Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] LDAPCNG Sync issues

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] LDAPCNG Sync issues


Chronological Thread 
  • From: "Klug, Lawrence" <>
  • To: Tom Zeller <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] LDAPCNG Sync issues
  • Date: Fri, 4 Nov 2011 11:44:49 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US

Tom - Increased log level and run:

./gsh.sh -ldappcng -sync "InfoTechServices:MiddlewareServices:IAMUCLA"
-logSpml

- this is what appears in the logs

2011-11-04 11:41:30,734: [main] INFO LdapTargetProvider.execute(499) - -
ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,containerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModification[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=member,typeOfReference=member,returnData=everything,requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
2011-11-04 11:41:30,734: [main] DEBUG LdapTargetProvider.execute(529) - -
ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,containerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModification[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=member,typeOfReference=member,returnData=everything,requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
mods [Remove attribute: cn: InfoTechServices:MiddlewareServices:IAMUCLA, Add
attribute: hasMember: KLUG, LAWRENCE, KLUG, KARL J
, LEUNG, WARREN WAI LUN
, Add attribute: isMemberOf:
InfoTechServices:ITServices, Remove attribute: isMemberOf:
cn=InfoTechServices:ITServices,ou=grouper,dc=edtest,dc=ucla,dc=edu, Add
attribute: member:
uclappid=urn:mace:ucla.edu:ppid:person:4B375069ECA7458C9A3EC6935784C780,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:6D074D02FC154605AE009EB87018493B,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:D7BED25A41E442EFBE721496196E0A81,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F3,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:FEC691E858FB4A5889E5A4464488A6B7,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:98B84B1A62C9450CB3F0BC9E9B3ABADE,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:959630A150724E75ABE06370752707D2,ou=people,dc=edtest,dc=ucla,dc=edu,
Remove attribute: member: ]
2011-11-04 11:41:30,734: [main] DEBUG LdapTargetProvider.execute(531) - -
ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,containerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModification[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=member,typeOfReference=member,returnData=everything,requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
escaped dn
'cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
2011-11-04 11:41:30,734: [main] DEBUG AbstractLdap.modifyAttributes(819) - -
Modify attributes with the following parameters:
2011-11-04 11:41:30,735: [main] DEBUG AbstractLdap.modifyAttributes(820) - -
dn =
cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu
2011-11-04 11:41:30,735: [main] DEBUG AbstractLdap.modifyAttributes(821) - -
mods = [Remove attribute: cn: InfoTechServices:MiddlewareServices:IAMUCLA,
Add attribute: hasMember: KLUG, LAWRENCE, KLUG, KARL J
, LEUNG, WARREN WAI LUN
, Add attribute: isMemberOf:
InfoTechServices:ITServices, Remove attribute: isMemberOf:
cn=InfoTechServices:ITServices,ou=grouper,dc=edtest,dc=ucla,dc=edu, Add
attribute: member:
uclappid=urn:mace:ucla.edu:ppid:person:4B375069ECA7458C9A3EC6935784C780,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:6D074D02FC154605AE009EB87018493B,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:D7BED25A41E442EFBE721496196E0A81,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F3,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:FEC691E858FB4A5889E5A4464488A6B7,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:98B84B1A62C9450CB3F0BC9E9B3ABADE,ou=people,dc=edtest,dc=ucla,dc=edu,

