Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] sources.xml ldap and script groupershell

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] sources.xml ldap and script groupershell


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Wallaert-Taquet Brigitte <>
  • Cc: Tom Zeller <>, "" <>
  • Subject: RE: [grouper-users] sources.xml ldap and script groupershell
  • Date: Mon, 10 Oct 2011 18:07:04 +0000
  • Accept-language: en-US

Ok, I fixed the problem (which is 1.6 specific) about the groupsave. Also I
expanded this out so we can see where the problem is. Note, if you know
where the subject comes from, and it is by id or identifier, you can change
SubjectFinder.findByIdOrIdentifier() to something else to make it more
efficient. E.g.

findByIdAndSource(id, sourceId, false);

so look here:

https://spaces.internet2.edu/display/Grouper/Grouper+LDAP+GSH+example

And change the top part per your env, e.g.

gsh 1% groupName = "lille1:utilitaires:ustlroletemoin";
gsh 2% searchDn = "ou=people,dc=univ-lille1,dc=fr";
gsh 3% searchFilter = "(ustlRole=*)";
gsh 4% attributeName = "uid";

Run each command below and let me know where the problem is exactly and what
your output and logs are...

############
The question about the start queries and errors, you can set this in the
sources.xml

findSubjectByIdentifiedOnCheckConfig to false
findSubjectByStringOnCheckConfig to false

to turn it off

or you can set:

subjectIdentifierToFindOnCheckConfig to someId that exists
stringToFindOnCheckConfig to someId that exists

To do the test, but it will not throw error :)

Thanks,
Chris


-----Original Message-----
From: Wallaert-Taquet Brigitte
[mailto:]

Sent: Monday, October 10, 2011 5:18 AM
To: Chris Hyzer
Cc: Tom Zeller;

Subject: Re: [grouper-users] sources.xml ldap and script groupershell

Hello,

I have to modify 2 lines to have results :
1-
FROM
group = new
GroupSave(grouperSession).assignName("lille1:utilitaires:ustlroletemoin").assignCreateParentStemsIfNotExist(true).save();
TO
group =
GroupFinder.findByAttribute(grouperSession,"ustlRole","ustlRoleTemoin",true);

because these errors :
2011-10-10 10:54:16,183: [main] INFO EventLog.info(141) - -
[e29b74e53e0b424ba95163e5fef85585,'GrouperSystem','application']
session: start (4ms)
2011-10-10 10:54:16,231: [main] ERROR ShellHelper.eval(76) - - Sourced
file: inline evaluation of: ``group = new
GroupSave(grouperSession).assignName("lille1:utilitaires:ustlroletem . .
. '' : Method Invocation save
edu.internet2.middleware.grouper.exception.GroupAddAlreadyExistsException:
group already exists with name: 'lille1:utilitaires:ustlroletemoin',
stem name: lille1:utilitaires, group extension: ustlroletemoin, group
dExtension: ustlroletemoin, uuid: null, typeOfGroup: null,
Problem in HibernateSession: HibernateSession: isNew: false, isReadonly:
false, grouperTransactionType: READ_WRITE_NEW,
Problem in HibernateSession: HibernateSession: isNew: true, isReadonly:
false, grouperTransactionType: READ_WRITE_NEW
at edu.internet2.middleware.grouper.Stem$5.callback(Stem.java:1760)
at
edu.internet2.middleware.grouper.hibernate.HibernateSession.callbackHibernateSession(HibernateSession.java:500)
at
edu.internet2.middleware.grouper.Stem.internal_addChildGroup(Stem.java:1740)
at
edu.internet2.middleware.grouper.Stem.internal_addChildGroup(Stem.java:1713)
at
edu.internet2.middleware.grouper.Stem.internal_addChildGroup(Stem.java:1690)
at
edu.internet2.middleware.grouper.GroupSave$1$1.callback(GroupSave.java:347)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:644)
at
edu.internet2.middleware.grouper.GroupSave$1.callback(GroupSave.java:251)
at
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3TransactionDAO$1.callback(Hib3TransactionDAO.java:51)
at
edu.internet2.middleware.grouper.hibernate.HibernateSession.callbackHibernateSession(HibernateSession.java:500)
at
edu.internet2.middleware.grouper.internal.dao.hib3.Hib3TransactionDAO.transactionCallback(Hib3TransactionDAO.java:41)
at
edu.internet2.middleware.grouper.hibernate.GrouperTransaction.callbackGrouperTransaction(GrouperTransaction.java:72)
at
edu.internet2.middleware.grouper.hibernate.GrouperTransaction.callbackGrouperTransaction(GrouperTransaction.java:91)
at
edu.internet2.middleware.grouper.GroupSave.save(GroupSave.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at bsh.Reflect.invokeMethod(Unknown Source)
at bsh.Reflect.invokeObjectMethod(Unknown Source)
at bsh.BSHPrimarySuffix.doName(Unknown Source)
at bsh.BSHPrimarySuffix.doSuffix(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHAssignment.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at
edu.internet2.middleware.grouper.app.gsh.ShellHelper.eval(ShellHelper.java:48)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.run(GrouperShell.java:404)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.grouperShellHelper(GrouperShell.java:216)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:146)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
)

