Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: I dislike Active Directory

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: I dislike Active Directory

Chronological Thread 
  • From: Chris Hyzer <>
  • To: "Bryan E. Wooten" <>, "" <>
  • Subject: [grouper-users] RE: I dislike Active Directory
  • Date: Wed, 1 May 2013 15:45:24 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none

Ok, lets go back to a simple java example to see that this vt-ldap param is working:




Edit a file: (edit the url, use, pass, filter, attribute)


package edu.internet2.middleware.grouper.poc;


import java.util.Iterator;





import edu.vt.middleware.ldap.Ldap;

import edu.vt.middleware.ldap.LdapConfig;

import edu.vt.middleware.ldap.SearchFilter;

import edu.vt.middleware.ldap.pool.BlockingLdapPool;

import edu.vt.middleware.ldap.pool.DefaultLdapFactory;



public class LdapTempPoc {


  public static void main(String[] args) throws Exception {


    String ldapUrl = "ldap://";

    String baseDn = "DC=something,DC=school,DC=edu";

    String dn = "";

    String credential = "apass";

    String attributeName = "cn";

    String filter = "(filter=something)";



    LdapConfig ldapConfig = new LdapConfig(ldapUrl, baseDn);







    DefaultLdapFactory factory = new DefaultLdapFactory(ldapConfig);


    BlockingLdapPool pool = new BlockingLdapPool(factory);


    Ldap ldap = pool.checkOut();


    Iterator<SearchResult> results =,

        new SearchFilter(filter), new String[]{attributeName});


    int count = 0;


    while (results.hasNext()) {




      SearchResult searchResult =;




      Attribute attribute = searchResult.getAttributes().get(attributeName);

      System.out.print(", attrs: " + attribute.size());


      for (int i=0;i<attribute.size();i++) {

        System.out.print(", " + attribute.get(i));

















C:\apps\grouperLdap> javac -classpath C:\mchyzer\grouper\v2_1\grouper\lib\grouper\vt-ldap.jar


Run (this is a windows example, change the semicolon to a colon for unix)


C:\apps\grouperLdap>java  -classpath .;C:\mchyzer\grouper\v2_1\grouper\lib\grouper\* LdapTempPoc


Note: I am just doing cn=*, and I get a different number of results based on the pageResultsSize…  does that happen for you?  Or does it behave with a more precise filter?






From: Bryan E. Wooten [mailto:]
Sent: Wednesday, May 01, 2013 11:15 AM
To: Chris Hyzer;
Subject: RE: I dislike Active Directory




I have run into a couple of problems getting the 2.1.4 quickstart to come up.


This first issue is that the quick installer can’t find a 2.1.4 PSP tar file.


This leads to a ClassNotFoundException for the edu.internet2.middleware.psp.ldap.QuotedDnResultHandler. I can comment that out of for the time being.


The second issue is this error I see when starting gsh or the UI:

ERROR LdapSourceAdapter.getNeededProperty(530) -  - Property 'SubjectID_formatToLowerCase' is not defined!


The third issue is this:


Grouper warning: jarfile mismatch, expecting name: 'grouperClient.jar' size: 2958211 manifest version: 2.1.3.  However the jar detected is: /idm/grouper/grouper-2.1.4/grouper.apiBinary-2.1.4/lib/grouper/grouperClient.jar, name: grouperClient.jar size: 2958972 manifest version: 2.1.4

Grouper warning: jarfile mismatch, expecting name: 'subject.jar' size: 195413 manifest version: 2.1.3.  However the jar detected is: /idm/grouper/grouper-2.1.4/grouper.apiBinary-2.1.4/lib/grouper/subject.jar, name: subject.jar size: 212419 manifest version: 2.1.4


None of those seem to be show stoppers. However upgrading to 2.1.4 didn’t fix my  original results issue.


I have added the following to my file:


ldap.personLdap.batchSize = 900

ldap.personlLdap.pagedResultsSize= 900

ldap.personLdap.referral = follow


And my file has this:


edu.vt.middleware.ldap.batchSize = 900

edu.vt.middleware.ldap.pagedResultsSize= 900

edu.vt.middleware.ldap.referral = follow


Did I mis-read this page?





From: Chris Hyzer []
Sent: Tuesday, April 30, 2013 12:18 PM
To: Bryan E. Wooten;
Subject: RE: I dislike Active Directory


Yeah, this is a release candidate and that file in the installer that says where to download wasn’t changed yet.  I just did this, retagged, rebuilt, copied to the release folder, can you download the installer and try again?  Sorry about that





From: Bryan E. Wooten []
Sent: Tuesday, April 30, 2013 2:06 PM
To: Chris Hyzer;
Subject: RE: I dislike Active Directory


Thanks Chris,


I missed that email, my apologies.


I downloaded the 2.1.4 stuff in your link and ran the installer. It seems to have downloaded and created a bunch of 2.1.3 directories and tar files. I assume I need to untar the 2.1.4 stuff I downloaded then build them manually?




From: Chris Hyzer []
Sent: Tuesday, April 30, 2013 7:03 AM
To: Bryan E. Wooten;
Subject: RE: I dislike Active Directory


I fixed this for you in the unreleased 2.1.4 (sent an email a while ago about it):

You will need the latest snapshot:


From: [] on behalf of Bryan E. Wooten []
Sent: Monday, April 29, 2013 4:47 PM
Subject: [grouper-users] I dislike Active Directory

Here I go again. I am trying to create a groups from attributes. (we have an attribute called uuemployee and I want to create a group of uuCurrentEmployee).


This group definition works fine against LDAP but when I point at AD I only get 859 members, but the result should be over 30k.


I have tried changing this:


ldap.personLdap.batchSize = 800


ldap.personLdap.countLimit = 600000


ldap.personLdap.timeLimit = 600000


But it has no effect on the results.


Can someone send me their sanitized and that actually work with large AD datasets?


When I use same AD account in my Softterra LDAP browser I can read everything, so I don’t think it is an AD configuration issue.





Archive powered by MHonArc 2.6.16.

Top of Page