grouper-users - [grouper-users] RE: I am completely confused
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: "Bryan E. Wooten" <>, "" <>
- Subject: [grouper-users] RE: I am completely confused
- Date: Tue, 23 Apr 2013 17:13:16 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport05.merit.edu; dkim=neutral (message not signed) header.i=none
|
Sorry this is frustrating, thanks for your patience. Can you run it with this in the log4j.properties and let me know the output? log4j.logger.edu.internet2.middleware.grouper.app.loader = DEBUG Also, are you using the code I sent you for AD? Can you try with the paging turned off and see if it is different?
J I assume when you run it in your browser, all of the 811 results have a unique unid attribute… and the unid is the grouper subject source subjectId? I assume you are passed these types of questions
J I don’t know why it wouldn’t work like you specify, but if it is a filter that returns users for one group, shouldn’t it be an LDAP_SIMPLE type? Thanks a lot! Chris From: [mailto:]
On Behalf Of Bryan E. Wooten I am trying to get the Grouper
LDAP_GROUPS_FROM_ATTRIBUTES to work but the results are confusing. When I run the Grouper loader LDAP filter manually in my LDAP browser I get 811 results. When I run the loaderRunOneJob(), I see 155 searchs. Yet over in the grouper_error.log I see this message: GrouperLoaderType.syncOneGroupMembership(2301) - - ActiveDirectory:groups:currentEmployee done syncing membership, processed 168 records. Total members: 168, inserts: 62, deletes: 0 And then when I look at the members in the UI it says there are 63 members. I have DEBUG set in log4jproperties for vt-ldap, but nothing jumps out at me. Does anyone have any idea how I can further trouble shoot this and understand why the Grouper group doesn’t get all the members I think it should? Something, somewhere is filtering out the results. Below is my Group configuration. Thanks, Bryan Attribute assignments Owner group Attribute name Enabled? Assignment values Attribute definition Assignment UUID groupsFromAttributesLdapGroup Grouper loader LDAP enabled grouperLoaderLdapDef 10635... Metadata on assignment Grouper loader LDAP group attribute name enabled uuemployee grouperLoaderLdapValueDef 0b9ea... Metadata on assignment Grouper loader LDAP quartz cron enabled 0 * 0/1 * * ? grouperLoaderLdapValueDef 33c16... Metadata on assignment Grouper loader LDAP type enabled LDAP_GROUPS_FROM_ATTRIBUTES grouperLoaderLdapValueDef 35d89... Metadata on assignment Grouper loader LDAP subject _expression_ enabled ${subjectAttributes['unid']} grouperLoaderLdapValueDef 4d525... Metadata on assignment Grouper loader LDAP server ID enabled personLdap grouperLoaderLdapValueDef 69096... Metadata on assignment Grouper loader LDAP group name _expression_ enabled groups:currentEmployee grouperLoaderLdapValueDef 9243e... Metadata on assignment Grouper loader LDAP subject ID type enabled subjectId grouperLoaderLdapValueDef 92bb6... Metadata on assignment Grouper loader LDAP extra attributes enabled unid grouperLoaderLdapValueDef 9a5a6... Metadata on assignment Grouper loader LDAP filter enabled (&(uuaffiliate=afssec)(uuemployee=uuparttimeemploye)) grouperLoaderLdapValueDef a5522... Metadata on assignment Grouper loader LDAP search base DN enabled ou=people,o=utah.edu grouperLoaderLdapValueDef ba12d... Metadata on assignment Grouper loader LDAP source ID enabled ldap grouperLoaderLdapValueDef c9756... |
- [grouper-users] I am completely confused, Bryan E. Wooten, 04/22/2013
- [grouper-users] RE: I am completely confused, Chris Hyzer, 04/23/2013
- [grouper-users] RE: I am completely confused, Bryan E. Wooten, 04/23/2013
- [grouper-users] RE: I am completely confused, Bryan E. Wooten, 04/23/2013
- [grouper-users] RE: I am completely confused, Bryan E. Wooten, 04/23/2013
- [grouper-users] RE: I am completely confused, Chris Hyzer, 04/23/2013
Archive powered by MHonArc 2.6.16.