grouper-users - [grouper-users] LDAP and AD provisioning failure - I think I found the root issue
Subject: Grouper Users - Open Discussion List
List archive
[grouper-users] LDAP and AD provisioning failure - I think I found the root issue
Chronological Thread
- From: "Bryan E. Wooten" <>
- To: "" <>
- Subject: [grouper-users] LDAP and AD provisioning failure - I think I found the root issue
- Date: Mon, 18 Mar 2013 18:56:30 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport04.merit.edu; dkim=neutral (message not signed) header.i=none
Background, I have configured both AD and LDAP as subject sources in both the UI and PSP. The UI side works fine. I am unable to provision subjects to AD groups, provisioning to LDAP groups works fine. After much log file reading and testing various configurations I have come to this. When the PSP tries to provision a subject selected from the AD souce I see this in the grouper_error.log file: 2013-03-18 12:47:46,609: [DefaultQuartzScheduler_Worker-1] DEBUG Psp.execute(1069) - - PSP 'psp' - Calc CalcRequest[id=u0000348,requestID=<null>,returnData=identifier,schemaEntityRef=SchemaEntityRef[targetID=ldap,entityName=member,isContainer=false]]
Resolving attributes '[memberDn]'. 2013-03-18 12:47:46,610: [DefaultQuartzScheduler_Worker-1] DEBUG SimpleAttributeAuthority.getAttributes(86) - - get attributes 'u0000348' aa 'psp.AttributeAuthority' 2013-03-18 12:47:46,612: [DefaultQuartzScheduler_Worker-1] DEBUG AbstractLdap.search(193) - - Search with the following parameters: 2013-03-18 12:47:46,613: [DefaultQuartzScheduler_Worker-1] DEBUG AbstractLdap.search(194) - - dn = ou=people,o=utah.edu 2013-03-18 12:47:46,614: [DefaultQuartzScheduler_Worker-1] DEBUG AbstractLdap.search(195) - - filter = (& (unid=u0000348) (objectclass=inetOrgPerson)) 2013-03-18 12:47:46,615: [DefaultQuartzScheduler_Worker-1] DEBUG AbstractLdap.search(196) - - filterArgs = [] 2013-03-18 12:47:46,616: [DefaultQuartzScheduler_Worker-1] DEBUG AbstractLdap.search(197) - - searchControls = javax.naming.directory.SearchControls@284d0371 2013-03-18 12:47:46,617: [DefaultQuartzScheduler_Worker-1] DEBUG AbstractLdap.search(198) - - handler = [edu.internet2.middleware.psp.ldap.QuotedDnResultHandler@3bd48043,
] The DN is for my LDAP source and not AD, this results in the user not being provisioned to the AD group. My sources.xml has a section for AD and a section for LDAP. It seems the PSP is not recognizing the AD section as it is using the base DN and subject search filter from LDAP section. To verify this I changed the LDAP section to use values
from the AD section and could see the corresponding changes in the error log. I believe this is the root cause of why the PSP can’t provision users into AD groups when both LDAP and AD are configured in the sources.xml Can someone verify this behavior or give me some insight? My sources.xml file follows. Thanks, Bryan <?xml version="1.0" encoding="utf-8"?> <!-- Grouper's subject resolver configuration $Id: sources.example.xml,v 1.8 2009-08-11 20:18:09 mchyzer Exp $ --> <sources> <!-- Group Subject Resolver --> <!-- You can flag a source as not throwing exception on a findAll (general search) i.e. if it is ok if it is down. Generally you probably won't want to do this. It defaults to true if omitted. <init-param> <param-name>throwErrorOnFindAllFailure</param-name> <param-value>false</param-value> </init-param> --> <!-- You can make virtual attributes (attributes with formatting or based on other attributes) like this: init-param name is subjectVirtualAttribute_<index>_<name> where index is the order to be processed if some depend on others (0 to 99). The value is the jexl _expression_ language. You can use subjectUtils methods (aliased with "subjectUtils", or you can register your own class (must have default constructor). Here are examples: <init-param> <param-name>subjectVirtualAttribute_0_loginIdLfName</param-name> <param-value>Hey ${subject.getAttributeValue('LOGINID')} and ${subject.getAttributeValue('LFNAME')}</param-value> </init-param> <init-param> <param-name>subjectVirtualAttribute_1_loginIdLfNameLoginId</param-name> <param-value>${subject.getAttributeValue('loginIdLfName')} Hey ${subject.getAttributeValue('LOGINID')} and ${subject.getAttributeValue('LFNAME')}</param-value> </init-param> <init-param> <param-name>subjectVirtualAttributeVariable_JDBCSourceAdapterTest</param-name> <param-value>edu.internet2.middleware.subject.provider.JDBCSourceAdapterTest</param-value> </init-param> <init-param> <param-name>subjectVirtualAttribute_2_loginIdSquared</param-name> <param-value>${JDBCSourceAdapterTest.appendToSelf(subject.getAttributeValue('LOGINID'))}</param-value> </init-param> The first virtual attribute is accessible via: subject.getAttributeValue("loginIdLfNameLoginId"); --> <!-- NOTE: It is recommended that you **not** change the default values for this source adapter. --> <source adapterClass="edu.internet2.middleware.grouper.GrouperSourceAdapter"> <id>g:gsa</id> <name>Grouper: Group Source Adapter</name> <type>group</type> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name> <param-value>${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>displayExtension</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <!-- on a findPage() this is the most results returned -->
<init-param> <param-name>maxPageSize</param-name> <param-value>100</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> </source> <!-- Group Subject Resolver --> <!-- NOTE: It is recommended that you **not** change the default values for this source adapter. --> <source adapterClass="edu.internet2.middleware.grouper.entity.EntitySourceAdapter"> <id>grouperEntities</id> <name>Grouper: Entity Source Adapter</name> <type>application</type> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name> <!-- TODO add attribute for subject identifier --> <param-value>${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>name</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> </source> <!-- Entity Subject Resolver --> <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter"> <id>jdbc</id> <name>Example JDBC Source Adapter</name> <type>person</type> <!-- edu.internet2.middleware.subject.provider.C3p0JdbcConnectionProvider (default) edu.internet2.middleware.subject.provider.DbcpJdbcConnectionProvider (legacy)
edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider
(same settings as grouper.hibernate.properties, the driver, url, pass, maxActive, maxIdle, maxWait are forbidden --> <init-param> <param-name>jdbcConnectionProvider</param-name> <param-value>edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider </param-value> </init-param> <!-- If using emails and need email addresses in sources, set which attribute has the email address in this source --> <init-param> <param-name>emailAttributeName</param-name> <param-value>email</param-value> </init-param> <!-- if more than this many results are returned, then throw a too many subjects exception --> <init-param> <param-name>maxResults</param-name> <param-value>1000</param-value> </init-param> <!-- on a findPage() this is the most results returned -->
<init-param> <param-name>maxPageSize</param-name> <param-value>100</param-value> </init-param> <!-- note: again, if you use GrouperJdbcConnectionProvider, then you should not fill out maxActive, maxIdle, maxWait, dbDriver, dbUrl, dbUser, dbPwd, since it will use the grouper.hibernate.properties db settings --> <!-- init-param> <param-name>maxActive</param-name> <param-value>16</param-value> </init-param> <init-param> <param-name>maxIdle</param-name> <param-value>16</param-value> </init-param> <init-param> <param-name>maxWait</param-name> <param-value>-1</param-value> </init-param --> <!-- e.g. mysql: com.mysql.jdbc.Driver e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver for p6spy, put the underlying driver in spy.properties e.g. oracle: oracle.jdbc.driver.OracleDriver e.g. hsqldb: org.hsqldb.jdbcDriver e.g. postgres: org.postgresql.Driver --> <!-- init-param> <param-name>dbDriver</param-name> <param-value>org.hsqldb.jdbcDriver</param-value> </init-param --> <!