grouper-users - Re: [grouper-users] Ldappcng and privileges provisionning
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Arnaud Deman <>
- Cc:
- Subject: Re: [grouper-users] Ldappcng and privileges provisionning
- Date: Wed, 26 Jan 2011 16:10:10 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=cEIeNcbnegqV5MR6VYSHK+4AhxsIG8FbZYXWnE2nFRWXuXfx2OqYRvyBbZ27nRCAod aQZyt/TAoeMQvQs4fATRABpZWfMSQsnw2ldW5V7YV66clgEZu324T8j+om2MuU8oylB5 lslNMujDwCul/SmwWTI8T/lnH5zcDd9mCyfjM=
I have fixed this SubjectAttributeDefinition bug in the 1.6 branch,
built new jars, and attached them to the jira issue :
https://bugs.internet2.edu/jira/browse/GRP-546
Try replacing grouper-shib-1.6.x.jar with
grouper-shib-1.6-subjectfix.jar and let me know.
TomZ
On Wed, Jan 26, 2011 at 12:59 PM, Tom Zeller
<>
wrote:
> Ugh, a bug. The NPE occurs on
>
> attribute.getValues().addAll(subject.getAttributeValues(attr.getId()));
>
> where subject.getAttributeValues("name") returns null.
>
> If you replace id="name" in :
>
> <resolver:AttributeDefinition id="hasMember" xsi:type="grouper:Subject"
> sourceAttributeID="viewers">
> <resolver:Dependency ref="GroupDataConnector" />
> <grouper:Attribute id="name" source="ESUP_ldap" />
> </resolver:AttributeDefinition>
>
> with anything besides "id", "name", or "description" you shouldn't
> receive an exception.
>
> I can fix this in the branch that will become 1.6.4 and send you a
> patched jar - what do you think ?
>
> TomZ
>
> P.S. May I lament how subject.getName() and
> subject.getAttributeValues("name") should return the same thing ?
>
> On Wed, Jan 26, 2011 at 9:42 AM, Arnaud Deman
> <>
> wrote:
>> Hi,
>>
>> I am trying to see how to provision the privileges with ldappcng and I
>> have some difficulties to find the good configuration.
>> For my test I am trying to publish the viewers of a group into the ldap
>> attribute hasMember.
>>
>> The configuration of group data connector is :
>>
>> <resolver:DataConnector id="GroupDataConnector"
>> xsi:type="grouper:GroupDataConnector">
>> <grouper:Attribute id="members" />
>> <grouper:Attribute id="groups" />
>> <grouper:Attribute id="viewers" />
>> </resolver:DataConnector>
>>
>>
>> And the attribute definition is :
>>
>> <resolver:AttributeDefinition id="hasMember" xsi:type="grouper:Subject"
>> sourceAttributeID="viewers">
>> <resolver:Dependency ref="GroupDataConnector" />
>> <grouper:Attribute id="name" source="ESUP_ldap" />
>> </resolver:AttributeDefinition>
>>
>> When I try to calculate the provisioning I have this error:
>> $ bin/gsh.sh -ldappcng -calc esup:ldappcng
>>
>> <response xmlns='urn:oasis:names:tc:SPML:2:0'
>> status='failure'requestID='2011/01/26-15:23:26.387_QTOL2C68'
>> error='unsupportedOperation'/>
>>
>>
>> And in Grouper's error log :
>>
>> java.lang.reflect.InvocationTargetException
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute(BaseSpmlProvider.java:79)
>> at edu.internet2.middleware.ldappc.spml.PSPCLI.run(PSPCLI.java:145)
>> at edu.internet2.middleware.ldappc.spml.PSPCLI.main(PSPCLI.java:77)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:188)
>> at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:128)
>> at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
>> Caused by: java.lang.NullPointerException
>> at java.util.ArrayList.addAll(ArrayList.java:472)
>> at
>> edu.internet2.middleware.grouper.shibboleth.attributeDefinition.SubjectAttributeDefinition.doResolve(SubjectAttributeDefinition.java:73)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.BaseAttributeDefinition.resolve(BaseAttributeDefinition.java:107)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.BaseAttributeDefinition.resolve(BaseAttributeDefinition.java:38)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ContextualAttributeDefinition.resolve(ContextualAttributeDefinition.java:92)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ContextualAttributeDefinition.resolve(ContextualAttributeDefinition.java:32)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttribute(ShibbolethAttributeResolver.java:306)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttributes(ShibbolethAttributeResolver.java:257)
>> at
>> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttributes(ShibbolethAttributeResolver.java:130)
>> at
>> edu.internet2.middleware.grouper.shibboleth.attribute.SimpleAttributeAuthority.getAttributes(SimpleAttributeAuthority.java:93)
>> at
>> edu.internet2.middleware.grouper.shibboleth.attribute.SimpleAttributeAuthority.getAttributes(SimpleAttributeAuthority.java:36)
>> at
>> edu.internet2.middleware.ldappc.spml.PSP.getProvisioningContext(PSP.java:798)
>> at edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:174)
>>
>>
>> What I have missed ?
>>
>> Thanks!
>> Arnaud.
>>
>>
>>
>> --
>> Arnaud Deman
>> 04 91 28 85 25
>> DSI - Université Paul Cézanne Aix-Marseille III
>> Avenue Escadrille Normandie-Niemen
>> 13397 MARSEILLE CEDEX 20
>>
>>
>
- [grouper-users] Ldappcng and privileges provisionning, Arnaud Deman, 01/26/2011
- Re: [grouper-users] Ldappcng and privileges provisionning, Tom Zeller, 01/26/2011
- Re: [grouper-users] Ldappcng and privileges provisionning, Tom Zeller, 01/26/2011
- Re: [grouper-users] Ldappcng and privileges provisionning, Arnaud Deman, 01/27/2011
- Re: [grouper-users] Ldappcng and privileges provisionning, Tom Zeller, 01/26/2011
- Re: [grouper-users] Ldappcng and privileges provisionning, Tom Zeller, 01/26/2011
Archive powered by MHonArc 2.6.16.