2-

FROM get("pennname")
TO get("uid")
perhaps a mistake ?

because error :

2011-10-10 11:11:56,604: [main] ERROR ShellHelper.eval(76) - - Sourced
file: inline evaluation of: ``while (results.hasNext())
{group.addMember(SubjectFinder.findByIdOrIdentifier(re . . . ''
java.lang.NullPointerException: Attempt to invoke method get on null value
at bsh.Reflect.resolveExpectedJavaMethod(Unknown Source)
at bsh.Reflect.invokeObjectMethod(Unknown Source)
at bsh.BSHPrimarySuffix.doName(Unknown Source)
at bsh.BSHPrimarySuffix.doSuffix(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHArguments.getArguments(Unknown Source)
at bsh.BSHMethodInvocation.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHArguments.getArguments(Unknown Source)
at bsh.BSHMethodInvocation.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHBlock.evalBlock(Unknown Source)
at bsh.BSHBlock.eval(Unknown Source)
at bsh.BSHBlock.eval(Unknown Source)
at bsh.BSHWhileStatement.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at
edu.internet2.middleware.grouper.app.gsh.ShellHelper.eval(ShellHelper.java:48)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.run(GrouperShell.java:404)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.grouperShellHelper(GrouperShell.java:216)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:146)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)

But my problem is always the same : my ldap's administrator doesn't
agree because of 2 asks...

So, I think to modify my sources.xml for goupershell script and to
re-modify temporarly when I need the deploy again Grouper-API, in
waiting to put Grouper 2.1 and use Grouper Loader LDAP.

Another Question : there are 3 searchs with (uid=grouperTest....) at
each connexion to ldap : is it necessary ?
2011-10-10 10:40:26,971: [main] DEBUG
JNDISourceAdapter.getLdapResults(403) - - searchType: searchSubject
filter: (& (uid=grouperTestSubjectByIdOnStartupASDFGHJ)
(objectClass=supannPerson)) base: ou=people,dc=univ-lille1,dc=fr scope:
SUBTREE_SCOPE
2011-10-10 10:40:26,975: [main] DEBUG
JNDISourceAdapter.getLdapResults(403) - - searchType:
searchSubjectByIdentifier filter: (&
(mail=grouperTestSubjectByIdentifierOnStartupASDFGHJ)
(objectClass=supannPerson)) base: ou=people,dc=univ-lille1,dc=fr scope:
SUBTREE_SCOPE
2011-10-10 10:40:26,979: [main] DEBUG
JNDISourceAdapter.getLdapResults(403) - - searchType: search filter: (&
(|(uid=grouperTestStringOnStartupASDFGHJ)(displayName=*grouperTestStringOnStartupASDFGHJ*)))

