grouper-users - Re: [grouper-users] LDAPCNG Sync issues
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: "Klug, Lawrence" <>
- Cc: "" <>
- Subject: Re: [grouper-users] LDAPCNG Sync issues
- Date: Wed, 9 Nov 2011 15:57:22 -0600
This means that no group exists in grouper with the name
'InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'
Is 'IAMUCLAMUCLA' a typo ?
On Wed, Nov 9, 2011 at 3:47 PM, Klug, Lawrence
<>
wrote:
> Hi Tom,
>
> I changed the two suggested items and I'm getting a new error:
> "noSuchIdentifier"
>
> gsh -ldappcng -logSpml -printRequests -sync
> "InfoTechServices:MiddlewareServices:IAM
>
> <ldappc:syncRequest xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> returnData='everything'>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:syncRequest>
> <ldappc:syncResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> status='failure' requestID='2011/11/09-13:18:32.260_Q4239LS4'
> error='noSuchIdentifier'>
> <errorMessage>Unable to calculate provisioned object.</errorMessage>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:syncResponse>
>
>
> 2011-11-09 13:27:39,959: [main] INFO PSPCLI.run(132) - - Starting ldappcng
> 2011-11-09 13:27:40,084: [main] INFO PSP.execute(237) - -
> SyncRequest[id=InfoTechServices:MiddlewareServices:IAMUCLAMUCLA,requestID=<null>,returnData=everything]
> 2011-11-09 13:27:40,084: [main] INFO PSP.execute(238) - -
> <ldappc:syncRequest xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> returnData='everything'>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:syncRequest>
>
> 2011-11-09 13:27:40,087: [main] INFO PSP.execute(212) - -
> DiffRequest[id=InfoTechServices:MiddlewareServices:IAMUCLAMUCLA,requestID=2011/11/09-13:27:40.087_Q424LCER,returnData=everything]
> 2011-11-09 13:27:40,087: [main] INFO PSP.execute(213) - -
> <ldappc:diffRequest xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> requestID='2011/11/09-13:27:40.087_Q424LCER' returnData='everything'>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:diffRequest>
>
> 2011-11-09 13:27:40,090: [main] INFO PSP.execute(163) - -
> CalcRequest[id=InfoTechServices:MiddlewareServices:IAMUCLAMUCLA,requestID=2011/11/09-13:27:40.090_Q424LCES,returnData=everything]
> 2011-11-09 13:27:40,091: [main] INFO PSP.execute(164) - -
> <ldappc:calcRequest xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> requestID='2011/11/09-13:27:40.090_Q424LCES' returnData='everything'>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:calcRequest>
>
> 2011-11-09 13:27:40,130: [main] ERROR PSP.execute(202) - -
> CalcResponse[id=InfoTechServices:MiddlewareServices:IAMUCLAMUCLA,status=failure,error=noSuchIdentifier,errorMessages={Unable
> to calculate provisioned
> object.},requestID=2011/11/09-13:27:40.090_Q424LCES]
> 2011-11-09 13:27:40,131: [main] INFO PSP.execute(204) - -
> <ldappc:calcResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> status='failure' requestID='2011/11/09-13:27:40.090_Q424LCES'
> error='noSuchIdentifier'>
> <errorMessage>Unable to calculate provisioned object.</errorMessage>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:calcResponse>
>
> 2011-11-09 13:27:40,133: [main] ERROR PSP.execute(227) - -
> DiffResponse[id=InfoTechServices:MiddlewareServices:IAMUCLAMUCLA,status=failure,error=noSuchIdentifier,errorMessages={Unable
> to calculate provisioned
> object.},requestID=2011/11/09-13:27:40.087_Q424LCER]
> 2011-11-09 13:27:40,133: [main] INFO PSP.execute(229) - -
> <ldappc:diffResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> status='failure' requestID='2011/11/09-13:27:40.087_Q424LCER'
> error='noSuchIdentifier'>
> <errorMessage>Unable to calculate provisioned object.</errorMessage>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:diffResponse>
>
> 2011-11-09 13:27:40,134: [main] ERROR PSP.execute(264) - -
> SyncResponse[id=InfoTechServices:MiddlewareServices:IAMUCLAMUCLA,status=failure,error=noSuchIdentifier,errorMessages={Unable
> to calculate provisioned
> object.},requestID=2011/11/09-13:27:40.086_Q424LCEQ]
> 2011-11-09 13:27:40,134: [main] INFO PSP.execute(265) - -
> <ldappc:syncResponse xmlns:ldappc='http://grouper.internet2.edu/ldappc'
> status='failure' requestID='2011/11/09-13:27:40.086_Q424LCEQ'
> error='noSuchIdentifier'>
> <errorMessage>Unable to calculate provisioned object.</errorMessage>
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLAMUCLA'/>
> </ldappc:syncResponse>
>
> 2011-11-09 13:27:40,136: [main] INFO PSPCLI.run(192) - - End of ldappcng
> execution : 65 ms
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Tom Zeller
> Sent: Tuesday, November 08, 2011 5:03 PM
> To: Klug, Lawrence
> Cc:
>
> Subject: Re: [grouper-users] LDAPCNG Sync issues
>
> The cn does not match the rdn. Either change the cn attribute definition or
> the $DNStructure.
