Grouper Users - Open Discussion List

[Tom Zeller <>]

You probably need to add the eduMember objectclass to your ldap
server. The schema file is not included in the distribution, which is
a bug, which will be fixed in 2.1.

The objectClass for a group is defined in ldappcng.xml :

    <object id="group" authoritative="true">
      <attribute name="objectClass" ref="group-objectclass-eduMember" />

and ldappc-resolver.xml :

  <resolver:DataConnector id="StaticDataConnector" xsi:type="dc:Static">
    <dc:Attribute id="group-objectclass-eduMember">
      <dc:Value>top</dc:Value>
      <dc:Value>${groupObjectClass}</dc:Value>
      <dc:Value>eduMember</dc:Value>
    </dc:Attribute>

The ${groupObjectClass} is defined in ldappc.properties, which is by default :

 groupObjectClass=groupOfNames

The eduMember objectclass, however, will probably need to be added to
your ldap directory.

The eduMember schema definition is not included in the distribution,
but is available from

 
http://anonsvn.internet2.edu/cgi-bin/viewvc.cgi/i2mi/trunk/ldappcng/ldappcng/misc/ldap/

Apologies for the hassle.

TomZ

https://bugs.internet2.edu/jira/browse/GRP-505

On Tue, Nov 8, 2011 at 11:05 AM, Klug, Lawrence 
<>
 wrote:
> When running LDAPPCNG 2.x for group synchronization, we are observing LDAP
> errors and some of the changes are not propagated to the directory. We’re
> seeing two types of errors:
>
> LDAP: error code 67 - Not Allowed On RDN
>
> LDAP: error code 19 - Constraint violation in modifications
>
>
>
> The errors seem to revolve around add/delete operations, i.e. adding or
> deleting a member from an existing  group.
>
>
>
> We’re thinking it might be a schema issue. Can you point us to the
> objectClass definition  (should be a standard Internet2 edu object class)
> that LDAPPCNG2.x is working with?  We'd like to check the schema
> implementation on our ED to see if it's compliant with LDAPPCNG2.x.
>
>
>
> Thanks,
>
>
>
> Lawrence Klug
>
> UCLA Middleware Services
>
> Office: 310 825-2061
>
> Cell: 818 667-2386
>
>