grouper-users - Re: [grouper-users] LDAPPCNG and different LDAP for people and groups
Subject: Grouper Users - Open Discussion List
List archive
- From: Arnaud Deman <>
- To: Tom Zeller <>
- Cc:
- Subject: Re: [grouper-users] LDAPPCNG and different LDAP for people and groups
- Date: Tue, 6 Sep 2011 10:18:11 +0200
Hello Tom,
Thanks for your answer and sorry for being so long to respond.
I tested and I still have an error. I think it tries to export the groups
also into the read only ldap :
2011-09-06 10:05:45,269: [main] INFO
edu.internet2.middleware.ldappc.spml.provider.LdapTargetProvider
.execute(499) - -
ModifyRequest[psoID=PSOIdentifier[id='cn=amu:admin:grouper:wheel,ou=groups,dc=univ-amu,dc=fr',targetID=ldap,containerID=<null>],typeOfReference=member,typeOfReference=member,returnData=everything,requestID=2011/09/06-10:05:45.267_Q2IVRJV7]
2011-09-06 10:05:45,272: [main] ERROR
edu.internet2.middleware.ldappc.spml.provider.LdapTargetProvider
.execute(567) - -
ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP:
error code 53 - shadow context; no update
referral]},requestID=2011/09/06-10:05:45.267_Q2IVRJV7]
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - shadow
context; no update referral]; remaining name
'cn=amu:admin:grouper:wheel,ou=groups,dc=univ-amu,dc=fr'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3114)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
I tried to specify the target id but I had the same error :
bin/gsh.sh -ldappcng -targetID ldap -sync amu:admin:grouper:wheel
Best regards,
Arnaud.
Le vendredi 22 juillet 2011 à 09:54:18, Tom Zeller a écrit :
> The second ldap provider needs to be added to ldappcng.xml, I believe,
> I am unable to test right now.
>
> Add
>
> <target id="ldap-replicat" provider="ldap-provider-replicat" />
>
> to ldappcng.xml :
>
> <targets id="LDAP">
>
> <target id="ldap" provider="ldap-provider" />
> <target id="ldap-replicat" provider="ldap-provider-replicat" />
>
> and please let me know.
>
> [config files were posted privately]
>
> On Fri, Jul 22, 2011 at 9:18 AM, Tom Zeller
> <>
> wrote:
> > Sounds right. Could you post your sanitized config files, please,
> > either on-list or privately ?
> >
> > On Fri, Jul 22, 2011 at 7:25 AM, Arnaud Deman
> > <>
> > wrote:
> >> Hello,
> >>
> >> I am trying to use LDAPPCNG to provision the groups branch of an LDAP
> >> while the people branch is in another LDAP. The people branch is read
> >> only (I don't publish isMemberOf).
> >>
> >> Is it possible to use LDAPPCNG in this context, and if so what would be
> >> the
> >> good way to configure it ?
> >>
> >> My first idea was to define a second ldap provider for the people
> >> branch, with its own configuration
> >> file in ldappc-services.xml :
> >>
> >> <Service id="ldap-provider-replicat" xsi:type="ldappc:LdapPoolProvider"
> >> ldapPoolId="ldapPool-replicat">
> >> <ConfigurationResource file="/ldappc-ldap-replicat.xml"
> >> xsi:type="resource:ClasspathResource">
> >> <ResourceFilter xsi:type="grouper:ClasspathPropertyReplacement"
> >> xmlns="urn:mace:shibboleth:2.0:resource"
> >> propertyFile="/ldappc.properties" />
> >> </ConfigurationResource>
> >>
> >>
> >> And then to use this provider for the SpmlDataConnector in
> >> ldappc-resolver.xml :
> >>
> >> <resolver:DataConnector id="SpmlDataConnector"
> >> provider="ldap-provider-replicat" xsi:type="ldappc:SPMLDataConnector"
> >> scope="subTree" base="${peopleOU}" returnData="identifier">
> >> <resolver:Dependency ref="MemberDataConnector" />
> >>
> >> <ldappc:FilterTemplate>(supannAliasLogin=${id.get(0)})</ldappc:FilterTemplate>
> >> </resolver:DataConnector>
> >>
> >>
> >> But the LDAP Pool doesn' seem to be initialized correctly and I have
> >> this exception :
> >>
> >> 2011-07-22 12:13:57,930: [main] WARN BlockingLdapPool .checkIn(309) - -
> >> attempt to return unknown ldap object: null
> >> 2011-07-22 12:13:57,932: [main] ERROR BaseSpmlProvider .execute(95) - -
> >> Response[status=failure,error=unsupportedOperation,errorMessages={},requestID=2011/07/22-12:13:57.929_Q0O928HW]
> >>
> >> Thanks for your help,
> >> Best regards,
> >> A. Deman.
> >>
> >>
> >>
> >>
> >>
> >> --
> >> Arnaud Deman
> >> 04 91 28 85 25
> >> DSI - Université Paul Cézanne Aix-Marseille III
> >> Avenue Escadrille Normandie-Niemen
> >> 13397 MARSEILLE CEDEX 20
> >>
> >>
> >
--
Arnaud Deman
04 91 28 85 25
DSI - Université Paul Cézanne Aix-Marseille III
Avenue Escadrille Normandie-Niemen
13397 MARSEILLE CEDEX 20
- Re: [grouper-users] LDAPPCNG and different LDAP for people and groups, Arnaud Deman, 09/06/2011
- Re: [grouper-users] LDAPPCNG and different LDAP for people and groups, Tom Zeller, 09/06/2011
Archive powered by MHonArc 2.6.16.