Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: I dislike Active Directory

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: I dislike Active Directory


Chronological Thread 
  • From: "Bryan E. Wooten" <>
  • To: Chris Hyzer <>, "" <>
  • Subject: [grouper-users] RE: I dislike Active Directory
  • Date: Wed, 1 May 2013 16:25:03 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

Thanks for the test code. It runs as expected. Both my LDAP browser (Softterra) and your test program return 43623 results for the filter (uuemployee=*).

 

Can I verify your fix is actually in the 2.1.4 code I download? Is there a log4j setting will show it?

 

-Bryan

 

From: Chris Hyzer [mailto:]
Sent: Wednesday, May 01, 2013 9:45 AM
To: Bryan E. Wooten;
Subject: RE: I dislike Active Directory

 

Ok, lets go back to a simple java example to see that this vt-ldap param is working:

 

 

#####################

Edit a file: LdapTempPoc.java (edit the url, use, pass, filter, attribute)

 

package edu.internet2.middleware.grouper.poc;

 

import java.util.Iterator;

 

import javax.naming.directory.Attribute;

import javax.naming.directory.SearchResult;

 

import edu.vt.middleware.ldap.Ldap;

import edu.vt.middleware.ldap.LdapConfig;

import edu.vt.middleware.ldap.SearchFilter;

import edu.vt.middleware.ldap.pool.BlockingLdapPool;

import edu.vt.middleware.ldap.pool.DefaultLdapFactory;

 

 

public class LdapTempPoc {

 

  public static void main(String[] args) throws Exception {

 

    String ldapUrl = "ldap://server.whatever.edu:389";

    String baseDn = "DC=something,DC=school,DC=edu";

    String dn = "";

    String credential = "apass";

    String attributeName = "cn";

    String filter = "(filter=something)";

   

 

    LdapConfig ldapConfig = new LdapConfig(ldapUrl, baseDn);

    ldapConfig.setReferral("follow");

    ldapConfig.setPagedResultsSize(500);

   

    ldapConfig.setBindDn(dn);

    ldapConfig.setBindCredential(credential);

 

    DefaultLdapFactory factory = new DefaultLdapFactory(ldapConfig);

 

    BlockingLdapPool pool = new BlockingLdapPool(factory);

 

    Ldap ldap = pool.checkOut();

 

    Iterator<SearchResult> results = ldap.search(baseDn,

        new SearchFilter(filter), new String[]{attributeName});

 

    int count = 0;

   

    while (results.hasNext()) {

     

      count++;

     

      SearchResult searchResult = results.next();

 

      System.out.print(searchResult.getName());

 

      Attribute attribute = searchResult.getAttributes().get(attributeName);

      System.out.print(", attrs: " + attribute.size());

 

      for (int i=0;i<attribute.size();i++) {

        System.out.print(", " + attribute.get(i));

       

      }

      System.out.println("");

    }

   

    System.out.println(count);

   

    pool.checkIn(ldap);

  }

}

 

 

#####################

 

Compile

 

C:\apps\grouperLdap> javac -classpath C:\mchyzer\grouper\v2_1\grouper\lib\grouper\vt-ldap.jar    LdapTempPoc.java

 

Run (this is a windows example, change the semicolon to a colon for unix)

 

C:\apps\grouperLdap>java  -classpath .;C:\mchyzer\grouper\v2_1\grouper\lib\grouper\* LdapTempPoc

 

Note: I am just doing cn=*, and I get a different number of results based on the pageResultsSize…  does that happen for you?  Or does it behave with a more precise filter?

 

Thanks,

Chris

 

 

From: Bryan E. Wooten []
Sent: Wednesday, May 01, 2013 11:15 AM
To: Chris Hyzer;
Subject: RE: I dislike Active Directory

 

Chris,

 

I have run into a couple of problems getting the 2.1.4 quickstart to come up.

 

This first issue is that the quick installer can’t find a 2.1.4 PSP tar file.

 

This leads to a ClassNotFoundException for the edu.internet2.middleware.psp.ldap.QuotedDnResultHandler. I can comment that out of ldap.properties for the time being.

