grouper-users - RE: [grouper-users] LDAPCNG Sync issues
Subject: Grouper Users - Open Discussion List
List archive
- From: "Klug, Lawrence" <>
- To: Tom Zeller <>
- Cc: "" <>
- Subject: RE: [grouper-users] LDAPCNG Sync issues
- Date: Fri, 4 Nov 2011 15:37:17 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
Here are the files, Tom. Please let me know what you find...
Lawrence
-----Original Message-----
From:
[mailto:]
On Behalf Of Tom Zeller
Sent: Friday, November 04, 2011 2:51 PM
To: Klug, Lawrence
Cc:
Subject: Re: [grouper-users] LDAPCNG Sync issues
Hmm, I was expecting -logSpml to log the spml requests and response. I think
you need the -logSpml argument before -sync :
./gsh.sh -ldappcng -logSpml -sync
"InfoTechServices:MiddlewareServices:IAMUCLA"
In any case, we probably do not want to delete the cn, especially if it is
part of the RDN :-)
Could you send ldappcng.xml and ldappc-resolver.xml ? I am interested in the
<attribute name="cn" ref="X" /> element of ldappcng.xml and corresponding
<AttributeDefinition id="X" /> in ldappc-resolver.xml
TomZ
On Fri, Nov 4, 2011 at 1:44 PM, Klug, Lawrence
<>
wrote:
> Tom - Increased log level and run:
>
> ./gsh.sh -ldappcng -sync
> "InfoTechServices:MiddlewareServices:IAMUCLA" -logSpml
>
> - this is what appears in the logs
>
> 2011-11-04 11:41:30,734: [main] INFO LdapTargetProvider.execute(499)
> - -
> ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareSe
> rvices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,cont
> ainerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModifi
> cation[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=
> add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=m
> ember,typeOfReference=member,returnData=everything,requestID=2011/11/0
> 4-11:41:30.730_Q4VTGGIZ]
> 2011-11-04 11:41:30,734: [main] DEBUG LdapTargetProvider.execute(529)
> - -
> ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareSe
> rvices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,cont
> ainerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModifi
> cation[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=
> add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=m
> ember,typeOfReference=member,returnData=everything,requestID=2011/11/0
> 4-11:41:30.730_Q4VTGGIZ] mods [Remove attribute: cn:
> InfoTechServices:MiddlewareServices:IAMUCLA, Add attribute: hasMember:
> KLUG, LAWRENCE, KLUG, KARL J
>
> , LEUNG, WARREN WAI LUN
> , Add attribute: isMemberOf: InfoTechServices:ITServices, Remove
> attribute: isMemberOf:
> cn=InfoTechServices:ITServices,ou=grouper,dc=edtest,dc=ucla,dc=edu,
> Add attribute: member:
> uclappid=urn:mace:ucla.edu:ppid:person:4B375069ECA7458C9A3EC6935784C78
> 0,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:6D074D02FC154605AE009EB87018493
> B,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:D7BED25A41E442EFBE721496196E0A8
> 1,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F
> 3,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:FEC691E858FB4A5889E5A4464488A6B
> 7,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:98B84B1A62C9450CB3F0BC9E9B3ABAD
> E,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:959630A150724E75ABE06370752707D
> 2,ou=people,dc=edtest,dc=ucla,dc=edu, Remove attribute: member: ]
> 2011-11-04 11:41:30,734: [main] DEBUG LdapTargetProvider.execute(531) - -
> ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,containerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModification[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=member,typeOfReference=member,returnData=everything,requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
> escaped dn
> 'cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
> 2011-11-04 11:41:30,734: [main] DEBUG AbstractLdap.modifyAttributes(819) -
> - Modify attributes with the following parameters:
> 2011-11-04 11:41:30,735: [main] DEBUG
> AbstractLdap.modifyAttributes(820) - - dn =
> cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc
> =ucla,dc=edu
> 2011-11-04 11:41:30,735: [main] DEBUG
> AbstractLdap.modifyAttributes(821) - - mods = [Remove attribute:
> cn: InfoTechServices:MiddlewareServices:IAMUCLA, Add attribute:
> hasMember: KLUG, LAWRENCE, KLUG, KARL J
>
> , LEUNG, WARREN WAI LUN
> , Add attribute: isMemberOf: InfoTechServices:ITServices, Remove
> attribute: isMemberOf:
