Grouper Users - Open Discussion List

[Shilen Patel <>]

In your sources.xml file, is your filter perhaps not right for the "searchSubject" search type?  This is the search to find the user by subject id.  The logs below seem to suggest that your filter is this:  (& (uncgPreferredName=%TERM%) (objectclass=userProxy))

But you previously said your subject id attribute is uidNumber.

Thanks!

-- Shilen

From: Rob Gorrell <>
Date: Wednesday, June 5, 2013 2:14 PM
To: Chris Hyzer <>
Cc: "" <>
Subject: Re: [grouper-users] help configuring the Subject API for a JNDI source

So thank you for the education about logging... I think i have a grasp on where to look now.

what I get in the grouper_error.log when i try to bring up/show a subject's attributes is:
2013-06-05 14:09:37,738: [TP-Processor8] ERROR PopulateSubjectSummaryAction.grouperExecute(369) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0008 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - edu.internet2.middleware.subject.SubjectNotFoundException: No results: searchSubject filter:(& (uncgPreferredName=%TERM%) (objectclass=userProxy)) searchValue: 33668
2013-06-05 14:09:37,747: [TP-Processor8] ERROR PopulateSubjectSummaryAction.grouperExecute(436) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0008 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - edu.internet2.middleware.grouper.exception.MemberNotFoundException: Unresolvable subject is also not a Member

and when I try to assign privileges, I get:
2013-06-05 14:12:04,207: [TP-Processor2] ERROR DoAssignNewMembersAction.grouperExecute(246) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0011 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - edu.internet2.middleware.subject.SubjectNotFoundException: No results: searchSubject filter:(& (uncgPreferredName=%TERM%) (objectclass=userProxy)) searchValue: 33668
2013-06-05 14:12:04,211: [TP-Processor2] ERROR NavExceptionHelper.getMessage(107) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0011 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - Missing nav key: The entity does not exist.

which is odd considering i can match the subject in the LDAP source, but then it seems to fall apart from there.

-Rob

On Tue, Jun 4, 2013 at 5:16 PM, Chris Hyzer <> wrote:

Can you put an absolute path in the log4j.properties and restart and reproduce?  (or log to stdout)

 

You should see something like this in the catalina.out

 

“Grouper is logging to file:”

 

Thanks,

Chris

 

 

From: [mailto:] On Behalf Of Rob Gorrell

Sent: Tuesday, June 04, 2013 4:29 PM
To: Chris Hyzer
Cc:

Subject: Re: [grouper-users] help configuring the Subject API for a JNDI source

 

Guess i'm not sure where this would be logged exactly? By the UI? where does the UI output its logs? i'm not seeing anything in Tomcat's logging?

-Rob

On Tue, Jun 4, 2013 at 4:25 PM, Chris Hyzer <> wrote:

Are there stacks in the logs that describe the error?

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Rob Gorrell
Sent: Tuesday, June 04, 2013 4:12 PM
To:
Subject: [grouper-users] help configuring the Subject API for a JNDI source

 

So I'm attempting to configure the Subject API to pull in subjects from our LDAP directory. Using the example sources.xml, I was able to configure the LDAP section such that when in the UI, I'm able to search and locate a subject based on username (the description appears next to their check box), however, when I attempt to assign  privileges, I get an "error retrieving entity [33668]. the entity does not exist." and likewise, when i click on the description of the located subject to bring up their attributes, I get an "error: there was an unexpected error retrieving the requested entity as a member". I feel like I'm missing something in the attribute mappings preventing the user from being added, just not sure what that something is.

I have the following attributes defined like this in sources.xml...

     <init-param>
      <param-name>SubjectID_AttributeType</param-name>
      <param-value>uidNumber</param-value>
    </init-param>
     <init-param>
      <param-name>SubjectID_formatToLowerCase</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>Name_AttributeType</param-name>
      <param-value>cn</param-value>
    </init-param>
    <init-param>
      <param-name>Description_AttributeType</param-name>
      <param-value>displayName</param-value>
    </init-param>

--

Robert W. Gorrell
Middleware Engineer, Identity and Access Management

University of NC at Greensboro
336-334-5954

--

Robert W. Gorrell
Middleware Engineer, Identity and Access Management

University of NC at Greensboro
336-334-5954

--

Robert W. Gorrell
Middleware Engineer, Identity and Access Management

University of NC at Greensboro
336-334-5954