Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Can I get some help?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Can I get some help?


Chronological Thread 
  • From: "Bryan E. Wooten" <>
  • To: "" <>
  • Cc: "Bryan E. Wooten" <>
  • Subject: Re: [grouper-users] Can I get some help?
  • Date: Tue, 22 Jan 2013 18:29:23 +0000
  • Accept-language: en-US

Oh, no one else is using ldap->grouper provisioning using PSP? That would explain much.

Anyway I got past the error I originally asked about by commenting out this lines in psp.xml:

<!--  
  <identifier
      ref="stemName"
      targetId="grouper"
      containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
-->
    <!-- Identifies stems which exist in Grouper. The "objectclass" attribute is virtual. -->
<!--    <identifyingAttribute
      name="objectclass"
      value="stem" />
-->

So now I get this:

Caused by: org.xml.sax.SAXParseException; lineNumber: 83; columnNumber: 28; cvc-       complex-type.2.4.a: Invalid content was found starting with element 'attribute'.        One of '{"http://grouper.internet2.edu/psp":identifier}' is expected.
        at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Un       known Source)

Man I wish the exception would give the file name.

I may just give up on this proof of concept. I have grouper->ldap working using the loader.

-Bryan

Here is my psp.xml:

<?xml version="1.0" encoding="utf-8"?>

<!-- Provisioning Service Provider (PSP) configuration. -->

<!-- A <pso /> is a Provisioning Service Object. The authoritative and allSourceIdentifiersRef attributes control the provisioning 
  of all source and target objects. If authoritative is "true", orphan objects will be deleted. Orphan objects exist on a target 
  without a corresponding source object. The allSourceIdentifiersRef attribute refers to an attribute resolver definition whose 
  values are all source identifiers applicable to this provisioned object. -->
<!-- <pso id="entityName" authoritative="[true|false]" allSourceIdentifiersRef="attributeDefinitionID" /> -->

<!-- The pso identifier refers to an attribute resolver definition. The targetId must match the id of a provisioning service 
  target in psp-services.xml. The containerId is the string id of the pso identifier containing these objects. -->
<!-- <identifier ref="attributeDefinitionID" targetId="targetId" containerId="containerId"/> -->

<!-- The identifying attribute has two purposes : (1) to determine the schema entity of target objects returned from a lookup 
  or search request and (2) to be converted to a query to search a target for all identifiers. If the identifying attribute 
  is not present, the pso will be ignored during bulk requests. -->
<!-- <identifyingAttribute name="attributeName" value="attributeValue" /> -->

<!-- The alternate identifier refers to an attribute resolver definition, and is the previous (old) identifier of an object 
  after it has been renamed. -->
<!-- <alternateIdentifier ref="attributeDefinitionID" /> -->

<!-- A provisioned attribute refers to an attribute resolver definition. -->
<!-- <attribute name="attributeName" ref="attributeDefinitionID" /> -->

<!-- References to the identifiers of other objects. -->
<!-- <references name="attributeName"> <reference ... /> </references> -->

<!-- A reference to the identifier of an object refers to an attribute resolver definition. -->
<!-- <reference ref="attributeDefinitionID" toObject="psoId" /> -->


<psp
  xsi:schemaLocation="http://grouper.internet2.edu/psp classpath:/schema/psp.xsd">

  <!-- Provision ldap organizational units as grouper stems. -->
  <pso
    id="stem"
    authoritative="true"
    allSourceIdentifiersRef="allSortedOrganizationalUnitDNs">


<identifier
    ref="stemDn"
    targetId="ldap"
    containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
 
