Grouper Users - Open Discussion List

[Tom Zeller <>]

This should be fixed now.

Replace psp-2.1.1.jar with the latest 2.1.2 snapshot from :

 
https://oss.sonatype.org/content/repositories/snapshots/edu/internet2/middleware/psp/psp/2.1.2-SNAPSHOT/

Here's the bug :

 https://bugs.internet2.edu/jira/browse/GRP-818

TomZ

On Wed, Jul 11, 2012 at 4:06 PM, Tom Zeller 
<>
 wrote:
> Bug. A pretty serious bug too when provisioning Active Directory.
>
> Before 2.1.1, a bulkSync consumed a bulkDiff response. With 2.1.1, to
> conserve memory, a bulkSync executes the same logic as a bulkDiff. The
> bug is during bulkSync reconciliation : current target identifiers are
> retrieved _after_ the bulkSync has executed each sync request, which
> exposes the case sensitivity issue.
>
> There are a couple of ways to fix this, probably the best is to
> introduce a case sensitivity option on provisioned service object
> identifiers.
>
> The reason this bug was not caught during the release process is that
> my Active Directory tests are a pain to setup and failed silently. I
> will fix that too. Hopefully, tonight.
>
> TomZ
>
> On Wed, Jul 11, 2012 at 1:58 PM, Tom Zeller 
> <>
>  wrote:
>> Could you run a bulkCalc and post the output somewhere, please ? It
>> will help me understand your scenario.
>>
>>  bin/gsh.sh -psp -bulkCalc
>>
>> On Tue, Jul 10, 2012 at 8:49 AM, Holger Dippel 
>> <>
>>  wrote:
>>> I have a small test scenario in Grouper 2.1.1:
>>>
>>> Group ID paths:
>>> test:psp_test1
>>> test:psp_test2
>>> test:psp_test3
>>> with each a few members so the log output is manageable.
>>>
>>> Running
>>>
>>> $GROUPER_HOME/bin/gsh.sh -psp -sync test:psp_test1
>>> $GROUPER_HOME/bin/gsh.sh -psp -sync test:psp_test2
>>> $GROUPER_HOME/bin/gsh.sh -psp -sync test:psp_test3
>>>
>>> everything provisions correctly.
>>>
>>> As soon as I run a bulkSync
>>>
>>> $GROUPER_HOME/bin/gsh.sh -psp -bulkSync
>>>
>>> it adds SPML delete requests for the groups at the very end of the
>>> provisioning sequence. For example:
>>>
>>>   <psp:syncResponse status='success' requestID='2012/07/10-08:22:03.266'>
>>>     <deleteResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success'
>>> requestID='2012/07/10-08:22:03.266'/>
>>>     <psp:id ID='CN=psp_test1,ou=Grouper_Groups,dc=examen,dc=edu'/>
>>>   </psp:syncResponse>
>>>
>>> Our PSP configuration for this is:
>>>
>>> Subject source: Active Directory on global catalog port 3268 in 
>>> sources.xml
>>> (Grouper Loader, Grouper UI)
>>> Target: same Active Directory on local domain port 389 configured via 
>>> spring
>>> bean using vt-ldap similar to the old ldappc; bushy structure; group OU:
>>> OU=Grouper_Groups,DC=examen,DC=edu; person OU: DC=examen,DC=edu (because
>>> currently persons are in multiple OUs).
>>> Provisioning stem: test
>>>
>>> I am thinking that this could be related to case-sensitivity in Grouper:
>>>
>>> https://bugs.internet2.edu/jira/browse/GRP-736
>>>
>>> In some places I see
>>> ID='cn=psp_test1,ou=Grouper_Groups,dc=examen,dc=edu'
>>> and in other places
>>> ID='CN=psp_test1,ou=Grouper_Groups,dc=examen,dc=edu'
>>>
>>> In psp.xml (two instances related to member and membership):
>>>     <references
>>>       name="member"
>>>       caseSensitive="false">
>>>
>>> Also in psp.xml:
>>>     <!-- The ldap group "cn" attribute. -->
>>>     <attribute name="cn" />
>>>
>>> Should caseSensitive="false" be set or be able to set in relation to group
>>> IDs? Where?
>>>
>>> Thank you,
>>>
>>>
>>> Holger
>>>
>>>
>>> Holger Dippel
>>> Director of IT Development and Integration
>>> University of Massachusetts Dartmouth
>>> 285 Old Westport Road • North Dartmouth, MA 02747
>>>
>>> 508-999-9181 • 
>>> 
>>>
>>> http://www.umassd.edu/
>>> ________________________________
>>>
>>> CITS will never ask you for your password or other confidential 
>>> information
>>> via email. Beware of phishing scams where email and/or malicious web sites
>>> try to trick users into entering their username and password.
>>> For more information about password security please visit:
>>> http://www.umassd.edu/cits/security/
>>>
>>>