Grouper Users - Open Discussion List

[Tom Zeller <>]

Do you have the "QuotedDnResultHandler" enabled in ldappc.properties ?

Its sole job is to remove quotes from DNs so LdapName can parse them.

# The QuotedDnResultHandler removes quotes from DNs of the form
"CN=quoted/name",DC=edu.
# The FqdnSearchResultHandler makes sure that all ldap dns are fully 
qualified.
edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler

TomZ

On Mon, May 9, 2011 at 9:47 AM, Mark Cairney 
<>
 wrote:
> Hi,
>
> I was wondering if anyone could shed any light on why a particular group 
> appears to be getting a malformed cn during the provision to grouper. We're 
> using Grouper 1.5.3  so we're using ldappc (not ldappc-ng)
>
> javax.naming.InvalidNameException: Invalid name: 
> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>
> The obvious issue is (I think) the location of the quotes but as we've 
> already processed over 14,000 groups including some with backslashes in 
> them I don't think this is causing the problem? I've included more of the 
> error_log below:
>
>
> 2011-05-09 15:40:37,088: [main] DEBUG Ldappc.buildGroupSet(539) - 
> provisioning 14741 groups
> 2011-05-09 15:40:37,101: [main] DEBUG GroupEntrySynchronizer.<init>(160) - 
> Group initial cache size = 100000
> 2011-05-09 15:40:37,133: [main] DEBUG 
> GroupEntrySynchronizer.clearRoot(1361) - search base 
> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter 
> '(!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))'
> 2011-05-09 15:40:37,140: [main] DEBUG AbstractLdap.search(215) - Search 
> with the following parameters:
> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(216) -   dn = 
> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(217) -   filter = 
> (!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))
> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(218) -   
> filterArgs = []
> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(221) -   
> searchControls = 
> javax.naming.directory.SearchControls@726ef8
> 2011-05-09 15:40:37,143: [main] DEBUG AbstractLdap.search(222) -   handler 
> = 
> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1211) - Bind with 
> the following parameters:
> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1212) -   dn = 
> cn=Manager,dc=authorise,dc=ed,dc=ac,dc=uk
> 2011-05-09 15:40:37,145: [main] DEBUG AbstractLdap.bind(1219) -   
> credential = <suppressed>
> 2011-05-09 15:40:38,830: [main] DEBUG 
> GroupEntrySynchronizer.populateDns(1477) - search base 
> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter 
> '(objectClass=groupOfNames)'
> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(215) - Search 
> with the following parameters:
> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(216) -   dn = 
> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(217) -   filter = 
> (objectClass=groupOfNames)
> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(218) -   
> filterArgs = []
> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(221) -   
> searchControls = 
> javax.naming.directory.SearchControls@15426ec
> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(222) -   handler 
> = 
> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
> 2011-05-09 15:40:40,351: [main] ERROR Ldappc.run(282) - Grouper Provision 
> Failed
> javax.naming.InvalidNameException: Invalid name: 
> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>        at 
> javax.naming.ldap.Rfc2253Parser.parseAttrType(Rfc2253Parser.java:130)
>        at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:83)
>        at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
>        at javax.naming.ldap.LdapName.parse(LdapName.java:772)
>        at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populateDns(GroupEntrySynchronizer.java:1499)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populate(GroupEntrySynchronizer.java:1445)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.initialize(GroupEntrySynchronizer.java:1325)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.synchronize(GroupEntrySynchronizer.java:354)
>        at 
> edu.internet2.middleware.ldappc.Ldappc.provisionGroups(Ldappc.java:562)
>        at edu.internet2.middleware.ldappc.Ldappc.provision(Ldappc.java:375)
>        at edu.internet2.middleware.ldappc.Ldappc.run(Ldappc.java:252)
>        at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:207)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at 
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:176)
>        at 
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:116)
>        at 
> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
> 2011-05-09 15:40:40,353: [main] DEBUG Ldappc.run(286) - closing connection 
> to ldap 'ldaps://alder.authorise.is.ed.ac.uk:636'
>
> /*********************************
> Mark Cairney
> ITI UNIX Section
> Information Services
> University of Edinburgh
>
> Tel: 0131 650 6565
> Email: 
> 
>
> *********************************/
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>