grouper-users - [grouper-users] ldappcng de-provisioning of stems
Subject: Grouper Users - Open Discussion List
List archive
- From: Scott Koranda <>
- To: "" <>
- Subject: [grouper-users] ldappcng de-provisioning of stems
- Date: Fri, 8 Apr 2011 13:13:15 -0500
Hi,
In Grouper I deleted a stem and waited a full ldappc-ng
synchronization cycle and did not see the stem de-provisioned
from LDAP.
So I edited ldappcng.xml and added the 'authoritative="true"'
attribute to the <object id="stem"> element. I then ran
another full synchronization and the stem was de-provisioned.
I did, however, see this in the log file:
2011-04-08 12:56:48,572: [Timer-2] ERROR LdapTargetProvider.execute(341) - -
DeleteResponse[status=failure,error=customError,errorMessages={[LDAP:
error code 66 - subordinate objects must be deleted
first]},requestID=2011/04/08-12:56:48.533_QWJN5A99]
and this in the stdout/stderr:
<ldappc:syncResponse>
<deleteResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
requestID='2011/04/08-12:56:48.533_QWJN5A99' error='customError'>
<errorMessage>[LDAP: error code 66 - subordinate objects must be
deleted first]</errorMessage>
</deleteResponse>
<ldappc:id ID='ou=grouper,dc=ligo,dc=org'/>
</ldappc:syncResponse>
So it appears that ldappc-ng is attempting to delete the DN
ou=grouper,dc=ligo,dc=org
That is the DN where all of the Grouper groups and stems as
provisioned into LDAP are rooted. For example, the Grouper
group
Communities:LSCVirgoLIGOGroupMembers
is provisioned (as I want) as
cn=LSCVirgoLIGOGroupMembers,ou=Communities,ou=grouper,dc=ligo,dc=org
In ldappcng.xml my stem provisioning configuration looks like
this:
<object id="stem" authoritative="true">
<identifier ref="stem-dn" baseId="groupsOU}">
<identifyingAttribute name="objectclass" value="organizationalUnit" />
</identifier>
<attribute name="objectClass" ref="stem-objectclass" />
<attribute name="ou" ref="stem-ou" />
<attribute name="description" ref="stem-description" />
</object>
and in ldappc.properties I have
$ grep groupsOU conf/ldappc.properties
groupsOU=ou=grouper,dc=ligo,dc=org
In ldappc-resolver.xml I have
<resolver:DataConnector id="StemDataConnector"
xsi:type="grouper:StemDataConnector">
<grouper:GroupFilter xsi:type="grouper:StemName" name="Communities"
scope="SUB" />
</resolver:DataConnector>
How can I get ldappc-ng to not want to de-provision
ou=grouper,dc=ligo,dc=org ?
Thanks,
Scott
- [grouper-users] ldappcng de-provisioning of stems, Scott Koranda, 04/08/2011
- Re: [grouper-users] ldappcng de-provisioning of stems, Tom Zeller, 04/08/2011
- Re: [grouper-users] ldappcng de-provisioning of stems, Scott Koranda, 04/08/2011
- Re: [grouper-users] ldappcng de-provisioning of stems, Tom Zeller, 04/08/2011
- Re: [grouper-users] ldappcng de-provisioning of stems, Scott Koranda, 04/08/2011
- Re: [grouper-users] ldappcng de-provisioning of stems, Tom Zeller, 04/08/2011
Archive powered by MHonArc 2.6.16.