> cn=InfoTechServices:ITServices,ou=grouper,dc=edtest,dc=ucla,dc=edu,
> Add attribute: member:
> uclappid=urn:mace:ucla.edu:ppid:person:4B375069ECA7458C9A3EC6935784C78
> 0,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:6D074D02FC154605AE009EB87018493
> B,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:D7BED25A41E442EFBE721496196E0A8
> 1,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F
> 3,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:FEC691E858FB4A5889E5A4464488A6B
> 7,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:98B84B1A62C9450CB3F0BC9E9B3ABAD
> E,ou=people,dc=edtest,dc=ucla,dc=edu,
> uclappid=urn:mace:ucla.edu:ppid:person:959630A150724E75ABE06370752707D
> 2,ou=people,dc=edtest,dc=ucla,dc=edu, Remove attribute: member: ]
> 2011-11-04 11:41:30,738: [main] ERROR LdapTargetProvider.execute(567)
> - -
> ModifyResponse[pso=<null>,status=failure,error=customError,errorMessag
> es={[LDAP: error code 67 - Not Allowed On
> RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
> javax.naming.directory.SchemaViolationException: [LDAP: error code 67 - Not
> Allowed On RDN]; remaining name
> 'cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
> at
> com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
> at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(Compon
> entDirContext.java:255)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(P
> artialCompositeDirContext.java:172)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(P
> artialCompositeDirContext.java:161)
> at
> edu.vt.middleware.ldap.AbstractLdap.modifyAttributes(AbstractLdap.java
> :836)
> at edu.vt.middleware.ldap.Ldap.modifyAttributes(Ldap.java:665)
> at
> edu.internet2.middleware.ldappc.spml.provider.LdapTargetProvider.execu
> te(LdapTargetProvider.java:532)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute
> (BaseSpmlProvider.java:79)
> at
> edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:444)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute
> (BaseSpmlProvider.java:79)
> at
> edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:272)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execute
> (BaseSpmlProvider.java:79)
> at
> edu.internet2.middleware.ldappc.spml.PSPCLI.run(PSPCLI.java:176)
> at
> edu.internet2.middleware.ldappc.spml.PSPCLI.main(PSPCLI.java:90)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCas
> e(GrouperShell.java:188)
> at
> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShel
> l.java:128)
> at
> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(Grou
> perShellWrapper.java:16)
> 2011-11-04 11:41:30,739: [main] ERROR PSP.execute(458) - -
> ModifyResponse[pso=<null>,status=failure,error=customError,errorMessag
> es={[LDAP: error code 67 - Not Allowed On
> RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
> 2011-11-04 11:41:30,739: [main] INFO PSP.execute(460) - -
> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
> requestID='2011/11/04-11:41:30.730_Q4VTGGIZ' error='customError'>
> <errorMessage>[LDAP: error code 67 - Not Allowed On
> RDN]</errorMessage> </modifyResponse>
>
> 2011-11-04 11:41:30,739: [main] ERROR PSP.execute(277) - -
> SyncResponse[id=InfoTechServices:MiddlewareServices:IAMUCLA,status=fai
> lure,error=customError,errorMessages={[LDAP: error code 67 - Not
> Allowed On
> RDN]},requestID=2011/11/04-11:41:30.120_Q4VTGGH6,ModifyResponse[pso=<n
> ull>,status=failure,error=customError,errorMessages={[LDAP: error code
> 67 - Not Allowed On RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]]
> 2011-11-04 11:41:30,740: [main] INFO PSP.execute(278) - -
> <ldappc:syncResponse
> xmlns:ldappc='http://grouper.internet2.edu/ldappc' status='failure'
> requestID='2011/11/04-11:41:30.120_Q4VTGGH6' error='customError'>
> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
> requestID='2011/11/04-11:41:30.730_Q4VTGGIZ' error='customError'>
> <errorMessage>[LDAP: error code 67 - Not Allowed On
> RDN]</errorMessage>
> </modifyResponse>
> <errorMessage>[LDAP: error code 67 - Not Allowed On
> RDN]</errorMessage>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLA'/>
> </ldappc:syncResponse>
>
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Tom
> Zeller
> Sent: Friday, November 04, 2011 10:22 AM
> To: Klug, Lawrence
> Cc:
>
> Subject: Re: [grouper-users] LDAPCNG Sync issues
>
> You are running 2.x, correct ?