base: ou=people,dc=univ-lille1,dc=fr scope: SUBTREE_SCOPE

Thanks !
Brigitte

Le 08/10/2011 20:37, Chris Hyzer a écrit :
> I tried in 1.6 and it works fine. One tweak though, change this line
>
> FROM:
> while (results.hasNext())
> {group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(),
> true));}
>
> TO:
> while (results.hasNext())
> {group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("pennname").get(),
> true), false);}
>
> This will fail if a subject isn't resolvable, but will not fail if the
> subject is already in the group.
>
> Thanks,
> Chris
>
> -----Original Message-----
> From: Brigitte Wallaert Taquet
> [mailto:]
> Sent: Saturday, October 08, 2011 2:48 AM
> To: Chris Hyzer
> Cc: Tom Zeller;
>
> Subject: RE: [grouper-users] sources.xml ldap and script groupershell
>
> Hello,
>
> Sorry, I don't view this message, I'll try that. I am in 1.6.3.
>
> Thanks !
> Quoting Chris
> Hyzer<>:
>
>> Are you on 2.0?
>>
>> Here is a script that will do what you want, and doesn't depend on
>> sources.xml findAll()...
>>
>> First add these properties to the grouper.properties file:
>>
>> ldap.url = ldaps://someldap.school.edu:636
>> ldap.baseDn = dc=school,dc=edu
>> ldap.user = uid=user,ou=people,dc=school,dc=edu
>> ldap.pass = xxxxxx
>>
>> Then, add the vt-ldap.jar to the classpath (lib dir?)
>>
>> http://code.google.com/p/vt-middleware/downloads/detail?name=vt-ldap-3.3.4-dist.zip&can=2&q=
>>
>> Here is a GSH script to add membership from an ldap filter to a
>> group (note, make sure there are no newlines that are not below
>> (only after semicolon)). Also note, you could turn this into Java
>> for more flexibility too... :)
>>
>>
>> grouperSession = GrouperSession.startRootSession();
>>
>> group = new
>> GroupSave(grouperSession).assignName("test:testGroup").assignCreateParentStemsIfNotExist(true).save();
>>
>> ldapConfig = new
>> edu.vt.middleware.ldap.LdapConfig(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.url"),
>> edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.baseDn"));
>> ldapConfig.setBindDn(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.user"));
>> ldapConfig.setBindCredential(edu.internet2.middleware.grouper.cfg.GrouperConfig.getProperty("ldap.pass"));
>>
>> factory = new edu.vt.middleware.ldap.pool.DefaultLdapFactory(ldapConfig);
>>
>> pool = new edu.vt.middleware.ldap.pool.BlockingLdapPool(factory);
>>
>> ldap = pool.checkOut();
>>
>> results = ldap.search("ou=people,dc=school,dc=edu", new
>> edu.vt.middleware.ldap.SearchFilter("(|(uid=jsmith)(uid=tjones))"),
>> new String[]{"uid"});
>>
>> while (results.hasNext())
>> {group.addMember(SubjectFinder.findByIdOrIdentifier(results.next().getAttributes().get("uid").get(),
>> true));}
>>
>> pool.checkIn(ldap);
>>
>>
>> # check with this:
>> getMembers("test:testGroup");
>>
>>
>>
>> -----Original Message-----
>> From:
>>
>> [mailto:]
>> On Behalf Of Chris Hyzer
>> Sent: Friday, October 07, 2011 11:31 PM
>> To: Brigitte Wallaert Taquet
>> Cc: Tom Zeller;
>>
>> Subject: RE: [grouper-users] sources.xml ldap and script groupershell
>>
>> Yes, you can have a different sources.xml for gsh and ui. In
>> Grouper 2.1 there is a loader from ldap:
>>
>> https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP
>>
>> I assume you cant wait a few months for this :) Or maybe you can
>> get something working now, and then migrate to the loader later and
>> switch your sources.xml back.
>>
>> Another option is I can give you some code from 2.1 in a jar that
>> you could run temporarily until you upgrade to 2.1...
>>
>> Thanks,
>> Chris
>>
>> -----Original Message-----
>> From: Brigitte Wallaert Taquet
>> [mailto:]
>> Sent: Friday, October 07, 2011 2:42 PM
>> To: Chris Hyzer
>> Cc: Tom Zeller;
>>
>> Subject: RE: [grouper-users] sources.xml ldap and script groupershell
>>
>> Hello,
>>
>> Yes, I need for my script GrouperShell (folder-grouper/bin/gsh.sh
>> myscript.gsh) to search all subjects for whom the attribute ldap
>> "ustlRole" is valued (ustlRole=*) and then attach these subjects to a
>> group named "ustlRoletemoin".
>>
>> Initially, I ask first ldap with dircontext and after, I transform
>> each identifier received (uid) in subject Grouper (with findAll on
>> identifier "uid") but my administrator ldap says that I ask 2 times
>> for the same things so he doesn't agree.
>>
>> So, I think use only findAll in my groupershell script to search on