-- e.g. mysql: jdbc:mysql://localhost:3306/grouper e.g. p6spy (log sql): [use the URL that your DB requires] e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001 e.g. postgres: jdbc:postgresql:grouper --> <!-- init-param> <param-name>dbUrl</param-name> <param-value>jdbc:hsqldb:C:/projects/GrouperI2MI_1-2/grouper/dist/run/grouper</param-value> </init-param> <init-param> <param-name>dbUser</param-name> <param-value>sa</param-value> </init-param> <init-param> <param-name>dbPwd</param-name> <param-value></param-value> </init-param --> <init-param> <param-name>SubjectID_AttributeType</param-name> <param-value>id</param-value> </init-param> <init-param> <param-name>Name_AttributeType</param-name> <param-value>name</param-value> </init-param> <init-param> <param-name>Description_AttributeType</param-name> <param-value>description</param-value> </init-param> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name> <param-value>${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue('LFNAME'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue('LOGINID'), "")},${subjectUtils.defaultIfBlank(subject.description, "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue('EMAIL'),
"")}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>LFNAME</param-value> </init-param> <init-param> <param-name>sortAttribute1</param-name> <param-value>LOGINID</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> <!-- if you are going to use the inclause attribute on the search to make the queries batchable when searching by id or identifier --> <init-param> <param-name>useInClauseForIdAndIdentifier</param-name> <param-value>true</param-value> </init-param> <!-- comma separate the identifiers for this row, this is for the findByIdentifiers if using an in clause --> <init-param> <param-name>identifierAttributes</param-name> <param-value>LOGINID</param-value> </init-param> <search> <searchType>searchSubject</searchType> <param> <param-name>sql</param-name> <param-value> select s.subjectid as id, s.name as name, (select sa2.value from subjectattribute sa2 where name='name' and sa2.SUBJECTID = s.subjectid) as lfname, (select sa3.value from subjectattribute sa3 where name='loginid' and sa3.SUBJECTID = s.subjectid) as loginid, (select sa4.value from subjectattribute sa4 where name='description' and sa4.SUBJECTID = s.subjectid) as description, (select sa5.value from subjectattribute sa5 where name='email' and sa5.SUBJECTID = s.subjectid) as email from subject s where {inclause} </param-value> </param> <param> <param-name>inclause</param-name> <param-value> s.subjectid = ? </param-value> </param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>sql</param-name> <param-value> select s.subjectid as id, s.name as name, (select sa2.value from subjectattribute sa2 where name='name' and sa2.SUBJECTID = s.subjectid) as lfname, (select sa3.value from subjectattribute sa3 where name='loginid' and sa3.SUBJECTID = s.subjectid) as loginid, (select sa4.value from subjectattribute sa4 where name='description' and sa4.SUBJECTID = s.subjectid) as description, (select sa5.value from subjectattribute sa5 where name='email' and sa5.SUBJECTID = s.subjectid) as email from subject s, subjectattribute a where a.name='loginid' and s.subjectid = a.subjectid and {inclause} </param-value> </param> <param> <param-name>inclause</param-name> <param-value> a.value = ? </param-value> </param> </search> <search> <searchType>search</searchType> <param> <param-name>sql</param-name> <!