityName='stem'>
> <psoID ID='ou=aa,ou=stem,dc=informationDepartment,dc=wti.ac.cn'
> targetID='ldap'/>
> <data>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='objectCla ss'>
> <dsml:value>top</dsml:value>
> <dsml:value>organizationalUnit</dsml:value>
> </dsml:attr>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='ou'>
> <dsml:value>aa</dsml:value>
> </dsml:attr>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='description'>
> <dsml:value>aa</dsml:value>
> </dsml:attr>
> </data>
> </ldappc:pso>
> </ldappc:calcResponse>
> <ldappc:calcResponse status='success'
> requestID='2010/10/14-21:20:46.703_QPJX02AA'>
> <ldappc:id ID='etc'/>
> <ldappc:pso entityName='stem'>
> <psoID ID='ou=etc,ou=stem,dc=informationDepartment,dc=wti.ac.cn'
> targetID='ldap'/>
> <data>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='objectClass'>
> <dsml:value>top</dsml:value>
> <dsml:value>organizationalUnit</dsml:value>
> </dsml:attr>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='ou'>
> <dsml:value>etc</dsml:value>
> </dsml:attr>
> </data>
> </ldappc:pso>
> </ldappc:calcResponse>
> <ldappc:calcResponse status='success'
> requestID='2010/10/14-21:20:46.781_QPJX02AC'>
> <ldappc:id ID='aa:aa'/>
> <ldappc:pso entityName='group'>
> <psoID ID='cn=aa:aa,ou=groups,dc=informationDepartment,dc=wti.ac.cn'
> targetID='ldap'/>
> <data>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='objectClass'>
> <dsml:value>top</dsml:value>
> <dsml:value>groupOfNames</dsml:value>
> </dsml:attr>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='description'>
> <dsml:value>aa</dsml:value>
> </dsml:attr>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='hasMember'>
> <dsml:value>91</dsml:value>
> </dsml:attr>
> </data>
> <capabilityData mustUnderstand='true'
> capabilityURI='urn:oasis:names:tc:SP
> ML:2:0:reference'>
> <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0'
> xmlns:spmlref='ur
> n:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
> <spmlref:toPsoID targetID='ldap'/>
> </spmlref:reference>
> </capabilityData>
> </ldappc:pso>
> </ldappc:calcResponse>
> <ldappc:calcResponse status='success'
> requestID='2010/10/14-21:20:46.968_QPJX02AJ'>
> <ldappc:id ID='etc:wheel'/>
> <ldappc:pso entityName='group'>
> <psoID
> ID='cn=etc:wheel,ou=groups,dc=informationDepartment,dc=wti.ac.cn'
> targetID='ldap'/>
> <data>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='objectClass'>
> <dsml:value>top</dsml:value>
> <dsml:value>groupOfNames</dsml:value>
> </dsml:attr>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
> name='description'>
> <dsml:value>system administrators with all privileges</dsml:value>
> </dsml:attr>
> </data>
> <capabilityData mustUnderstand='true'
> capabilityURI='urn:oasis:names:tc:SP
> ML:2:0:reference'>
> <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0'
> xmlns:spmlref='ur
> n:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
> <spmlref:toPsoID targetID='ldap'/>
> </spmlref:reference>
> </capabilityData>
> </ldappc:pso>
> </ldappc:calcResponse>
> <ldappc:calcResponse status='failure'
> requestID='2010/10/14-21:20:47.015_QPJX02AL' error='noSuchIdentifier'>
> <errorMessage>Unable to calculate provisioned object.</errorMessage>
> <ldappc:id ID='91'/>
> </ldappc:calcResponse>
> </ldappc:bulkCalcResponse>
>
>
> From the imfornation it does show that i can get the stem and group object
> correctly, but something want with the membership. It is finding the
> correct
> members from the group membership list, but for some reason it is not able
> to
> make use of this user identifier. so it get the 'noSuchIdentifier' error,
> i
> check the ldappc-resolver.xml file and i 'm quite sure that i haven't
> make
> and change of the member setting.so i attch some setting below:
>
>
> ldappc.properties
>
> # Base DN for members
> peopleOU=ou=people,dc=informationDepartment,dc=wti.ac.cn
>
>
>
> ldappcng.xml
>
> <object id="member">
> <identifier ref="member-dn" baseId="${peopleOU}">
> <identifyingAttribute name="objectclass" value="person" />
> </identifier>
> <attribute name="objectClass" ref="member-objectclass" retainAll="true"
> />
> <attribute name="isMemberOf" ref="memberIsMemberOf" />
> </object>
>
>
>
> ldappc-resolver.xml
>
> <resolver:DataConnector id="MemberDataConnector"
> xsi:type="grouper:MemberDataConnector">
> <grouper:Attribute id="groups" />
> </resolver:DataConnector>
> <resolver:AttributeDefinition id="member-dn" xsi:type="ad:Simple"
> sourceAttributeID="psoID">
> <resolver:Dependency ref="SpmlDataConnector" />
> </resolver:AttributeDefinition>
>
> <resolver:DataConnector id="SpmlDataConnector" provider="ldap-provider"
> xsi:type="ldappc:SPMLDataConnector"
> scope="subTree" base="${peopleOU}" returnData="identifier">
> <resolver:Dependency ref="MemberDataConnector" />
> <ldappc:FilterTemplate>(cn=${id.get(0)})</ldappc:FilterTemplate>
> </resolver:DataConnector>
>
>
> actually, we don't know what's wrong exactly, Could anyone point us in the
> right direction for where the problem may be occurring?
> We are using version 1.6.1.
>
- [grouper-users] LDAPPCNG——noSuchIdentif ier error, lucy, 10/14/2010
- Re: [grouper-users] LDAPPCNG——noSuchIdentifi er error, Tom Zeller, 10/15/2010
- Re: [grouper-users] LDAPPCNG——noSuchIdentifi er error, Paul Poputa-Clean, 10/15/2010
Archive powered by MHonArc 2.6.16.