Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] OpenLDAP provision- invalid name

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] OpenLDAP provision- invalid name


Chronological Thread 
  • From: Tom Zeller <>
  • To: Mark Cairney <>
  • Cc:
  • Subject: Re: [grouper-users] OpenLDAP provision- invalid name
  • Date: Mon, 9 May 2011 15:12:56 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=BxTZkfYVjj1hKIWE0kIcPUxD1dEB2bvRlaLR5BdvNE1jAhz9YJ6X5Z7NyFE2MBroZC qme3/p5KwVPkR2esiFKdcEQACi4UKvmo95MJXBLAo2CvCj/HtriZSgz+D3FImIljClUu zwFGPhcIx68Jf82oRaIBGcOzvT/ncZmZneTXE=

Do you have the "QuotedDnResultHandler" enabled in ldappc.properties ?

Its sole job is to remove quotes from DNs so LdapName can parse them.

# The QuotedDnResultHandler removes quotes from DNs of the form
"CN=quoted/name",DC=edu.
# The FqdnSearchResultHandler makes sure that all ldap dns are fully
qualified.
edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler

TomZ

On Mon, May 9, 2011 at 9:47 AM, Mark Cairney
<>
wrote:
> Hi,
>
> I was wondering if anyone could shed any light on why a particular group
> appears to be getting a malformed cn during the provision to grouper. We're
> using Grouper 1.5.3  so we're using ldappc (not ldappc-ng)
>
> javax.naming.InvalidNameException: Invalid name:
> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>
> The obvious issue is (I think) the location of the quotes but as we've
> already processed over 14,000 groups including some with backslashes in
> them I don't think this is causing the problem? I've included more of the
> error_log below:
>
>
> 2011-05-09 15:40:37,088: [main] DEBUG Ldappc.buildGroupSet(539) -
> provisioning 14741 groups
> 2011-05-09 15:40:37,101: [main] DEBUG GroupEntrySynchronizer.<init>(160) -
> Group initial cache size = 100000
> 2011-05-09 15:40:37,133: [main] DEBUG
> GroupEntrySynchronizer.clearRoot(1361) - search base
> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter
> '(!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))'
> 2011-05-09 15:40:37,140: [main] DEBUG AbstractLdap.search(215) - Search
> with the following parameters:
> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(216) -   dn =
> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(217) -   filter =
> (!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))
> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(218) -  
> filterArgs = []
> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(221) -  
> searchControls =
> javax.naming.directory.SearchControls@726ef8
> 2011-05-09 15:40:37,143: [main] DEBUG AbstractLdap.search(222) -   handler
> =
> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1211) - Bind with
> the following parameters:
> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1212) -   dn =
> cn=Manager,dc=authorise,dc=ed,dc=ac,dc=uk
> 2011-05-09 15:40:37,145: [main] DEBUG AbstractLdap.bind(1219) -  
> credential = <suppressed>
> 2011-05-09 15:40:38,830: [main] DEBUG
> GroupEntrySynchronizer.populateDns(1477) - search base
> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter
> '(objectClass=groupOfNames)'
> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(215) - Search
> with the following parameters:
> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(216) -   dn =
> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(217) -   filter =
> (objectClass=groupOfNames)
> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(218) -  
> filterArgs = []
> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(221) -  
> searchControls =
> javax.naming.directory.SearchControls@15426ec
> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(222) -   handler
> =
> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
> 2011-05-09 15:40:40,351: [main] ERROR Ldappc.run(282) - Grouper Provision
> Failed
> javax.naming.InvalidNameException: Invalid name:
> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>        at
> javax.naming.ldap.Rfc2253Parser.parseAttrType(Rfc2253Parser.java:130)
>        at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:83)
>        at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
>        at javax.naming.ldap.LdapName.parse(LdapName.java:772)
>        at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populateDns(GroupEntrySynchronizer.java:1499)
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populate(GroupEntrySynchronizer.java:1445)
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.initialize(GroupEntrySynchronizer.java:1325)
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.synchronize(GroupEntrySynchronizer.java:354)
>        at
> edu.internet2.middleware.ldappc.Ldappc.provisionGroups(Ldappc.java:562)
>        at edu.internet2.middleware.ldappc.Ldappc.provision(Ldappc.java:375)
>        at edu.internet2.middleware.ldappc.Ldappc.run(Ldappc.java:252)
>        at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:207)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:176)
>        at
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:116)
>        at
> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
> 2011-05-09 15:40:40,353: [main] DEBUG Ldappc.run(286) - closing connection
> to ldap 'ldaps://alder.authorise.is.ed.ac.uk:636'
>
> /*********************************
> Mark Cairney
> ITI UNIX Section
> Information Services
> University of Edinburgh
>
> Tel: 0131 650 6565
> Email:
>
>
> *********************************/
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>



Archive powered by MHonArc 2.6.16.

Top of Page