>
> The calcResponse
>
> <ldappc:calcResponse ... >
> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLA'/>
> <ldappc:pso entityName='group'>
> <psoID
> ID='cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
> targetID='ldap'/>
> <data>
> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>
> <dsml:value>IAMUCLA</dsml:value>
> </dsml:attr>
>
> would provision
>
> dn : cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper...
> cn: IAMUCLA
>
> which is not what you want.
>
> In ldappc-resolver.xml, you probably want the sourceAttributeID to be
> "name" for the cn. Instead of
>
> <resolver:AttributeDefinition id="cn" xsi:type="ad:Simple"
> sourceAttributeID="extension">
> <resolver:Dependency ref="GroupDataConnector" />
> </resolver:AttributeDefinition>
>
> I think you want
>
> <resolver:AttributeDefinition id="cn" xsi:type="ad:Simple"
> sourceAttributeID="name">
> <resolver:Dependency ref="GroupDataConnector" />
> </resolver:AttributeDefinition>
>
> Which would result in
>
> dn : cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper...
> cn: InfoTechServices:MiddlewareServices:IAMUCLA
>
> The group dn attribute definition is
>
> <resolver:AttributeDefinition id="group-dn"
> xsi:type="ldappc:LdapDnPSOIdentifier"
> structure="${DNstructure}" sourceAttributeID="name"
> rdnAttributeName="cn" base="${groupsOU}">
> <resolver:Dependency ref="GroupDataConnector" />
> </resolver:AttributeDefinition>
>
> which means that your ${DNstructure} as defined in ldappc.properties is
> probably "flat" and not "bushy".
>
> If you change the ${DNstructure} to be "bushy", then you probably do not
> need to change the sourceAttributeID for the cn.
>
> Make sense ?
>
> TomZ
>
> On Mon, Nov 7, 2011 at 1:03 PM, Klug, Lawrence
> <>
> wrote:
>> Tom,
>>
>> Okay, the db is back up. Here is the console output and the grouper_error
>> log is attached.
>>
>> Thanks,
>>
>> Lawrence
>>
>> [root@MI15
>> bin]# ./gsh.sh -ldappcng -logSpml -printRequests -sync
>> "InfoTechServices:MiddlewareServices:IAMUCLA"
>> Using GROUPER_HOME: /usr/local/tomcat6/webapps/grouper/WEB-INF/bin/..