-- for postgres, use this query since no concat() exists: select subject.subjectid as id, subject.name as name, lfnamet.lfname as lfname, loginidt.loginid as loginid, desct.description as description, emailt.email as email from subject left join (select subjectid, value as lfname from subjectattribute where name='name') lfnamet on subject.subjectid=lfnamet.subjectid left join (select subjectid, value as loginid from subjectattribute where name='loginid') loginidt on subject.subjectid=loginidt.subjectid left join (select subjectid, value as description from subjectattribute where name='description') desct on subject.subjectid=desct.subjectid left join (select subjectid, value as email from subjectattribute where name='email') emailt on subject.subjectid=emailt.subjectid where (lower(name) like '%' || ? || '%') or (lower(lfnamet.lfname) like '%' || ? || '%') or (lower(loginidt.loginid) like '%' || ? || '%') or (lower(desct.description) like '%' || ? || '%') or (lower(emailt.email) like '%' || ? || '%') for SQL-server: select subject.subjectid as id, subject.name as name, lfnamet.lfname as lfname, loginidt.loginid as loginid, desct.description as description, emailt.email as email from subject left join (select subjectid, value as lfname from subjectattribute where name='name') lfnamet on subject.subjectid=lfnamet.subjectid left join (select subjectid, value as loginid from subjectattribute where name='loginid') loginidt on subject.subjectid=loginidt.subjectid left join (select subjectid, value as description from subjectattribute where name='description') desct on subject.subjectid=desct.subjectid left join (select subjectid, value as email from subjectattribute where name='email') emailt on subject.subjectid=emailt.subjectid where (lower(name) like '%' + ? + '%') or (lower(lfnamet.lfname) like '%' + ? + '%') or (lower(loginidt.loginid) like '%' + ? + '%') or (lower(desct.description) like '%' + ? + '%') or (lower(emailt.email) like '%' + ? + '%') --> <param-value> select s.subjectid as id, s.name as name, (select sa2.value from subjectattribute sa2 where name='name' and sa2.SUBJECTID = s.subjectid) as lfname, (select sa3.value from subjectattribute sa3 where name='loginid' and sa3.SUBJECTID = s.subjectid) as loginid, (select sa4.value from subjectattribute sa4 where name='description' and sa4.SUBJECTID = s.subjectid) as description, (select sa5.value from subjectattribute sa5 where name='email' and sa5.SUBJECTID = s.subjectid) as email from subject s where s.subjectid in ( select subjectid from subject where lower(name) like concat('%',concat(?,'%')) union select subjectid from subjectattribute where searchvalue like concat('%',concat(?,'%')) ) </param-value> </param> </search> </source> <!-- <!- - This is an alternate jdbc source which allows for more complex searches, assumes
all data is in one table or view, and that all attributes are single valued. There are not queries to configure in sources.xml - - > <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter2"> <id>sourceId</id> <name>Source name</name> <type>person</type> <init-param> <param-name>jdbcConnectionProvider</param-name> <param-value>edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider</param-value> </init-param> <init-param> <param-name>maxResults</param-name> <param-value>1000</param-value> </init-param> <init-param> <param-name>dbTableOrView</param-name> <param-value>person_source_v</param-value> </init-param> <init-param> <param-name>subjectIdCol</param-name> <param-value>some_id</param-value> </init-param> <init-param> <param-name>nameCol</param-name> <param-value>name</param-value> </init-param> <init-param> <param-name>descriptionCol</param-name> <param-value>description</param-value> </init-param> <init-param> <!- - search col where general searches take place, lower case - - > <param-name>lowerSearchCol</param-name> <param-value>description_lower</param-value> </init-param> <init-param> <!- - optional col if you want the search results sorted in the API (note, UI might override) - - > <param-name>defaultSortCol</param-name> <param-value>description</param-value> </init-param> <init-param> <!- - col which identifies the row, perhaps not subjectId, add multiple by incrementing the 0 index - - > <param-name>subjectIdentifierCol0</param-name> <param-value>pennname</param-value> </init-param> <init-param> <!- - col which identifies the row, perhaps not subjectId, add multiple by incrementing the 0 index - - > <param-name>subjectIdentifierCol1</param-name> <param-value>penn_id</param-value> </init-param> <!- - now you can count up from 0 to N of attributes for various cols.
