Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] sources confusion

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] sources confusion


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Baron Fujimoto <>, "" <>
  • Subject: RE: [grouper-users] sources confusion
  • Date: Thu, 24 Feb 2011 21:11:51 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

First, I will say I haven't done subject sources with ldap... but let me
*try* to help :)

There are three ways to search for a subject:

By id
By identifier
By search string (returns list)

The ID is usually the attribute of the user which doesn't change (probably
opaque). At Penn, this is the penn_id which is e.g. 12345678

An identifier (could be multiple) is what you can lookup a subject by. At
penn, this is the pennkey, or e.g. mchyzer

So... this part is the subject id:

<init-param>
<param-name>SubjectID_AttributeType</param-name>
<param-value>uid</param-value>
</init-param>

Is uid something about the user which doesn't change?

This should match (I think):

FROM:
<search>
<searchType>searchSubject</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (cn=%TERM%) (objectclass=uhEduPerson))
</param-value>
</param>

TO:
<search>
<searchType>searchSubject</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (uid=%TERM%) (objectclass=uhEduPerson))
</param-value>
</param>

Then the search by identifier can be the other:

FROM:
<search>
<searchType>searchSubjectByIdentifier</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (uid=%TERM%) (objectclass=uhEduPerson))
</param-value>
</param>

TO:
<search>
<searchType>searchSubjectByIdentifier</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (cn=%TERM%) (objectclass=uhEduPerson))
</param-value>
</param>

Right? Anyone else chime in :)

You can test this command line:

[appadmin@lorenzo
bin]$ ./gsh.sh
Type help() for instructions
gsh 0% grouperSession = GrouperSession.startRootSession();
edu.internet2.middleware.grouper.GrouperSession:
993610149d3b4cfc8ff2cdd89cd126cc,'GrouperSystem','application'
gsh 1% SubjectFinder.findById("10021368");
subject: id='10021368' type='person' source='pennperson' name='Michael
Christopher Hyzer'
gsh 2% SubjectFinder.findByIdentifier("mchyzer");
subject: id='10021368' type='person' source='pennperson' name='Michael
Christopher Hyzer'
gsh 4% SubjectFinder.findAll("Chris Hyzer");
subject: id='10021368' type='person' source='pennperson' name='Michael
Christopher Hyzer'
gsh 5% SubjectFinder.findAll("Chris Hyzer").iterator().next().getId();
10021368
gsh 6%

Note, the ID of the result must match what you findById()...

Thanks,
Chris

-----Original Message-----
From:


[mailto:]
On Behalf Of Baron Fujimoto
Sent: Thursday, February 24, 2011 4:08 PM
To:

Subject: [grouper-users] sources confusion

Hello,

After numerous trials and tribulations, I've managed to finally stand up
a non-quickstart version of grouper/grouper-ui that I can interact with.

I'm still running into problems though and am perhaps confused about some
fundamental questions I haven't been able to find answers to in the
Grouper Wiki.

I suppose my current primary question is, how do you seed grouper with
basic person-type entities? I assumed, based on what I could glean from
the documentation, that could be done by connecting to a subject source
in the sources.xml conf file[1]. I managed to get our instance of grouper
to talk to our LDAP continaing our users, and if I, say, search for
myself, in the Grouper UI, it returns a result displayed as the value of
the LDAP cn attribute. However, if I click on that result, I receive the
following error messages:

Error: Subject [baron] is unresolvable i.e. unavailable from the registered
source [LDAP example].

There was an unexpected error retrieving the requested entity as a member.
The error has been logged and the administrator notified.

In the grouper_error.log file I see

2011-02-24 10:52:38,840: [http-172.16.4.137-8443-4] ERROR
PopulateSubjectSummaryAction.grouperExecute(351) - < GrouperSystem
CB6B4125EB93662BF9BCEBA59AF94347-0009 1fde40e57a094fd2add86e96ffda0cab
GrouperSystem g:isa > -
edu.internet2.middleware.subject.SubjectNotFoundException: No results:
searchSubject filter:(& (cn=%TERM%) (objectclass=uhEduPerson)) searchValue:
baron
2011-02-24 10:52:38,842: [http-172.16.4.137-8443-4] ERROR
PopulateSubjectSummaryAction.grouperExecute(418) - < GrouperSystem
CB6B4125EB93662BF9BCEBA59AF94347-0009 1fde40e57a094fd2add86e96ffda0cab
GrouperSystem g:isa > -
edu.internet2.middleware.grouper.exception.MemberNotFoundException:
Unresolvable subject is also not a Member

Any assistance or pointers to the appropriate documentation would be
greatly appreciated. It's possible I'm completely on the wrong track
here, which would also be good to know.

[1] excerpt of my source.xml file for connecting to our LDAP:

<source
adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
<id>LDAP example</id>
<name>UH LDAP</name>
<type>person</type>
<init-param>
<param-name>INITIAL_CONTEXT_FACTORY</param-name>
<param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
</init-param>
<init-param>
<param-name>PROVIDER_URL</param-name>
<param-value>ldaps://ourLDAPhost:636</param-value>
</init-param>
<init-param>
<param-name>SECURITY_AUTHENTICATION</param-name>
<param-value>simple</param-value>
</init-param>
<init-param>
<param-name>SECURITY_PRINCIPAL</param-name>
<param-value>cn=ourPrincipal,dc=hawaii,dc=edu</param-value>
</init-param>
<init-param>
<param-name>SECURITY_CREDENTIALS</param-name>
<param-value>**********</param-value>
</init-param>
<init-param>
<param-name>SubjectID_AttributeType</param-name>
<param-value>uid</param-value>
</init-param>
<init-param>
<param-name>Name_AttributeType</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>Description_AttributeType</param-name>
<param-value>cn</param-value>
</init-param>

/// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
/// For filter use

<search>
<searchType>searchSubject</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (cn=%TERM%) (objectclass=uhEduPerson))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=hawaii,dc=edu
</param-value>
</param>

</search>
<search>
<searchType>searchSubjectByIdentifier</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (uid=%TERM%) (objectclass=uhEduPerson))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=hawaii,dc=edu
</param-value>
</param>
</search>
<search>
<searchType>search</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (|(uid=%TERM%)(cn=%TERM%)) (objectclass=uhEduPerson))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=hawaii,dc=edu
</param-value>
</param>

</search>

///Attributes you would like to display when doing a search
<attribute>uid</attribute>
<attribute>cn</attribute>

</source>



Archive powered by MHonArc 2.6.16.

Top of Page