Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] I dislike Active Directory

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] I dislike Active Directory


Chronological Thread 
  • From: Chris Hyzer <>
  • To: "Bryan E. Wooten" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] I dislike Active Directory
  • Date: Fri, 3 May 2013 16:55:39 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport02.merit.edu; dkim=neutral (message not signed) header.i=none

FYI, after correcting the configuration, Bryan has this working now.  Also, I put in the pagedResultsSize in the debug statement below so it is easier to figure it out

 

Thanks,

Chris

 

From: Chris Hyzer
Sent: Wednesday, May 01, 2013 3:54 PM
To: 'Bryan E. Wooten'; Michael R. Gettes
Cc:
Subject: RE: [grouper-users] I dislike Active Directory

 

In the meantime, can you confirm your configuration:

 

ldap.personLdap.batchSize = 800

ldap.personlLdap.pagedResultsSize=800

ldap.personLdap.countLimit = 600000

 

You connection is configured as “personLdap”, right?  Also, it looks like you have an extra “l” in pagedResultsSize… right?  Should be

 

ldap.personLdap.pagedResultsSize=800

 

 

Thanks,

Chris

 

From: Bryan E. Wooten []
Sent: Wednesday, May 01, 2013 3:50 PM
To: Chris Hyzer; Michael R. Gettes
Cc:
Subject: RE: [grouper-users] I dislike Active Directory

 

Looking at the grouper_error.log I wonder if the pagedResults is even being set:

 

2013-05-01 13:39:28,794: [main] DEBUG GrouperLoaderConfig.retrieveLdapProfile(380) -  - LDAP config for server id: personLdap: GrouperLoaderLdapServer [batchSize=-1, countLimit=-1, driver=null, expirationTime=-1, maxPoolSize=4, minPoolSize=2, pass=XXXXX, pruneTimerPeriod=-1, saslAuthorizationId=, saslRealm=, timeLimit=-1, timeout=-1, tls=false, url="ldap://ring.ad.utah.edu:389," user=cn=GrouperLDAPr,OU=Services,OU=Administration,dc=ad,dc=utah,dc=edu, validateOnCheckIn=false, validateOnCheckOut=true, validatePeriodically=false, validateTimerPeriod=-1]

 

Never mind,  I see that GrouperLoaderLdapServer.toString() doesn’t output pagedResults.

 

-Bryan

 

From: Chris Hyzer []
Sent: Wednesday, May 01, 2013 12:37 PM
To: Michael R. Gettes
Cc: Bryan E. Wooten;
Subject: RE: [grouper-users] I dislike Active Directory

 

You want 2.1.4 to be released in august/sept?  J

 

Chris

 

From: Michael R. Gettes []
Sent: Wednesday, May 01, 2013 2:33 PM
To: Chris Hyzer
Cc: Bryan E. Wooten;
Subject: Re: [grouper-users] I dislike Active Directory

 

a fix for PSP provisioning into LDAP - GRP-882 :-)

 

(you asked)

 

/mrg

 

On May 1, 2013, at 12:31 PM, Michael Gettes <> wrote:

 

For planning purposes, dare i ask, when will 2.1.4 hit the streets?

 

I realize nothing is guaranteed in life so any ball park would be appreciated.

 

/mrg

 

On Apr 30, 2013, at 2:17 PM, Chris Hyzer <> wrote:

 

Yeah, this is a release candidate and that file in the installer that says where to download wasn’t changed yet.  I just did this, retagged, rebuilt, copied to the release folder, can you download the installer and try again?  Sorry about that

 

 

Thanks,

Chris

 

From: Bryan E. Wooten [mailto:bryan.wooten@utah.edu] 
Sent: Tuesday, April 30, 2013 2:06 PM
To: Chris Hyzer; 
Subject: RE: I dislike Active Directory

 

Thanks Chris,

 

I missed that email, my apologies.

 

I downloaded the 2.1.4 stuff in your link and ran the installer. It seems to have downloaded and created a bunch of 2.1.3 directories and tar files. I assume I need to untar the 2.1.4 stuff I downloaded then build them manually?

 

-Bryan

 

From: Chris Hyzer [] 
Sent: Tuesday, April 30, 2013 7:03 AM
To: Bryan E. Wooten; 
Subject: RE: I dislike Active Directory

 

I fixed this for you in the unreleased 2.1.4 (sent an email a while ago about it):

https://bugs.internet2.edu/jira/browse/GRP-897

You will need the latest snapshot:

http://www.internet2.edu/grouper/release/2.1.4/

Thanks,
Chris


From:  [] on behalf of Bryan E. Wooten []
Sent: Monday, April 29, 2013 4:47 PM
To: 
Subject: [grouper-users] I dislike Active Directory

Here I go again. I am trying to create a groups from attributes. (we have an attribute called uuemployee and I want to create a group of uuCurrentEmployee).

 

This group definition works fine against LDAP but when I point grouper-loader.properties at AD I only get 859 members, but the result should be over 30k.

 

I have tried changing this:

 

ldap.personLdap.batchSize = 800

ldap.personlLdap.pagedResultsSize=800

ldap.personLdap.countLimit = 600000

 

ldap.personLdap.timeLimit = 600000

 

But it has no effect on the results.

 

Can someone send me their sanitized grouper-loader.properties and ldap.properties that actually work with large AD datasets?

 

When I use same AD account in my Softterra LDAP browser I can read everything, so I don’t think it is an AD configuration issue.

 

Thanks,

 

Bryan

 

 




Archive powered by MHonArc 2.6.16.

Top of Page