grouper-users - [grouper-users] Can't add groups to AD

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Can't add groups to AD

From: "Bryan E. Wooten" <>
To: "" <>
Subject: [grouper-users] Can't add groups to AD
Date: Mon, 11 Mar 2013 19:17:23 +0000
Accept-language: en-US
Authentication-results: sfpop-ironport02.merit.edu; dkim=neutral (message not signed) header.i=none

All,

I have my psp configured provision to both LDAP and AD. I can successfully add folders to both AD and LDAP. When I try and add a group to the folder, the group is correctly provisioned to LDAP but not to AD.

Here is the relevant snippet from my grouper_error.log file. Some comments will follow.

2013-03-11 13:07:00,578: [main] DEBUG LdapSpmlTarget.execute(249) - - Target 'ad' - Create 'AddRequest[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu',targetID=ad,containerID=<null>],targetID=ad,returnData=everything,requestID=2013/03/11-13:07:00.470]'

2013-03-11 13:07:00,579: [main] DEBUG LdapSpmlTarget.execute(250) - - Target 'ad' - Create DN 'cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu'

2013-03-11 13:07:00,579: [main] DEBUG AbstractLdap.create(865) - - Create name with the following parameters:

2013-03-11 13:07:00,580: [main] DEBUG AbstractLdap.create(866) - - dn = cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu

2013-03-11 13:07:00,580: [main] DEBUG AbstractLdap.create(867) - - attrs = {objectclass=objectClass: ${edu.internet2.middleware.psp.ad.groupObjectClass}, top, description=description: f3g2desc, cn=cn: utah:folder3ID:f3g2id}

2013-03-11 13:07:00,580: [main] DEBUG DefaultConnectionHandler.connectInternal(74) - - Bind with the following parameters:

2013-03-11 13:07:00,581: [main] DEBUG DefaultConnectionHandler.connectInternal(75) - - authtype = simple

2013-03-11 13:07:00,581: [main] DEBUG DefaultConnectionHandler.connectInternal(76) - - dn = cn=IDMFull,OU=Services,OU=Administration,dc=testad,dc=utah,dc=edu

2013-03-11 13:07:00,581: [main] DEBUG DefaultConnectionHandler.connectInternal(83) - - credential = <suppressed>

2013-03-11 13:07:00,594: [main] ERROR BaseSpmlProvider.execute(188) - - Target 'ad' - Add AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]

2013-03-11 13:07:00,595: [main] ERROR BaseSpmlProvider.execute(190) - - Target 'ad' - Add XML:

<errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

</addResponse>

2013-03-11 13:07:00,595: [main] ERROR BaseSpmlProvider.execute(188) - - Target 'psp' - Add AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]

2013-03-11 13:07:00,596: [main] ERROR BaseSpmlProvider.execute(190) - - Target 'psp' - Add XML:

<errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

</addResponse>

2013-03-11 13:07:00,597: [main] ERROR Psp.execute(1440) - - Psp 'psp' - Sync SyncResponse[id=utah:folder3ID:f3g2id,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:06:59.413,AddResponse[pso=PSO[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu',targetID=ldap,containerID=<null>]],status=success,requestID=2013/03/11-13:07:00.448],AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]]

2013-03-11 13:07:00,598: [main] ERROR Psp.execute(1442) - - Psp 'psp' - Sync SPML:

<psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2013/03/11-13:06:59.413' error='customError'>

<data>

<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>

<dsml:value>groupOfUniqueNames</dsml:value>

<dsml:value>top</dsml:value>

</dsml:attr>

<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>

<dsml:value>f3g2id</dsml:value>

<dsml:value>utah:folder3ID:f3g2id</dsml:value>

</dsml:attr>

<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='description'>

<dsml:value>f3g2desc</dsml:value>

</dsml:attr>

</data>

</pso>

</addResponse>

<errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

</addResponse>

<errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

<psp:id ID='utah:folder3ID:f3g2id'/>

</psp:syncResponse>

2013-03-11 13:07:00,599: [main] ERROR PspChangeLogConsumer.executeSync(302) - - PSP Consumer 'psp' - Change log entry 'ChangeLogEntry[timestamp=2013-03-11 13:05:53.133,sequence=9392,category=group,actionname=addGroup,contextId=dde04bd300ea47ab95db39e2f9029442]' Sync failed 'SyncResponse[id=utah:folder3ID:f3g2id,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:06:59.413,AddResponse[pso=PSO[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu',targetID=ldap,containerID=<null>]],status=success,requestID=2013/03/11-13:07:00.448],AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]]'

2013-03-11 13:07:00,601: [main] ERROR PspChangeLogConsumer.processChangeLogEntries(502) - - PSP Consumer 'psp' - An error occurred processing sequence number 9392

edu.internet2.middleware.psp.PspException: SyncResponse[id=utah:folder3ID:f3g2id,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:06:59.413,AddResponse[pso=PSO[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu',targetID=ldap,containerID=<null>]],status=success,requestID=2013/03/11-13:07:00.448],AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]]

at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.executeSync(PspChangeLogConsumer.java:304)

at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processGroupAdd(PspChangeLogConsumer.java:663)

at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer$EventType$3.process(PspChangeLogConsumer.java:102)

at edu.internet2.middleware.psp.grouper.PspChangeLogCons

The first line of the above snippet shows the correct DN for the group in AD and correct target. When the errors start showing the group DN is correct for my LDAP target (LDAP: error code 16). The strange thing is that LDAP group provisioning is working correctly. I have poured over my properties files, psp.xml and psp-resolver.xml and I can’t seem to find the error of my ways.

Any suggestion?

-Bryan

[grouper-users] Can't add groups to AD, Bryan E. Wooten, 03/11/2013
- Re: [grouper-users] Can't add groups to AD, Sebastien Gagne, 03/11/2013

List archive

[grouper-users] Can't add groups to AD