grouper-users - Re: [grouper-users] OpenLDAP provision- invalid name
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: Mark Cairney <>
- Cc:
- Subject: Re: [grouper-users] OpenLDAP provision- invalid name
- Date: Tue, 10 May 2011 07:52:31 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=l6MrLoKOdHxyWKTMn81+7pRzBPhLLTDUTcH752nNQAqGHJRCtUau+SPS4BrFS3reg0 v8eUnrPU/HllPyVPCqcaYEJ+dQ/Ix+lccSzByifbdRkGliVKtHj20ulv/YEmDT9gp5EH SBuBhIcIp4HSMYQsxx/4frQPpyTch8VwO1xHs=
> Do you know if this setting has any detrimental effects such as a
> performance hit?
The performance impact should be slight, a pre-compiled regular
expression pattern match is performed for every dn, which should be
fast enough.
> As an aside we are now provisioning multiple stems. If you only wanted to
> sync a particular stem or set of stems is the best approach simply to point
> gsh.sh at a separate config file?
If you use more than one ldappc config file, make sure each
configuration has an "orthogonal" root-dn
<groups root-dn="ou=groups,..." />
otherwise you may clobber yourself.
If all of your groups need to be under the same ldap ou, you might try
and select them using an attribute.
TomZ
> Kind regards,
>
> Mark
>
> On 9 May 2011, at 21:12, Tom Zeller wrote:
>
>> Do you have the "QuotedDnResultHandler" enabled in ldappc.properties ?
>>
>> Its sole job is to remove quotes from DNs so LdapName can parse them.
>>
>> # The QuotedDnResultHandler removes quotes from DNs of the form
>> "CN=quoted/name",DC=edu.
>> # The FqdnSearchResultHandler makes sure that all ldap dns are fully
>> qualified.
>> edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler
>>
>> TomZ
>>
>> On Mon, May 9, 2011 at 9:47 AM, Mark Cairney
>> <>
>> wrote:
>>> Hi,
>>>
>>> I was wondering if anyone could shed any light on why a particular group
>>> appears to be getting a malformed cn during the provision to grouper.
>>> We're using Grouper 1.5.3 so we're using ldappc (not ldappc-ng)
>>>
>>> javax.naming.InvalidNameException: Invalid name:
>>> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>>>
>>> The obvious issue is (I think) the location of the quotes but as we've
>>> already processed over 14,000 groups including some with backslashes in
>>> them I don't think this is causing the problem? I've included more of the
>>> error_log below:
>>>
>>>
>>> 2011-05-09 15:40:37,088: [main] DEBUG Ldappc.buildGroupSet(539) -
>>> provisioning 14741 groups
>>> 2011-05-09 15:40:37,101: [main] DEBUG GroupEntrySynchronizer.<init>(160)
>>> - Group initial cache size = 100000
>>> 2011-05-09 15:40:37,133: [main] DEBUG
>>> GroupEntrySynchronizer.clearRoot(1361) - search base
>>> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter
>>> '(!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))'
>>> 2011-05-09 15:40:37,140: [main] DEBUG AbstractLdap.search(215) - Search
>>> with the following parameters:
>>> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(216) - dn =
>>> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>>> 2011-05-09 15:40:37,141: [main] DEBUG AbstractLdap.search(217) - filter
>>> = (!(|(objectClass=groupOfNames)(objectClass=organizationalUnit)))
>>> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(218) -
>>> filterArgs = []
>>> 2011-05-09 15:40:37,142: [main] DEBUG AbstractLdap.search(221) -
>>> searchControls =
>>> javax.naming.directory.SearchControls@726ef8
>>> 2011-05-09 15:40:37,143: [main] DEBUG AbstractLdap.search(222) -
>>> handler =
>>> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
>>> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1211) - Bind with
>>> the following parameters:
>>> 2011-05-09 15:40:37,144: [main] DEBUG AbstractLdap.bind(1212) - dn =
>>> cn=Manager,dc=authorise,dc=ed,dc=ac,dc=uk
>>> 2011-05-09 15:40:37,145: [main] DEBUG AbstractLdap.bind(1219) -
>>> credential = <suppressed>
>>> 2011-05-09 15:40:38,830: [main] DEBUG
>>> GroupEntrySynchronizer.populateDns(1477) - search base
>>> 'ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk' filter
>>> '(objectClass=groupOfNames)'
>>> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(215) - Search
>>> with the following parameters:
>>> 2011-05-09 15:40:38,831: [main] DEBUG AbstractLdap.search(216) - dn =
>>> ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>>> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(217) - filter
>>> = (objectClass=groupOfNames)
>>> 2011-05-09 15:40:38,832: [main] DEBUG AbstractLdap.search(218) -
>>> filterArgs = []
>>> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(221) -
>>> searchControls =
>>> javax.naming.directory.SearchControls@15426ec
>>> 2011-05-09 15:40:38,833: [main] DEBUG AbstractLdap.search(222) -
>>> handler =
>>> [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@b69c85]
>>> 2011-05-09 15:40:40,351: [main] ERROR Ldappc.run(282) - Grouper Provision
>>> Failed
>>> javax.naming.InvalidNameException: Invalid name:
>>> "cn=REST10023_SV1_2009/0_SEM1,ou=2009/2010,ou=courses",ou=grouper,dc=authorise,dc=ed,dc=ac,dc=uk
>>> at
>>> javax.naming.ldap.Rfc2253Parser.parseAttrType(Rfc2253Parser.java:130)
>>> at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:83)
>>> at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
>>> at javax.naming.ldap.LdapName.parse(LdapName.java:772)
>>> at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
>>> at
>>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populateDns(GroupEntrySynchronizer.java:1499)
>>> at
>>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.populate(GroupEntrySynchronizer.java:1445)
>>> at
>>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.initialize(GroupEntrySynchronizer.java:1325)
>>> at
>>> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.synchronize(GroupEntrySynchronizer.java:354)
>>> at
>>> edu.internet2.middleware.ldappc.Ldappc.provisionGroups(Ldappc.java:562)
>>> at
>>> edu.internet2.middleware.ldappc.Ldappc.provision(Ldappc.java:375)
>>> at edu.internet2.middleware.ldappc.Ldappc.run(Ldappc.java:252)
>>> at edu.internet2.middleware.ldappc.Ldappc.main(Ldappc.java:207)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at
>>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:176)
>>> at
>>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:116)
>>> at
>>> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
>>> 2011-05-09 15:40:40,353: [main] DEBUG Ldappc.run(286) - closing
>>> connection to ldap 'ldaps://alder.authorise.is.ed.ac.uk:636'
>>>
>>> /*********************************
>>> Mark Cairney
>>> ITI UNIX Section
>>> Information Services
>>> University of Edinburgh
>>>
>>> Tel: 0131 650 6565
>>> Email:
>>>
>>>
>>> *********************************/
>>>
>>>
>>> --
>>> The University of Edinburgh is a charitable body, registered in
>>> Scotland, with registration number SC005336.
>>>
>>>
>>
>
> /*********************************
> Mark Cairney
> ITI UNIX Section
> Information Services
> University of Edinburgh
>
> Tel: 0131 650 6565
> Email:
>
>
> *********************************/
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>
- [grouper-users] OpenLDAP provision- invalid name, Mark Cairney, 05/09/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Tom Zeller, 05/09/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Mark Cairney, 05/10/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Tom Zeller, 05/10/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Mark Cairney, 05/10/2011
- Re: [grouper-users] OpenLDAP provision- invalid name, Tom Zeller, 05/09/2011
Archive powered by MHonArc 2.6.16.