grouper-users - [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?
Subject: Grouper Users - Open Discussion List
List archive
- From: "Bryan E. Wooten" <>
- To: "" <>
- Subject: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?
- Date: Wed, 13 Mar 2013 20:50:00 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport02.merit.edu; dkim=neutral (message not signed) header.i=none
|
All, Below is link showing my Grouper configuration. The goal of the exercise was to create folders, groups and add members to a group using the UI. Then use gsh to provision these items into both an LDAP and Active Directory using the PSP: (gsh 2% loaderRunOneJob("CHANGE_LOG_changeLogTempToChangeLog") loader ran successfully: Ran the changeLogTempToChangeLog daemon gsh 3% loaderRunOneJob("CHANGE_LOG_consumer_psp") https://www.lucidchart.com/publicSegments/view/5140e0fd-c828-43f4-a5d8-19b90a005178 Everything works except adding members. Adding members works partially. Using the UI I can select a subject from LDAP data source and add to a group. When I run loaderRunOneJob this subject is correctly provisioned to LDAP. From the grouper_error.log it appears that no attempt is made to provision the subject
to AD. Using the UI if I select a subject from AD data source and add to a group running the PSP does not provision the user into either LDAP or AD. I have found the error. 2013-03-13 11:35:24,687: [main] DEBUG Psp.execute(1069) - - PSP 'psp' - Calc CalcRequest[id=u0000401,requestID=<null>,returnData=identifier,schemaEntityRef=SchemaEntityRef[targetID=ldap,entityName=member,isContainer=false]] Resolving attributes
'[memberDn]'. 2013-03-13 11:35:24,687: [main] DEBUG SimpleAttributeAuthority.getAttributes(86) - - get attributes 'u0000401' aa 'psp.AttributeAuthority' 2013-03-13 11:35:24,688: [main] DEBUG AbstractLdap.search(193) - - Search with the following parameters: 2013-03-13 11:35:24,689: [main] DEBUG AbstractLdap.search(194) - - dn = ou=people,o=utah.edu 2013-03-13 11:35:24,689: [main] DEBUG AbstractLdap.search(195) - - filter = (& (unid=u0000401) (objectclass=inetOrgPerson)) 2013-03-13 11:35:24,689: [main] DEBUG AbstractLdap.search(196) - - filterArgs = [] 2013-03-13 11:35:24,690: [main] DEBUG AbstractLdap.search(197) - - searchControls = javax.naming.directory.SearchControls@b34bf3 2013-03-13 11:35:24,690: [main] DEBUG AbstractLdap.search(198) - - handler = [edu.internet2.middleware.psp.ldap.QuotedDnResultHandler@7c30cd64,
] For some reason the dn is from the peopleBaseDn for LDAP and not the peopleBaseDn I configured for AD. As an experiment I set peopleBaseDn for both ldap and ad to be the value used by AD. This did change the results. Any thoughts? Thanks, Bryan |
- [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/13/2013
- <Possible follow-up(s)>
- RE: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/14/2013
- Message not available
- FW: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/14/2013
- Message not available
- FW: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/14/2013
- Re: FW: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Tom Zeller, 03/14/2013
- FW: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/14/2013
- Message not available
- Message not available
- Message not available
- FW: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/14/2013
- RE: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Gagné Sébastien, 03/14/2013
- FW: [grouper-users] AD / LDAP Provisioning with PSP - One last hurdle?, Bryan E. Wooten, 03/14/2013
- Message not available
- Message not available
- Message not available
Archive powered by MHonArc 2.6.16.