>
> Run with -printRequests or -logSpml and increase the logging level in
> log4j.properties :
>
> # LDAPPC[NG]
> log4j.logger.edu.internet2.middleware.ldappc = DEBUG # vt-ldap, used
> by LDAPPC[NG] log4j.logger.edu.vt.middleware.ldap = DEBUG
>
> We need the request to understand the failure response.
>
> On Fri, Nov 4, 2011 at 12:03 PM, Klug, Lawrence
> <>
> wrote:
>> Hi,
>>
>>
>>
>> We're getting into LDAP errors when running sync or buldSync
>> operations - they seem to be related to schema or constrain
>> violations. Can anyone suggest a strategy for fixing?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Lawrence
>>
>>
>>
>> <ldappc:syncResponse>
>>
>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>> requestID='2011/11/04-09:46:31.263_Q4VPCJ0Q' error='customError'>
>>
>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>> RDN]</errorMessage>
>>
>> </modifyResponse>
>>
>> <ldappc:id ID='etc:sysadmingroup'/>
>>
>> </ldappc:syncResponse>
>>
>>
>>
>> <ldappc:syncResponse>
>>
>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>> requestID='2011/11/04-09:46:31.275_Q4VPCJ0V' error='customError'>
>>
>> <errorMessage>[LDAP: error code 19 - Constraint violation in
>> modifications]</errorMessage>
>>
>> </modifyResponse>
>>
>> <ldappc:id
>> ID='urn:mace:ucla.edu:ppid:person:037C906A66444DFBAA8C4DB08035D62E'/>
>>
>> </ldappc:syncResponse>
>>
>>
>>
>> Lawrence Klug
>>
>> UCLA Middleware Services
>>
>> Office: 310 825-2061
>>
>> Cell: 818 667-2386
>>
>>
>
<?xml version="1.0" encoding="utf-8"?> <ldappc xmlns="http://grouper.internet2.edu/ldappc"; xmlns:ldappc="http://grouper.internet2.edu/ldappc"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://grouper.internet2.edu/ldappc classpath:/schema/ldappc.xsd"> <targets id="LDAP"> <target id="ldap" provider="ldap-provider" /> <object id="stem"> <identifier ref="stem-dn" baseId="${groupsOU}"> <identifyingAttribute name="objectclass" value="organizationalUnit" /> </identifier> <attribute name="objectClass" ref="stem-objectclass" /> <attribute name="ou" ref="stem-ou" /> <attribute name="description" ref="stem-description" /> </object> <object id="group" authoritative="true"> <identifier ref="group-dn" baseId="${groupsOU}"> <identifyingAttribute name="objectClass" value="${groupObjectClass}" /> </identifier> <attribute name="objectClass" ref="group-objectclass-eduMember" /> <attribute name="cn" /> <attribute name="description" /> <attribute name="hasMember" ref="hasMember" /> <attribute name="isMemberOf" ref="groupIsMemberOf" /> <references name="member" emptyValue="" > <reference ref="members-ldap" toObject="member" /> <reference ref="members-g:gsa" toObject="group" /> </references> </object> <object id="member"> <identifier ref="member-dn" baseId="${peopleOU}"> <identifyingAttribute name="objectclass" value="person" /> </identifier> <attribute name="objectClass" ref="member-objectclass" retainAll="true" /> <attribute name="isMemberOf" ref="memberIsMemberOf" /> </object> </targets> </ldappc>
<?xml version="1.0" encoding="UTF-8"?> <AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:grouper="http://grouper.internet2.edu/shibboleth/2.0"; xmlns:ldappc="http://grouper.internet2.edu/ldappc"; xsi:schemaLocation=" urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd http://grouper.internet2.edu/shibboleth/2.0 classpath:/schema/shibboleth-2.0-grouper.xsd http://grouper.internet2.edu/ldappc classpath:/schema/ldappc.xsd"> <resolver:DataConnector id="GroupDataConnector" xsi:type="grouper:GroupDataConnector"> <grouper:Attribute id="members" /> <grouper:Attribute id="groups" /> </resolver:DataConnector> <resolver:DataConnector id="StemDataConnector" xsi:type="grouper:StemDataConnector"> </resolver:DataConnector> <resolver:DataConnector id="MemberDataConnector" xsi:type="grouper:MemberDataConnector"> <grouper:Attribute id="groups" /> </resolver:DataConnector> <resolver:DataConnector id="StaticDataConnector" xsi:type="dc:Static"> <dc:Attribute id="group-objectclass"> <dc:Value>top</dc:Value> <dc:Value>${groupObjectClass}</dc:Value> </dc:Attribute> <dc:Attribute