The name is how to reference in subject.getAttribute() - - > <init-param> <param-name>subjectAttributeCol0</param-name> <param-value>pennname</param-value> </init-param> <init-param> <param-name>subjectAttributeName0</param-name> <param-value>PENNNAME</param-value> </init-param> <init-param> <param-name>subjectAttributeCol1</param-name> <param-value>description_lower</param-value> </init-param> <init-param> <param-name>subjectAttributeName1</param-name> <param-value>searchAttribute0</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>description</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> </source> --> <!-- Active Directory Subject Resolver --> <source adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdapter"> <id>ad</id> <name>ADSourceAdapter</name> <type>person</type> <!-- Note that most of the ldap configuration is in the properties file. The filename can be a file in your classpath or an absolute pathname. --> <init-param> <param-name>ldapProperties_file</param-name> <param-value>ad.properties</param-value> </init-param> <init-param> <param-name>INITIAL_CONTEXT_FACTORY</param-name> <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> </init-param> <init-param> <param-name>Multiple_Results</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>SubjectID_AttributeType</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>SubjectID_formatToLowerCase</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>Name_AttributeType</param-name> <param-value>displayName</param-value> </init-param> <init-param> <param-name>Description_AttributeType</param-name> <param-value>displayName</param-value> </init-param> <search> <searchType>searchSubject</searchType> <param> <param-name>filter</param-name> <param-value> (&(cn=%TERM%)(objectclass=person)) </param-value> </param> <param> <param-name>scope</param-name> <param-value>SUBTREE_SCOPE</param-value> </param> <param> <param-name>base</param-name> <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value>
</param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value> (&(cn=%TERM%)(objectclass=person)) </param-value> </param> <param> <param-name>scope</param-name> <param-value>SUBTREE_SCOPE</param-value> </param> <param> <param-name>base</param-name> <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value> </param> </search> <!-- use the firstlastfilter to allow: last, first lookup --> <search> <searchType>search</searchType> <param> <param-name>filter</param-name> <param-value> (&(cn=%TERM%)(objectclass=person)) </param-value> </param> <param> <param-name>firstlastfilter</param-name> <param-value> (&(sn=%TERM%)(objectclass=person))) </param-value> </param> <param> <param-name>scope</param-name> <param-value>SUBTREE_SCOPE</param-value> </param> <param> <param-name>base</param-name> <param-value>ou=people,dc=testad,dc=utah,dc=edu</param-value> </param> </search> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name> <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'),
"")}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> ///Attributes you would like to display when doing a search
<attribute>cn</attribute> <attribute>displayName</attribute> <attribute>unid</attribute> </source> <source adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdapter"> <id>ldap</id> <name>LdapSourceAdapter</name> <type>person</type> <init-param> <param-name>ldapProperties_file</param-name> <param-value>ldap.properties</param-value> </init-param> <!-- <init-param> <param-name>INITIAL_CONTEXT_FACTORY</param-name> <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value> </init-param> <init-param> <param-name>PROVIDER_URL</param-name> <param-value>ldap://idm-6.acs.utah.edu:389</param-value> </init-param> <init-param> <param-name>SECURITY_AUTHENTICATION</param-name> <param-value>simple</param-value> </init-param> <init-param> <param-name>SECURITY_PRINCIPAL</param-name> <param-value>cn=Directory Manager</param-value> </init-param> <init-param> <param-name>SECURITY_CREDENTIALS</param-name> <param-value>secrect</param-value> </init-param> --> <init-param> <param-name>SubjectID_AttributeType</param-name> <param-value>unid</param-value> </init-param> <init-param> <param-name>SubjectID_formatToLowerCase</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>Name_AttributeType</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>Description_AttributeType</param-name> <param-value>displayName</param-value> </init-param> /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
/// For filter use <search> <searchType>searchSubject</searchType> <param> <param-name>filter</param-name> <param-value> (& (unid=%TERM%) (objectclass=inetOrgPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=people,o=utah.edu </param-value> </param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value> (& (unid=%TERM%) (objectclass=iNetOrgPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=people,o=utah.edu </param-value> </param> </search> <search> <searchType>search</searchType> <param> <param-name>filter</param-name> <param-value> (& (|(unid=%TERM%)(cn=*%TERM%*)(unid=%TERM%))(objectclass=iNetOrgPerson)) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE </param-value> </param> <param> <param-name>base</param-name> <param-value> ou=people,o=utah.edu </param-value> </param> </search> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name> <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('unid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('unid'),
"")}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> ///Attributes you would like to display when doing a search
<attribute>cn</attribute> <attribute>sn</attribute> <attribute>uid</attribute> <attribute>mail</attribute> <attribute>unid</attribute> </source> </sources> |
- [grouper-users] LDAP and AD provisioning failure - I think I found the root issue, Bryan E. Wooten, 03/18/2013
- Re: [grouper-users] LDAP and AD provisioning failure - I think I found the root issue, Tom Zeller, 03/19/2013
Archive powered by MHonArc 2.6.16.