  <!-- Identifies stem objects which exist on the target by objectclass attribute value. -->
  <identifyingAttribute
    name="objectclass"
    value="organizationalUnit" />
    <!-- The stem identifier. For example "edu:parentStem:childStem". -->
<!--  
  <identifier
      ref="stemName"
      targetId="grouper"
      containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
-->
    <!-- Identifies stems which exist in Grouper. The "objectclass" attribute is virtual. -->
<!--    <identifyingAttribute
      name="objectclass"
      value="stem" />
-->
    <!-- The previous identifier of a stem after it has been renamed. Renaming a non-empty stem is NOT supported ! -->
 <!--   <alternateIdentifier ref="previousStemName" /> -->

    <!-- The stem displayExtension. -->
    <attribute
      name="displayExtension"
      ref="stemDisplayExtension" />

  </pso>

  <!-- Provision an ldap group as a grouper group. -->
  <pso
    id="group"
    authoritative="true"
    allSourceIdentifiersRef="groupNames">
    <attribute name="cn" />
    <!-- The group identifier. For example, "edu:group". -->
    <identifier
      ref="groupDn"
      targetId="ldap"
      containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />

    <!-- Identifies groups which exist in Grouper. The "objectclass" attribute is virtual. -->
    <identifyingAttribute
      name="objectClass"
      value="groupofuniquenames" />

    <!-- The previous identifier of a group after it has been renamed. -->
    <alternateIdentifier ref="previousGroupName" />

    <!-- The group displayExtension. -->
    <attribute
      name="displayExtension"
      ref="groupDisplayExtension"
      replaceValues="true" />

    <!-- The group description. -->
    <attribute
      name="description"
      ref="groupDescription"
      replaceValues="true" />

    <!-- Group members. -->
    <references name="members">

      <!-- Direct and indirect memberships should be correctly provisioned if group members are before person members. -->
  <!--    <reference
        ref="groupMembers"
        toObject="group" />

      <reference
        ref="personMembers"
        toObject="member" /> -->

      
          <reference
        ref="membersLdap"
        toObject="member" />

      <reference
        ref="membersGsa"
        toObject="group" />

    </references>

  </pso>

  <!-- Do not provision members, but enable lookup. -->
  <pso id="member">

    <!-- The member identifier, an ldap DN. -->
    <identifier
      ref="memberDn"
      targetId="grouper"
      containerId="${edu.internet2.middleware.psp.peopleBaseDn}" />

    <!-- Identifies member objects which exist on the target by objectclass attribute value. -->
    <identifyingAttribute
      name="objectclass"
      value="person" />

  </pso>

</psp>
 




On Jan 22, 2013, at 11:17 AM, Gagné Sébastien wrote:

I put my money on psp.xml, but it’s hard to see where the problem is without the file
 
I think you’re the first one to use that configuration, so problems will arise. I still have problems with my PSP to Active Directory configurations and we’re in production :-S
 
De :  [mailto:] De la part de Bryan E. Wooten
Envoyé : 22 janvier 2013 12:02
À : 
Objet : [grouper-users] Can I get some help?
 
I have made several posts regarding my troubles getting LDAP->Grouper provisioning to work using PSP.
 
 
I'll buy lunch for the first person that help fix this latest problem (just can't figure which xml file has bad data):
 
Thanks,
 
Bryan
 
[root@idm-6 bin]# ./gsh -psp -calc utah.edu:group
.
.
.
 
Exception in thread "main" java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
        at edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:214)
        at edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:144)
        at edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
        ... 23 more
.
.
.
Caused by: org.xml.sax.SAXParseException; lineNumber: 60; columnNumber: 44; cvc-complex-type.2.4.a: Invalid content was found starting with element 'identifier'. One of '{"http://grouper.internet2.edu/psp":alternateIdentifier, "http://grouper.internet2.edu/psp":attribute, "http://grouper.internet2.edu/psp":references}' is expected.
        at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
        at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
        at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
        at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
        at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
        at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
        at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
        at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
        at org.apache.xerces.impl.xs.XMLSchemaValidator.emptyElement(Unknown Source)
        at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$Fr




Archive powered by MHonArc 2.6.16.

Top of Page