uclappid=urn:mace:ucla.edu:ppid:person:959630A150724E75ABE06370752707D2,ou=people,dc=edtest,dc=ucla,dc=edu,
Remove attribute: member: ]
2011-11-04 11:41:30,738: [main] ERROR LdapTargetProvider.execute(567) - -
ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP:
error code 67 - Not Allowed On
RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
javax.naming.directory.SchemaViolationException: [LDAP: error code 67 - Not
Allowed On RDN]; remaining name
'cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at
edu.vt.middleware.ldap.AbstractLdap.modifyAttributes(AbstractLdap.java:836)
at edu.vt.middleware.ldap.Ldap.modifyAttributes(Ldap.java:665)
at
edu.internet2.middleware.ldappc.spml.provider.LdapTargetProvider.execute(LdapTargetProvider.java:532)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute(BaseSpmlProvider.java:79)
at edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:444)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute(BaseSpmlProvider.java:79)
at edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:272)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute(BaseSpmlProvider.java:79)
at edu.internet2.middleware.ldappc.spml.PSPCLI.run(PSPCLI.java:176)
at edu.internet2.middleware.ldappc.spml.PSPCLI.main(PSPCLI.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:188)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:128)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:16)
2011-11-04 11:41:30,739: [main] ERROR PSP.execute(458) - -
ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP:
error code 67 - Not Allowed On
RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
2011-11-04 11:41:30,739: [main] INFO PSP.execute(460) - -
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
requestID='2011/11/04-11:41:30.730_Q4VTGGIZ' error='customError'>
<errorMessage>[LDAP: error code 67 - Not Allowed On RDN]</errorMessage>
</modifyResponse>

2011-11-04 11:41:30,739: [main] ERROR PSP.execute(277) - -
SyncResponse[id=InfoTechServices:MiddlewareServices:IAMUCLA,status=failure,error=customError,errorMessages={[LDAP:
error code 67 - Not Allowed On
RDN]},requestID=2011/11/04-11:41:30.120_Q4VTGGH6,ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP:
error code 67 - Not Allowed On
RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]]
2011-11-04 11:41:30,740: [main] INFO PSP.execute(278) - -
<ldappc:syncResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc'
status='failure' requestID='2011/11/04-11:41:30.120_Q4VTGGH6'
error='customError'>
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
requestID='2011/11/04-11:41:30.730_Q4VTGGIZ' error='customError'>
<errorMessage>[LDAP: error code 67 - Not Allowed On RDN]</errorMessage>
</modifyResponse>
<errorMessage>[LDAP: error code 67 - Not Allowed On RDN]</errorMessage>
<ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLA'/>
</ldappc:syncResponse>


-----Original Message-----
From:


[mailto:]
On Behalf Of Tom Zeller
Sent: Friday, November 04, 2011 10:22 AM
To: Klug, Lawrence
Cc:

Subject: Re: [grouper-users] LDAPCNG Sync issues

You are running 2.x, correct ?

Run with -printRequests or -logSpml and increase the logging level in
log4j.properties :

# LDAPPC[NG]
log4j.logger.edu.internet2.middleware.ldappc = DEBUG # vt-ldap, used by
LDAPPC[NG] log4j.logger.edu.vt.middleware.ldap = DEBUG

We need the request to understand the failure response.

On Fri, Nov 4, 2011 at 12:03 PM, Klug, Lawrence
<>
wrote:
> Hi,
>
>
>
> We're getting  into LDAP errors when running sync or buldSync
> operations - they seem to be related to schema or constrain
> violations.  Can anyone suggest a strategy for fixing?
>
>
>
> Thanks,
>
>
>
> Lawrence
>
>
>
> <ldappc:syncResponse>
>
>     <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
> requestID='2011/11/04-09:46:31.263_Q4VPCJ0Q' error='customError'>
>
>       <errorMessage>[LDAP: error code 67 - Not Allowed On
> RDN]</errorMessage>
>
>     </modifyResponse>
>
>     <ldappc:id ID='etc:sysadmingroup'/>
>
>   </ldappc:syncResponse>
>
>
>
>   <ldappc:syncResponse>
>
>     <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
> requestID='2011/11/04-09:46:31.275_Q4VPCJ0V' error='customError'>
>
>       <errorMessage>[LDAP: error code 19 - Constraint violation in
> modifications]</errorMessage>
>
>     </modifyResponse>
>
>     <ldappc:id
> ID='urn:mace:ucla.edu:ppid:person:037C906A66444DFBAA8C4DB08035D62E'/>
>
>   </ldappc:syncResponse>
>
>
>
> Lawrence Klug
>
> UCLA Middleware Services
>
> Office: 310 825-2061
>
> Cell: 818 667-2386
>
>



Archive powered by MHonArc 2.6.16.

Top of Page