>> Using GROUPER_CONF:
>> /usr/local/tomcat6/webapps/grouper/WEB-INF/bin/../classes
>> Using JAVA: /usr/java/jdk1.6.0_25//bin/java using MEMORY: 64m-512m
>> Grouper starting up: version: 2.0.0, build date: null, env:
>> grouper2-dev grouper.properties read from:
>> /usr/local/tomcat6/webapps/grouper/WEB-INF/classes/grouper.properties
>> Grouper current directory is:
>> /usr/local/tomcat6/webapps/grouper/WEB-INF/bin
>> log4j.properties read from:
>> /usr/local/tomcat6/webapps/grouper/WEB-INF/classes/log4j.properties
>> Grouper logs are not using log4j: class
>> org.apache.commons.logging.impl.SLF4JLocationAwareLog
>> grouper.hibernate.properties:
>> /usr/local/tomcat6/webapps/grouper/WEB-INF/classes/grouper.hibernate.p
>> roperties
>> grouper.hibernate.properties:
>> mi_grouper@jdbc:jtds:sqlserver://aisdevdb.ais.ucla.edu:1433/mi_grouper
>> -devtest2 sources.xml read from:
>> /usr/local/tomcat6/webapps/grouper/WEB-INF/classes/sources.xml
>> sources.xml groupersource id: g:gsa
>> sources.xml jndi source id: ldap: uid=ldappc,ou=edimi
>> consumers,dc=edtest,dc=ucla,dc=edu@ldap://eds7.ais.ucla.edu:389
>> sources.xml jdbc source id: jdbc: GrouperJdbcConnectionProvider
>> <ldappc:syncRequest xmlns:ldappc='http://grouper.internet2.edu/ldappc'
>> returnData='everything'>
>> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLA'/>
>> </ldappc:syncRequest>
>> <ldappc:syncResponse
>> xmlns:ldappc='http://grouper.internet2.edu/ldappc' status='failure'
>> requestID='2011/11/07-10:53:51.725_Q4Z37WL4' error='customError'>
>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>> requestID='2011/11/07-10:53:52.573_Q4Z37WMU' error='customError'>
>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>> RDN]</errorMessage>
>> </modifyResponse>
>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>> RDN]</errorMessage>
>> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLA'/>
>> </ldappc:syncResponse>
>> [root@MI15
>> bin]#
>>
>>
>>
>>
>> -----Original Message-----
>> From:
>>
>>
>> [mailto:]
>> On Behalf Of Tom
>> Zeller
>> Sent: Friday, November 04, 2011 4:32 PM
>> To: Klug, Lawrence
>> Cc:
>>
>> Subject: Re: [grouper-users] LDAPCNG Sync issues
>>
>> Could you run
>>
>> ./gsh.sh -ldappcng -logSpml -printRequests -sync
>> "InfoTechServices:MiddlewareServices:IAMUCLA"
>>
>> and post the logs and stdout, please ?
>>
>> I am interested in the spml messages.
>>
>> On Fri, Nov 4, 2011 at 5:37 PM, Klug, Lawrence
>> <>
>> wrote:
>>> Here are the files, Tom. Please let me know what you find...
>>>
>>> Lawrence
>>>
>>> -----Original Message-----
>>> From:
>>>
>>>
>>> [mailto:]
>>> On Behalf Of Tom
>>> Zeller
>>> Sent: Friday, November 04, 2011 2:51 PM
>>> To: Klug, Lawrence
>>> Cc:
>>>
>>> Subject: Re: [grouper-users] LDAPCNG Sync issues
>>>
>>> Hmm, I was expecting -logSpml to log the spml requests and response. I
>>> think you need the -logSpml argument before -sync :
>>>
>>> ./gsh.sh -ldappcng -logSpml -sync
>>> "InfoTechServices:MiddlewareServices:IAMUCLA"
>>>
>>> In any case, we probably do not want to delete the cn, especially if
>>> it is part of the RDN :-)
>>>
>>> Could you send ldappcng.xml and ldappc-resolver.xml ? I am interested
>>> in the <attribute name="cn" ref="X" /> element of ldappcng.xml and
>>> corresponding <AttributeDefinition id="X" /> in ldappc-resolver.xml
>>>
>>> TomZ
>>>
>>> On Fri, Nov 4, 2011 at 1:44 PM, Klug, Lawrence
>>> <>
>>> wrote:
>>>> Tom - Increased log level and run:
>>>>
>>>> ./gsh.sh -ldappcng -sync
>>>> "InfoTechServices:MiddlewareServices:IAMUCLA" -logSpml
>>>>
>>>> - this is what appears in the logs
>>>>
>>>> 2011-11-04 11:41:30,734: [main] INFO
>>>> LdapTargetProvider.execute(499)
>>>> - -
>>>> ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:Middleware
>>>> S
>>>> e
>>>> rvices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,co