id="group-objectclass-eduMember"> <dc:Value>top</dc:Value> <dc:Value>${groupObjectClass}</dc:Value> <dc:Value>eduMember</dc:Value> </dc:Attribute> <dc:Attribute id="stem-objectclass"> <dc:Value>top</dc:Value> <dc:Value>organizationalUnit</dc:Value> </dc:Attribute> <dc:Attribute id="member-objectclass"> <dc:Value>eduMember</dc:Value> </dc:Attribute> </resolver:DataConnector> <resolver:AttributeDefinition id="stem-dn" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="name" rdnAttributeName="ou" base="${groupsOU}"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-ou" xsi:type="ad:Simple" sourceAttributeID="extension"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="stem-description" xsi:type="ad:Simple" sourceAttributeID="description"> <resolver:Dependency ref="StemDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-dn" xsi:type="ldappc:LdapDnPSOIdentifier" structure="${DNstructure}" sourceAttributeID="name" rdnAttributeName="cn" base="${groupsOU}"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="group-objectclass-eduMember" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="description" xsi:type="ad:Simple"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="cn" xsi:type="ad:Simple" sourceAttributeID="extension"> <resolver:Dependency ref="GroupDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName" sourceAttributeID="name"> <resolver:Dependency ref="GroupDataConnector" /> <Script><![CDATA[ // Import Shibboleth attribute provider importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider); value = name.getValues().get(0); value = value.replaceAll("\\/", "_"); value = value.replaceAll("\\/", "_"); value = value.replaceAll("\\[", "_"); value = value.replaceAll("\\]", "_"); value = value.replaceAll("\\:", "_"); value = value.replaceAll("\\;", "_"); value = value.replaceAll("\\|", "_"); value = value.replaceAll("\\=", "_"); value = value.replaceAll("\\,", "_"); value = value.replaceAll("\\+", "_"); value = value.replaceAll("\\*", "_"); value = value.replaceAll("\\?", "_"); sAMAccountName = new BasicAttribute("sAMAccountName"); sAMAccountName.getValues().add(value); ]]></Script> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="hasMember" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" source="ldap" /> <grouper:Attribute id="name" source="g:gsa" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="groupIsMemberOf" xsi:type="grouper:Group" sourceAttributeID="groups"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="members-ldap" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="id" source="ldap" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="members-g:gsa" xsi:type="grouper:Member" sourceAttributeID="members"> <resolver:Dependency ref="GroupDataConnector" /> <grouper:Attribute id="name" source="g:gsa" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="member-dn" xsi:type="ad:Simple" sourceAttributeID="psoID"> <resolver:Dependency ref="SpmlDataConnector" /> </resolver:AttributeDefinition> <resolver:DataConnector id="SpmlDataConnector" provider="ldap-provider" xsi:type="ldappc:SPMLDataConnector" scope="subTree" base="${peopleOU}" returnData="identifier"> <resolver:Dependency ref="MemberDataConnector" /> <ldappc:FilterTemplate>(uclaPPID=${id.get(0)})</ldappc:FilterTemplate> </resolver:DataConnector> <resolver:AttributeDefinition id="member-objectclass" xsi:type="ad:Simple"> <resolver:Dependency ref="StaticDataConnector" /> </resolver:AttributeDefinition> <resolver:AttributeDefinition id="memberIsMemberOf" xsi:type="grouper:Group" sourceAttributeID="groups"> <resolver:Dependency ref="MemberDataConnector" /> <grouper:Attribute id="name" /> </resolver:AttributeDefinition> </AttributeResolver>
- [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/07/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/08/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/09/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/09/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/09/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/07/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/07/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
Archive powered by MHonArc 2.6.16.