grouper-users - Re: [grouper-users] OpenLDAP provision- invalid name
Subject: Grouper Users - Open Discussion List
List archive
- From: Mark Cairney <>
- To: Tom Zeller <>
- Cc:
- Subject: Re: [grouper-users] OpenLDAP provision- invalid name
- Date: Tue, 10 May 2011 11:13:38 +0100
Hi Tom,
Thanks for this- it has indeed fixed the problem and the initial provisioning
has now finished successfully!
Do you know if this setting has any detrimental effects such as a performance
hit?
As an aside we are now provisioning multiple stems. If you only wanted to
sync a particular stem or set of stems is the best approach simply to point
gsh.sh at a separate config file?
Kind regards,
Mark
On 9 May 2011, at 21:12, Tom Zeller wrote:
> Do you have the "QuotedDnResultHandler" enabled in ldappc.properties ?
>
> Its sole job is to remove quotes from DNs so LdapName can parse them.
>
> # The QuotedDnResultHandler removes quotes from DNs of the form
> "CN=quoted/name",DC=edu.
> # The FqdnSearchResultHandler makes sure that all ldap dns are fully
> qualified.
> edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler
>
> TomZ
>
> On Mon, May 9, 2011 at 9:47 AM, Mark Cairney
> <>
> wrote:
>> Hi,
>>
>> I was wondering if anyone could shed any light on why a particular group
>> appears to be getting a malformed cn during the provision to grouper.
>> We're using Grouper 1.5.3 so we're using ldappc (not ldappc-ng)
>>
>> javax.naming.InvalidNameException: Invalid name:
>> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>>
>> The obvious issue is (I think) the location of the quotes but as we've
>> already processed over 14,000 groups including some with backslashes in
>> them I don't think this is causing the problem? I've included more of the
>> error_log below:
>>
>>
>> 2011-05-09 15:40:37,088: [main] DEBUG Ldappc.buildGroupSet(539) -
>> provisioning 14741 groups
>> 2011-05-09 15:40:37,101: [main] DEBUG GroupEntrySynchronizer.<init>(160) -
>> Group initial cache size = 100000
>> 2011-05-09 15:40:37,133: [main] DEBUG
>> GroupEntrySynchronizer.clearRoot(1361) - search base
>> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter
>> '(!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))'
>> 2011-05-09 15:40:37,140: [main] DEBUG AbstractLdap.search(215) - Search
>> with the following parameters:
>> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(216) - dn =
>> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(217) - filter
>> = (!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))
>> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(218) -
>> filterArgs = []
>> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(221) -
>> searchControls =
>> javax.naming.directory.SearchControls@726ef8
>> 2011-05-09 15:40:37,143: [main] DEBUG AbstractLdap.search(222) - handler
>> =
>> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
>> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1211) - Bind with
>> the following parameters:
>> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1212) - dn =
>> cn=Manager,dc=authorise,dc=ed,dc=ac,dc=uk
>> 2011-05-09 15:40:37,145: [main] DEBUG AbstractLdap.bind(1219) -
>> credential = <suppressed>
>> 2011-05-09 15:40:38,830: [main] DEBUG
>> GroupEntrySynchronizer.populateDns(1477) - search base
>> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter
>> '(objectClass=groupOfNames)'
>> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(215) - Search
>> with the following parameters:
>> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(216) - dn =
>> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(217) - filter
>> = (objectClass=groupOfNames)
>> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(218) -
>> filterArgs = []
>> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(221) -
>> searchControls =
>> javax.naming.directory.SearchControls@15426ec
>> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(222) - handler
>> =
>> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
>> 2011-05-09 15:40:40,351: [main] ERROR Ldappc.run(282) - Grouper Provision
>> Failed
>> javax.naming.InvalidNameException: Invalid name:
>> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>> at
>> javax.naming.ldap.Rfc2253Parser.parseAttrType(Rfc2253Parser.java:130)
>> at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:83)
>> at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
>> at javax.naming.ldap.LdapName.parse(LdapName.java:772)
>> at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
>> at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populateDns(GroupEntrySynchronizer.java:1499)
>> at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populate(GroupEntrySynchronizer.java:1445)
>> at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.initialize(GroupEntrySynchronizer.java:1325)
>> at
>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.synchronize(GroupEntrySynchronizer.java:354)
>> at
>> edu.internet2.middleware.ldappc.Ldappc.provisionGroups(Ldappc.java:562)
>> at edu.internet2.middleware.ldappc.Ldappc.provision(Ldappc.java:375)
>> at edu.internet2.middleware.ldappc.Ldappc.run(Ldappc.java:252)
>> at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:207)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:176)
>> at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:116)
>> at
>> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
>> 2011-05-09 15:40:40,353: [main] DEBUG Ldappc.run(286) - closing connection
>> to ldap 'ldaps://alder.authorise.is.ed.ac.uk:636'
>>
>> /*********************************
>> Mark Cairney
>> ITI UNIX Section
>> Information Services
>> University of Edinburgh
>>
>> Tel: 0131 650 6565
>> Email:
>>
>>
>> *********************************/
>>
>>
>> --
>> The University of Edinburgh is a charitable body, registered in
>> Scotland, with registration number SC005336.
>>
>>
>
/*********************************
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email:
*********************************/
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
- [grouper-users] OpenLDAP provision- invalid name, Mark Cairney, 05/09/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Tom Zeller, 05/09/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Mark Cairney, 05/10/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Tom Zeller, 05/10/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Mark Cairney, 05/10/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Tom Zeller, 05/09/2011
Archive powered by MHonArc 2.6.16.