 

The second issue is this error I see when starting gsh or the UI:

ERROR LdapSourceAdapter.getNeededProperty(530) -  - Property 'SubjectID_formatToLowerCase' is not defined!

 

The third issue is this:

 

Grouper warning: jarfile mismatch, expecting name: 'grouperClient.jar' size: 2958211 manifest version: 2.1.3.  However the jar detected is: /idm/grouper/grouper-2.1.4/grouper.apiBinary-2.1.4/lib/grouper/grouperClient.jar, name: grouperClient.jar size: 2958972 manifest version: 2.1.4

Grouper warning: jarfile mismatch, expecting name: 'subject.jar' size: 195413 manifest version: 2.1.3.  However the jar detected is: /idm/grouper/grouper-2.1.4/grouper.apiBinary-2.1.4/lib/grouper/subject.jar, name: subject.jar size: 212419 manifest version: 2.1.4

 

None of those seem to be show stoppers. However upgrading to 2.1.4 didn’t fix my  original results issue.

 

I have added the following to my grouper-loader.properties file:

 

ldap.personLdap.batchSize = 900

ldap.personlLdap.pagedResultsSize= 900

ldap.personLdap.referral = follow

 

And my ldap.properties file has this:

 

edu.vt.middleware.ldap.batchSize = 900

edu.vt.middleware.ldap.pagedResultsSize= 900

edu.vt.middleware.ldap.referral = follow

 

Did I mis-read this page? https://bugs.internet2.edu/jira/browse/GRP-897

 

Thanks,

 

Bryan

From: Chris Hyzer []
Sent: Tuesday, April 30, 2013 12:18 PM
To: Bryan E. Wooten;
Subject: RE: I dislike Active Directory

 

Yeah, this is a release candidate and that file in the installer that says where to download wasn’t changed yet.  I just did this, retagged, rebuilt, copied to the release folder, can you download the installer and try again?  Sorry about that

 

http://www.internet2.edu/grouper/release/2.1.4/

 

Thanks,

Chris

 

From: Bryan E. Wooten []
Sent: Tuesday, April 30, 2013 2:06 PM
To: Chris Hyzer;
Subject: RE: I dislike Active Directory

 

Thanks Chris,

 

I missed that email, my apologies.

 

I downloaded the 2.1.4 stuff in your link and ran the installer. It seems to have downloaded and created a bunch of 2.1.3 directories and tar files. I assume I need to untar the 2.1.4 stuff I downloaded then build them manually?

 

-Bryan

 

From: Chris Hyzer []
Sent: Tuesday, April 30, 2013 7:03 AM
To: Bryan E. Wooten;
Subject: RE: I dislike Active Directory

 

I fixed this for you in the unreleased 2.1.4 (sent an email a while ago about it):

https://bugs.internet2.edu/jira/browse/GRP-897

You will need the latest snapshot:

http://www.internet2.edu/grouper/release/2.1.4/

Thanks,
Chris

From: [] on behalf of Bryan E. Wooten []
Sent: Monday, April 29, 2013 4:47 PM
To:
Subject: [grouper-users] I dislike Active Directory

Here I go again. I am trying to create a groups from attributes. (we have an attribute called uuemployee and I want to create a group of uuCurrentEmployee).

 

This group definition works fine against LDAP but when I point grouper-loader.properties at AD I only get 859 members, but the result should be over 30k.

 

I have tried changing this:

 

ldap.personLdap.batchSize = 800

ldap.personlLdap.pagedResultsSize=800

ldap.personLdap.countLimit = 600000

 

ldap.personLdap.timeLimit = 600000

 

But it has no effect on the results.

 

Can someone send me their sanitized grouper-loader.properties and ldap.properties that actually work with large AD datasets?

 

When I use same AD account in my Softterra LDAP browser I can read everything, so I don’t think it is an AD configuration issue.

 

Thanks,

 

Bryan


Archive powered by MHonArc 2.6.16.

Top of Page