>>>> n
>>>> t
>>>> ainerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModi
>>>> f
>>>> i
>>>> cation[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,o
>>>> p
>>>> =
>>>> add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference
>>>> =
>>>> m
>>>> ember,typeOfReference=member,returnData=everything,requestID=2011/11
>>>> /
>>>> 0
>>>> 4-11:41:30.730_Q4VTGGIZ]
>>>> 2011-11-04 11:41:30,734: [main] DEBUG
>>>> LdapTargetProvider.execute(529)
>>>> - -
>>>> ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:Middleware
>>>> S
>>>> e
>>>> rvices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,co
>>>> n
>>>> t
>>>> ainerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModi
>>>> f
>>>> i
>>>> cation[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,o
>>>> p
>>>> =
>>>> add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference
>>>> =
>>>> m
>>>> ember,typeOfReference=member,returnData=everything,requestID=2011/11
>>>> /
>>>> 0 4-11:41:30.730_Q4VTGGIZ] mods [Remove attribute: cn:
>>>> InfoTechServices:MiddlewareServices:IAMUCLA, Add attribute: hasMember:
>>>> KLUG, LAWRENCE, KLUG, KARL J
>>>> , LEUNG, WARREN WAI LUN
>>>> , Add attribute: isMemberOf: InfoTechServices:ITServices, Remove
>>>> attribute: isMemberOf:
>>>> cn=InfoTechServices:ITServices,ou=grouper,dc=edtest,dc=ucla,dc=edu,
>>>> Add attribute: member:
>>>> uclappid=urn:mace:ucla.edu:ppid:person:4B375069ECA7458C9A3EC6935784C
>>>> 7
>>>> 8 0,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:6D074D02FC154605AE009EB870184
>>>> 9
>>>> 3 B,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:D7BED25A41E442EFBE721496196E0
>>>> A
>>>> 8 1,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD
>>>> 9 F 3,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:FEC691E858FB4A5889E5A4464488A
>>>> 6 B 7,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:98B84B1A62C9450CB3F0BC9E9B3AB
>>>> A D E,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:959630A150724E75ABE0637075270
>>>> 7 D 2,ou=people,dc=edtest,dc=ucla,dc=edu, Remove attribute: member:
>>>> ]
>>>> 2011-11-04 11:41:30,734: [main] DEBUG LdapTargetProvider.execute(531) -
>>>> -
>>>> ModifyRequest[psoID=PSOIdentifier[id='cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu',targetID=ldap,containerID=<null>],mod=DSMLModification[name=cn,op=delete],mod=DSMLModification[name=hasMember,op=add],mod=DSMLModification[name=isMemberOf,op=add],mod=DSMLModification[name=isMemberOf,op=delete],typeOfReference=member,typeOfReference=member,returnData=everything,requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
>>>> escaped dn
>>>> 'cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
>>>> 2011-11-04 11:41:30,734: [main] DEBUG AbstractLdap.modifyAttributes(819)
>>>> - - Modify attributes with the following parameters:
>>>> 2011-11-04 11:41:30,735: [main] DEBUG
>>>> AbstractLdap.modifyAttributes(820) - - dn =
>>>> cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,
>>>> d
>>>> c
>>>> =ucla,dc=edu
>>>> 2011-11-04 11:41:30,735: [main] DEBUG
>>>> AbstractLdap.modifyAttributes(821) - - mods = [Remove attribute:
>>>> cn: InfoTechServices:MiddlewareServices:IAMUCLA, Add attribute:
>>>> hasMember: KLUG, LAWRENCE, KLUG, KARL J , LEUNG, WARREN WAI LUN ,
>>>> Add
>>>> attribute: isMemberOf: InfoTechServices:ITServices, Remove
>>>> attribute: isMemberOf:
>>>> cn=InfoTechServices:ITServices,ou=grouper,dc=edtest,dc=ucla,dc=edu,
>>>> Add attribute: member:
>>>> uclappid=urn:mace:ucla.edu:ppid:person:4B375069ECA7458C9A3EC6935784C
>>>> 7
>>>> 8 0,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:6D074D02FC154605AE009EB870184
>>>> 9
>>>> 3 B,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:D7BED25A41E442EFBE721496196E0
>>>> A
>>>> 8 1,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD
>>>> 9 F 3,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:FEC691E858FB4A5889E5A4464488A
>>>> 6 B 7,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:98B84B1A62C9450CB3F0BC9E9B3AB
>>>> A D E,ou=people,dc=edtest,dc=ucla,dc=edu,
>>>> uclappid=urn:mace:ucla.edu:ppid:person:959630A150724E75ABE0637075270
>>>> 7 D 2,ou=people,dc=edtest,dc=ucla,dc=edu, Remove attribute: member:
>>>> ]
>>>> 2011-11-04 11:41:30,738: [main] ERROR
>>>> LdapTargetProvider.execute(567)
>>>> - -
>>>> ModifyResponse[pso=<null>,status=failure,error=customError,errorMess
>>>> a
>>>> g
>>>> es={[LDAP: error code 67 - Not Allowed On
>>>> RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
>>>> javax.naming.directory.SchemaViolationException: [LDAP: error code 67 -
>>>> Not Allowed On RDN]; remaining name
>>>> 'cn=InfoTechServices:MiddlewareServices:IAMUCLA,ou=grouper,dc=edtest,dc=ucla,dc=edu'
>>>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
>>>> at
>>>> com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
>>>> at
>>>> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(Comp
>>>> o
>>>> n
>>>> entDirContext.java:255)
>>>> at
>>>> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes
>>>> (
>>>> P
>>>> artialCompositeDirContext.java:172)
>>>> at
>>>> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes
>>>> (
>>>> P
>>>> artialCompositeDirContext.java:161)
>>>> at
>>>> edu.vt.middleware.ldap.AbstractLdap.modifyAttributes(AbstractLdap.ja
>>>> v
>>>> a
>>>> :836)
>>>> at
>>>> edu.vt.middleware.ldap.Ldap.modifyAttributes(Ldap.java:665)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.provider.LdapTargetProvider.exe
>>>> c
>>>> u
>>>> te(LdapTargetProvider.java:532)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>>>> j
>>>> ava:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>>>> s
>>>> s
>>>> orImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execu
>>>> t
>>>> e
>>>> (BaseSpmlProvider.java:79)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:444)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>>>> j
>>>> ava:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>>>> s
>>>> s
>>>> orImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execu
>>>> t
>>>> e
>>>> (BaseSpmlProvider.java:79)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.PSP.execute(PSP.java:272)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>>>> j
>>>> ava:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>>>> s
>>>> s
>>>> orImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.provider.BaseSpmlProvider.execu
>>>> t
>>>> e
>>>> (BaseSpmlProvider.java:79)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.PSPCLI.run(PSPCLI.java:176)
>>>> at
>>>> edu.internet2.middleware.ldappc.spml.PSPCLI.main(PSPCLI.java:90)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>>>> j
>>>> ava:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>>>> s
>>>> s
>>>> orImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>> at
>>>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialC
>>>> a
>>>> s
>>>> e(GrouperShell.java:188)
>>>> at
>>>> edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperSh
>>>> e
>>>> l
>>>> l.java:128)
>>>> at
>>>> edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(Gr
>>>> o
>>>> u
>>>> perShellWrapper.java:16)
>>>> 2011-11-04 11:41:30,739: [main] ERROR PSP.execute(458) - -
>>>> ModifyResponse[pso=<null>,status=failure,error=customError,errorMess
>>>> a
>>>> g
>>>> es={[LDAP: error code 67 - Not Allowed On
>>>> RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]
>>>> 2011-11-04 11:41:30,739: [main] INFO PSP.execute(460) - -
>>>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>>>> requestID='2011/11/04-11:41:30.730_Q4VTGGIZ' error='customError'>
