Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Can't get "list of groups" to populate members

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Can't get "list of groups" to populate members


Chronological Thread 
  • From: Gagné Sébastien <>
  • To: "Bryan E. Wooten" <>, <>
  • Subject: RE: [grouper-users] Can't get "list of groups" to populate members
  • Date: Fri, 12 Apr 2013 14:20:56 -0400
  • Authentication-results: sfpop-ironport07.merit.edu; dkim=neutral (message not signed) header.i=none

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectIdentifier");

 

Is it really subjectIdentifier ? I was using “subjectId” as defined as in the sources.xml. The member attribute returns DN, do you have to convert it to a subject ID or is the DN a subjectIdentifier ?

 

grouperLoaderLdapSubjectExpression = ${udemLoaderElUtils.convertAdMemberDnToSpecificValue(subjectId)}

 

Maybe you could increase the log level and see if there are subject not found errors or are you already at DEBUG for everything ?

 

De : [mailto:] De la part de Bryan E. Wooten
Envoyé : 12 avril 2013 13:05
À :
Objet : [grouper-users] Can't get "list of groups" to populate members

 

Following Part 2 of the Group loader LDAP training video I can’t get the loader to add members to the groups.

 

I ran the following script:

 

grouperSession = GrouperSession.startRootSession();

group = new GroupSave(grouperSession).assignName("ActiveDirectory:groupListLdapGroup").assignCreateParentStemsIfNotExist(true).save();

attributeAssign = group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign();

attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUP_LIST");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(|(cn=All uNIDS)(cn=AllgNIDs)(cn=HSC Users))");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Security Groups,dc=testad,dc=utah,dc=edu");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "personLdap");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "member");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectIdentifier");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapExtraAttributesName(), "cn");

attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), "groups:${groupAttributes['cn']}");

group = GroupFinder.findByName(grouperSession, "ActiveDirectory:groupListLdapGroup");

 

 

And then I ran the following:

 

gsh 0%  grouperSession = GrouperSession.startRootSession();

edu.internet2.middleware.grouper.GrouperSession: 127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'

gsh 1%  group = GroupFinder.findByName(grouperSession,"ActiveDirectory:groupListLdapGroup");

group: name='ActiveDirectory:groupListLdapGroup' displayName='Active Directory Groups:groupListLdapGroup' uuid='7f979dfdf0614017bcf2eab0ff990ce0'

gsh 2% loaderRunOneJob(group);

loader ran successfully, inserted 0 memberships, deleted 0 memberships, total membership count: 0

gsh 3% exit

 

Then using the lite UI I added the Grouper loader LDAP subject _expression_ attribute with a value of ${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}.

 

 

In the grouper_error.log I see this:

 

2013-04-12 11:02:38,285: [main] DEBUG DefaultConnectionHandler.connectInternal(74) -  - Bind with the following parameters:

2013-04-12 11:02:38,287: [main] DEBUG DefaultConnectionHandler.connectInternal(75) -  -   authtype = simple

2013-04-12 11:02:38,288: [main] DEBUG DefaultConnectionHandler.connectInternal(76) -  -   dn = cn=IDMFull,OU=Services,OU=Administration,dc=testad,dc=utah,dc=edu

2013-04-12 11:02:38,289: [main] DEBUG DefaultConnectionHandler.connectInternal(83) -  -   credential = <suppressed>

2013-04-12 11:02:38,302: [main] WARN  AbstractLdapFactory.validate(165) -  - validate called, but no validator configured

2013-04-12 11:02:38,304: [main] DEBUG AbstractLdap.search(193) -  - Search with the following parameters:

2013-04-12 11:02:38,305: [main] DEBUG AbstractLdap.search(194) -  -   dn = ou=Security Groups,dc=testad,dc=utah,dc=edu

2013-04-12 11:02:38,306: [main] DEBUG AbstractLdap.search(195) -  -   filter = (|(cn=All uNIDS)(cn=AllgNIDs)(cn=HSC Users))

2013-04-12 11:02:38,307: [main] DEBUG AbstractLdap.search(196) -  -   filterArgs = []

2013-04-12 11:02:38,308: [main] DEBUG AbstractLdap.search(197) -  -   searchControls =

2013-04-12 11:02:38,309: [main] DEBUG AbstractLdap.search(198) -  -   handler = [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@573ce184]

2013-04-12 11:02:39,280: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] add stem: 'ActiveDirectory:groups' (674ms)

2013-04-12 11:02:39,532: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] grant access priv: group='ActiveDirectory:groups:HSC Users' priv='view' subject='GrouperAll'/'application'/'g:isa' (34ms)

2013-04-12 11:02:39,561: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] grant access priv: group='ActiveDirectory:groups:HSC Users' priv='read' subject='GrouperAll'/'application'/'g:isa' (27ms)

2013-04-12 11:02:39,569: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] add group: 'ActiveDirectory:groups:HSC Users' (271ms)

2013-04-12 11:02:39,878: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] grant access priv: group='ActiveDirectory:groups:All uNIDS' priv='view' subject='GrouperAll'/'application'/'g:isa' (26ms)

2013-04-12 11:02:39,906: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] grant access priv: group='ActiveDirectory:groups:All uNIDS' priv='read' subject='GrouperAll'/'application'/'g:isa' (26ms)

2013-04-12 11:02:39,915: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] add group: 'ActiveDirectory:groups:All uNIDS' (176ms)

2013-04-12 11:02:40,218: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] grant access priv: group='ActiveDirectory:groups:AllgNIDs' priv='view' subject='GrouperAll'/'application'/'g:isa' (22ms)

2013-04-12 11:02:40,244: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] grant access priv: group='ActiveDirectory:groups:AllgNIDs' priv='read' subject='GrouperAll'/'application'/'g:isa' (24ms)

2013-04-12 11:02:40,266: [main] INFO  EventLog.info(156) -  - [127016ac3022414e80d76861fe49ba28,'GrouperSystem','application'] add group: 'ActiveDirectory:groups:AllgNIDs' (193ms)

 

The groups get added to Grouper but there is no attempt to add members. Am I missing something?

 

Thanks,

 

Bryan

 




Archive powered by MHonArc 2.6.16.

Top of Page