>> attribute ustlRole=* instead on uid and displayName. But for LiteUi, I
>> need that the search for a subject (findAll too it seems ?) continue
>> to use uid and displayName attributes to do the search.
>>
>> I hope it is more clearly ?
>>
>> So, if I understand what you say, it's perhaps possible if I can have
>> 2 sources.xml différents ; one for my script and one for LiteUi ? but
>> how ? Now, I do that but I have to modify sources.xml if I need to
>> deploy again Grouper-API for Grouper-UI, it is not very good I think !
>>
>> Thanks for your help.
>>
>> Cordialement
>> Brigitte
>>
>>
>>
>> Quoting Chris
>> Hyzer<>:
>>
>>> Not sure I completely understand, but findAll cannot have a
>>> parameter of where it is being called from, it is consistent. But
>>> you can have a slightly different sources.xml in your UI as opposed
>>> to WS or something else. Can you explain what you need in a
>>> different way? :)
>>>
>>> Thanks,
>>> Chris
>>>
>>> -----Original Message-----
>>> From: Wallaert-Taquet Brigitte
>>> [mailto:]
>>> Sent: Friday, October 07, 2011 5:54 AM
>>> To: Chris Hyzer; Tom Zeller
>>> Cc:
>>>
>>> Subject: Re: [grouper-users] sources.xml ldap and script groupershell
>>>
>>> Hello,
>>>
>>> Thanks a lot for your indications : effectively, the logs show me the
>>> asks which was ok and finally, the administrator's ldap find that the
>>> attribute "ustlRole" was protected and my server wasn't the rights to
>>> bind with connection ldap anonyme.
>>>
>>> Are you using GrouperJndiSourceAdapter in sources.xml ?
>>>
>>> <source
>>> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter"
>>> ...>
>>>
>>> Yes
>>>
>>> Now I have problem because if I modify the search in sources.xml for my
>>> groupershell, the LiteUI will not find the subject correctly (because
>>> ask on ustlRole attribute instead on uid/displayName attributes).
>>> So, do you think it is possible to parameter somewhere for
>>> SubjectFinder.findAll use another search defined in sources.xml (for
>>> example, I can define another searchType named "searchUstlRole" in my
>>> sources.xml) or to parameter LiteUI and AdminUi to use another searchType
>>> ?
>>>
>>> Thanks a lot !
>>> Brigitte
>>>
>>>
>>> Le 06/10/2011 05:34, Chris Hyzer a écrit :
>>>> Search is used in SubjectFinder.findAll e.g. on the UI when you do
>>>> a search for a subject...
>>>>
>>>> Thanks,
>>>> Chris
>>>>
>>>> -----Original Message-----
>>>> From:
>>>>
>>>> [mailto:]
>>>> On Behalf Of
>>>> Wallaert-Taquet Brigitte
>>>> Sent: Wednesday, October 05, 2011 5:32 AM
>>>> To:
>>>>
>>>> Subject: [grouper-users] sources.xml ldap and script groupershell
>>>>
>>>> Hello,
>>>>
>>>> I make a script that have to populate a group (named "ustlroletemoin")
>>>> for people LDAP for whom attribute ldap "ustlRole" have a value.
>>>>
>>>> So, I modify sources.xml for the search asks on ustlRole attribute (I
>>>> don't know exactly when this search is used ?):
>>>>
>>>> <search>
>>>> <searchType>search</searchType>
>>>> <param>
>>>> <param-name>filter</param-name>
>>>> <param-value>
>>>> (ustlRole=%TERM%)
>>>> <--------------------------------------------------
>>>> </param-value>
>>>> </param>
>>>> <param>
>>>> <param-name>scope</param-name>
>>>> <param-value>
>>>> SUBTREE_SCOPE
>>>> </param-value>
>>>> </param>
>>>> <param>
>>>> <param-name>base</param-name>
>>>> <param-value>
>>>> ou=people,dc=univ-lille1,dc=fr
>>>> </param-value>
>>>> </param>
>>>> </search>
>>>>
>>>> But I don't find a method that ask with this search ? It seems that
>>>> SubjectFinder.findAll asks only on searchSubject in sources.xml ?
>>>>
>>>> Before to put "*" (!), I try this and I have no results although there
>>>> are persons who have ustlRole=IntranetTest-users :
>>>>
>>>> for (Subject sujet : SubjectFinder.findAll("IntranetTest-users")) {
>>>> groupetemoin.addMember(sujet,false); nbreusersajoutes+=1; } }
>>>>
>>>> result : entree and nbreuserajoutes=0
>>>>
>>>> Thanks a lot !
>>>>
>>>
>>> --
>>> Brigitte Wallaert-Taquet
>>> Ingénieure d'études
>>> Chargée d'étude
>>> Espace collaboratif de Documents
>>> Université Lille1
>>> Sciences et Technologies
>>>
>>>
>>
>>
>>
>
>


--
Brigitte Wallaert-Taquet
Ingénieure d'études
Chargée d'étude
Espace collaboratif de Documents
Université Lille1
Sciences et Technologies




Archive powered by MHonArc 2.6.16.

Top of Page