>>>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>>>> RDN]</errorMessage> </modifyResponse>
>>>>
>>>> 2011-11-04 11:41:30,739: [main] ERROR PSP.execute(277) - -
>>>> SyncResponse[id=InfoTechServices:MiddlewareServices:IAMUCLA,status=f
>>>> a
>>>> i
>>>> lure,error=customError,errorMessages={[LDAP: error code 67 - Not
>>>> Allowed On
>>>> RDN]},requestID=2011/11/04-11:41:30.120_Q4VTGGH6,ModifyResponse[pso=
>>>> <
>>>> n
>>>> ull>,status=failure,error=customError,errorMessages={[LDAP: error
>>>> ull>code
>>>> 67 - Not Allowed On
>>>> RDN]},requestID=2011/11/04-11:41:30.730_Q4VTGGIZ]]
>>>> 2011-11-04 11:41:30,740: [main] INFO PSP.execute(278) - -
>>>> <ldappc:syncResponse
>>>> xmlns:ldappc='http://grouper.internet2.edu/ldappc' status='failure'
>>>> requestID='2011/11/04-11:41:30.120_Q4VTGGH6' error='customError'>
>>>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>>>> requestID='2011/11/04-11:41:30.730_Q4VTGGIZ' error='customError'>
>>>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>>>> RDN]</errorMessage>
>>>> </modifyResponse>
>>>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>>>> RDN]</errorMessage>
>>>> <ldappc:id ID='InfoTechServices:MiddlewareServices:IAMUCLA'/>
>>>> </ldappc:syncResponse>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From:
>>>>
>>>>
>>>> [mailto:]
>>>> On Behalf Of
>>>> Tom Zeller
>>>> Sent: Friday, November 04, 2011 10:22 AM
>>>> To: Klug, Lawrence
>>>> Cc:
>>>>
>>>> Subject: Re: [grouper-users] LDAPCNG Sync issues
>>>>
>>>> You are running 2.x, correct ?
>>>>
>>>> Run with -printRequests or -logSpml and increase the logging level in
>>>> log4j.properties :
>>>>
>>>> # LDAPPC[NG]
>>>> log4j.logger.edu.internet2.middleware.ldappc = DEBUG # vt-ldap,
>>>> used by LDAPPC[NG] log4j.logger.edu.vt.middleware.ldap = DEBUG
>>>>
>>>> We need the request to understand the failure response.
>>>>
>>>> On Fri, Nov 4, 2011 at 12:03 PM, Klug, Lawrence
>>>> <>
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>>
>>>>>
>>>>> We're getting into LDAP errors when running sync or buldSync
>>>>> operations - they seem to be related to schema or constrain
>>>>> violations. Can anyone suggest a strategy for fixing?
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>>
>>>>> Lawrence
>>>>>
>>>>>
>>>>>
>>>>> <ldappc:syncResponse>
>>>>>
>>>>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>>>>> requestID='2011/11/04-09:46:31.263_Q4VPCJ0Q' error='customError'>
>>>>>
>>>>> <errorMessage>[LDAP: error code 67 - Not Allowed On
>>>>> RDN]</errorMessage>
>>>>>
>>>>> </modifyResponse>
>>>>>
>>>>> <ldappc:id ID='etc:sysadmingroup'/>
>>>>>
>>>>> </ldappc:syncResponse>
>>>>>
>>>>>
>>>>>
>>>>> <ldappc:syncResponse>
>>>>>
>>>>> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
>>>>> requestID='2011/11/04-09:46:31.275_Q4VPCJ0V' error='customError'>
>>>>>
>>>>> <errorMessage>[LDAP: error code 19 - Constraint violation in
>>>>> modifications]</errorMessage>
>>>>>
>>>>> </modifyResponse>
>>>>>
>>>>> <ldappc:id
>>>>> ID='urn:mace:ucla.edu:ppid:person:037C906A66444DFBAA8C4DB08035D62E'
>>>>> /
>>>>> >
>>>>>
>>>>> </ldappc:syncResponse>
>>>>>
>>>>>
>>>>>
>>>>> Lawrence Klug
>>>>>
>>>>> UCLA Middleware Services
>>>>>
>>>>> Office: 310 825-2061
>>>>>
>>>>> Cell: 818 667-2386
>>>>>
>>>>>
>>>>
>>>
>>
>
- [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/07/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/08/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/09/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/09/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/09/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/07/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/04/2011
- RE: [grouper-users] LDAPCNG Sync issues, Klug, Lawrence, 11/07/2011
- Re: [grouper-users] LDAPCNG Sync issues, Tom Zeller, 11/04/2011
Archive powered by MHonArc 2.6.16.