grouper-users - Re: [grouper-users] help configuring the Subject API for a JNDI source
Subject: Grouper Users - Open Discussion List
List archive
- From: Rob Gorrell <>
- To: Shilen Patel <>
- Cc: Chris Hyzer <>, "" <>
- Subject: Re: [grouper-users] help configuring the Subject API for a JNDI source
- Date: Fri, 7 Jun 2013 13:15:43 -0400
- Authentication-results: sfpop-ironport02.merit.edu; dkim=neutral (message not signed) header.i=none
So let me ask a couple more questions along this vein...
The goal of the Subject API is to add subjects to the Subjects table from a data connector (such as JNDI), correct? The subjects I've added manually so far (through gsh) so I can use the system, i've used eppn as the subjectid since my UI install authentication is shibbolized. I'm assuming I would like subjects loaded by the Subject API to also use eppn as the subjectid. trouble is, our ldap directory doesn't store eppn as an attribute, our shibb IdP computes it by scoping the cn attribute. Can grouper do a similar thing in sources.xml when it comes to the subjectid attribute? I would rather load subjects as eppn, not uidNumber, as shibb won't be authenticating users to my grouper UI based on uidNumber but rather eppn.
-Rob
In your sources.xml file, is your filter perhaps not right for the "searchSubject" search type? This is the search to find the user by subject id. The logs below seem to suggest that your filter is this: (& (uncgPreferredName=%TERM%) (objectclass=userProxy))
But you previously said your subject id attribute is uidNumber.
Thanks!
-- Shilen
From: Rob Gorrell <>
Date: Wednesday, June 5, 2013 2:14 PM
To: Chris Hyzer <>
Cc: "" <>
Subject: Re: [grouper-users] help configuring the Subject API for a JNDI source
So thank you for the education about logging... I think i have a grasp on where to look now.
what I get in the grouper_error.log when i try to bring up/show a subject's attributes is:
2013-06-05 14:09:37,738: [TP-Processor8] ERROR PopulateSubjectSummaryAction.grouperExecute(369) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0008 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - edu.internet2.middleware.subject.SubjectNotFoundException: No results: searchSubject filter:(& (uncgPreferredName=%TERM%) (objectclass=userProxy)) searchValue: 33668
2013-06-05 14:09:37,747: [TP-Processor8] ERROR PopulateSubjectSummaryAction.grouperExecute(436) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0008 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - edu.internet2.middleware.grouper.exception.MemberNotFoundException: Unresolvable subject is also not a Member
and when I try to assign privileges, I get:
2013-06-05 14:12:04,207: [TP-Processor2] ERROR DoAssignNewMembersAction.grouperExecute(246) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0011 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - edu.internet2.middleware.subject.SubjectNotFoundException: No results: searchSubject filter:(& (uncgPreferredName=%TERM%) (objectclass=userProxy)) searchValue: 33668
2013-06-05 14:12:04,211: [TP-Processor2] ERROR NavExceptionHelper.getMessage(107) - < 50FB33F3960149BC379AA3ADC3E3AA5C-0011 10088e20ca0d4ad2af3cf7c71aea5d3c jdbc > - Missing nav key: The entity does not exist.
which is odd considering i can match the subject in the LDAP source, but then it seems to fall apart from there.
-Rob
On Tue, Jun 4, 2013 at 5:16 PM, Chris Hyzer <> wrote:
Can you put an absolute path in the log4j.properties and restart and reproduce? (or log to stdout)
You should see something like this in the catalina.out
“Grouper is logging to file:”
Thanks,
Chris
From: [mailto:] On Behalf Of Rob Gorrell
Subject: Re: [grouper-users] help configuring the Subject API for a JNDI source
Sent: Tuesday, June 04, 2013 4:29 PM
To: Chris Hyzer
Cc:
Guess i'm not sure where this would be logged exactly? By the UI? where does the UI output its logs? i'm not seeing anything in Tomcat's logging?
-Rob
On Tue, Jun 4, 2013 at 4:25 PM, Chris Hyzer <> wrote:
Are there stacks in the logs that describe the error?
Thanks,
Chris
From: [mailto:] On Behalf Of Rob Gorrell
Sent: Tuesday, June 04, 2013 4:12 PM
To:
Subject: [grouper-users] help configuring the Subject API for a JNDI source
So I'm attempting to configure the Subject API to pull in subjects from our LDAP directory. Using the example sources.xml, I was able to configure the LDAP section such that when in the UI, I'm able to search and locate a subject based on username (the description appears next to their check box), however, when I attempt to assign privileges, I get an "error retrieving entity [33668]. the entity does not exist." and likewise, when i click on the description of the located subject to bring up their attributes, I get an "error: there was an unexpected error retrieving the requested entity as a member". I feel like I'm missing something in the attribute mappings preventing the user from being added, just not sure what that something is.
I have the following attributes defined like this in sources.xml...
<init-param>
<param-name>SubjectID_AttributeType</param-name>
<param-value>uidNumber</param-value>
</init-param>
<init-param>
<param-name>SubjectID_formatToLowerCase</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>Name_AttributeType</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>Description_AttributeType</param-name>
<param-value>displayName</param-value>
</init-param>
--Robert W. Gorrell
Middleware Engineer, Identity and Access ManagementUniversity of NC at Greensboro
336-334-5954
--Robert W. Gorrell
Middleware Engineer, Identity and Access ManagementUniversity of NC at Greensboro
336-334-5954
--
Robert W. Gorrell
Middleware Engineer, Identity and Access ManagementUniversity of NC at Greensboro
336-334-5954
--
Middleware Engineer, Identity and Access Management
336-334-5954
- [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/04/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/04/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/04/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/04/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/05/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Shilen Patel, 06/06/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/07/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/07/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/07/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/07/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/07/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Earl Lewis, 06/07/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/11/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Earl Lewis, 06/11/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/07/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/07/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Shilen Patel, 06/06/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/05/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/04/2013
- Re: [grouper-users] help configuring the Subject API for a JNDI source, Rob Gorrell, 06/04/2013
- RE: [grouper-users] help configuring the Subject API for a JNDI source, Chris Hyzer, 06/04/2013
Archive powered by MHonArc 2.6.16.