Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Can't add groups to AD

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Can't add groups to AD


Chronological Thread 
  • From: Sebastien Gagne <>
  • To: "Bryan E. Wooten" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Can't add groups to AD
  • Date: Mon, 11 Mar 2013 15:29:03 -0400
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=pass (signature verified)
I don't think you should see "${edu.internet2.middleware.psp.ad.groupObjectClass}"  in your object class, can you double-check if it's written exactly the same in ldap.properties ? Maybe you forgot to add the .ad ? This usually happens when it doesn't find the key in the property file (i the key is empty, an empty value will be there)


4th line : 2013-03-11 13:07:00,580: [main] DEBUG AbstractLdap.create(867) -  -   attrs = {objectclass=objectClass: ${edu.internet2.middleware.psp.ad.groupObjectClass}, top, description=description: f3g2desc, cn=cn: utah:folder3ID:f3g2id}

---
Sébastien Gagné, M.Ing., ing. jr
Analyste en informatique - Université de Montréal


On Mon, Mar 11, 2013 at 3:17 PM, Bryan E. Wooten <> wrote:

All,

 

I have my psp configured provision to both LDAP and AD. I can successfully add folders to both AD and LDAP. When I try and add a group to the folder, the group is correctly provisioned to LDAP but not to AD.

 

Here is the relevant snippet from my grouper_error.log file. Some comments will follow.

 

2013-03-11 13:07:00,578: [main] DEBUG LdapSpmlTarget.execute(249) -  - Target 'ad' - Create 'AddRequest[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu',targetID=ad,containerID=<null>],targetID=ad,returnData=everything,requestID=2013/03/11-13:07:00.470]'

2013-03-11 13:07:00,579: [main] DEBUG LdapSpmlTarget.execute(250) -  - Target 'ad' - Create DN 'cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu'

2013-03-11 13:07:00,579: [main] DEBUG AbstractLdap.create(865) -  - Create name with the following parameters:

2013-03-11 13:07:00,580: [main] DEBUG AbstractLdap.create(866) -  -   dn = cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,dc=testad,dc=utah,dc=edu

2013-03-11 13:07:00,580: [main] DEBUG AbstractLdap.create(867) -  -   attrs = {objectclass=objectClass: ${edu.internet2.middleware.psp.ad.groupObjectClass}, top, description=description: f3g2desc, cn=cn: utah:folder3ID:f3g2id}

2013-03-11 13:07:00,580: [main] DEBUG DefaultConnectionHandler.connectInternal(74) -  - Bind with the following parameters:

2013-03-11 13:07:00,581: [main] DEBUG DefaultConnectionHandler.connectInternal(75) -  -   authtype = simple

2013-03-11 13:07:00,581: [main] DEBUG DefaultConnectionHandler.connectInternal(76) -  -   dn = cn=IDMFull,OU=Services,OU=Administration,dc=testad,dc=utah,dc=edu

2013-03-11 13:07:00,581: [main] DEBUG DefaultConnectionHandler.connectInternal(83) -  -   credential = <suppressed>

2013-03-11 13:07:00,594: [main] ERROR BaseSpmlProvider.execute(188) -  - Target 'ad' - Add AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]

2013-03-11 13:07:00,595: [main] ERROR BaseSpmlProvider.execute(190) -  - Target 'ad' - Add XML:

<addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2013/03/11-13:07:00.470' error='customError'>

  <errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

</addResponse>

 

2013-03-11 13:07:00,595: [main] ERROR BaseSpmlProvider.execute(188) -  - Target 'psp' - Add AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]

2013-03-11 13:07:00,596: [main] ERROR BaseSpmlProvider.execute(190) -  - Target 'psp' - Add XML:

<addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2013/03/11-13:07:00.470' error='customError'>

  <errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

</addResponse>

 

2013-03-11 13:07:00,597: [main] ERROR Psp.execute(1440) -  - Psp 'psp' - Sync SyncResponse[id=utah:folder3ID:f3g2id,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:06:59.413,AddResponse[pso=PSO[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu',targetID=ldap,containerID=<null>]],status=success,requestID=2013/03/11-13:07:00.448],AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]]

2013-03-11 13:07:00,598: [main] ERROR Psp.execute(1442) -  - Psp 'psp' - Sync SPML:

<psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2013/03/11-13:06:59.413' error='customError'>

  <addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='2013/03/11-13:07:00.448'>

    <pso entityName='group'>

      <psoID ID='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu' targetID='ldap'/>

      <data>

        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>

          <dsml:value>groupOfUniqueNames</dsml:value>

          <dsml:value>top</dsml:value>

        </dsml:attr>

        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>

          <dsml:value>f3g2id</dsml:value>

          <dsml:value>utah:folder3ID:f3g2id</dsml:value>

  </dsml:attr>

        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='description'>

          <dsml:value>f3g2desc</dsml:value>

        </dsml:attr>

      </data>

    </pso>

  </addResponse>

  <addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2013/03/11-13:07:00.470' error='customError'>

    <errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

  </addResponse>

  <errorMessage>[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]</errorMessage>

  <psp:id ID='utah:folder3ID:f3g2id'/>

</psp:syncResponse>

 

2013-03-11 13:07:00,599: [main] ERROR PspChangeLogConsumer.executeSync(302) -  - PSP Consumer 'psp' - Change log entry 'ChangeLogEntry[timestamp=2013-03-11 13:05:53.133,sequence=9392,category=group,actionname=addGroup,contextId=dde04bd300ea47ab95db39e2f9029442]' Sync failed 'SyncResponse[id=utah:folder3ID:f3g2id,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:06:59.413,AddResponse[pso=PSO[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu',targetID=ldap,containerID=<null>]],status=success,requestID=2013/03/11-13:07:00.448],AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]]'

2013-03-11 13:07:00,601: [main] ERROR PspChangeLogConsumer.processChangeLogEntries(502) -  - PSP Consumer 'psp' - An error occurred processing sequence number 9392

edu.internet2.middleware.psp.PspException: SyncResponse[id=utah:folder3ID:f3g2id,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:06:59.413,AddResponse[pso=PSO[psoID=PSOIdentifier[id='cn=f3g2id,ou=folder3ID,ou=utah,ou=groups,ou=grouper,o=utah.edu',targetID=ldap,containerID=<null>]],status=success,requestID=2013/03/11-13:07:00.448],AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1_]},requestID=2013/03/11-13:07:00.470]]

        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.executeSync(PspChangeLogConsumer.java:304)

        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processGroupAdd(PspChangeLogConsumer.java:663)

        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer$EventType$3.process(PspChangeLogConsumer.java:102)

        at edu.internet2.middleware.psp.grouper.PspChangeLogCons

 

 

The first line of the above snippet shows the correct DN for the group in AD and correct target. When the errors start showing the group DN is correct for my LDAP target (LDAP: error code 16). The strange thing is that LDAP group provisioning is working correctly. I have poured over my properties files, psp.xml and psp-resolver.xml and I can’t seem to find the error of my ways.

 

Any suggestion?

 

-Bryan



Archive powered by MHonArc 2.6.16.

Top of Page