Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Weird PSP Ldap provisioning

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Weird PSP Ldap provisioning


Chronological Thread 
  • From: "Bryan E. Wooten" <>
  • To: "Bryan E. Wooten" <>, "" <>
  • Subject: [grouper-users] RE: Weird PSP Ldap provisioning
  • Date: Tue, 23 Jul 2013 15:09:27 +0000
  • Accept-language: en-US

I fixed this problem. I had a minor typo in the psp-resolver.xml file.

 

The typo resulted in this bad XML, note the missing objectClass for the “groupOpenDJ”

 

<psp:calcResponse xmlns:psp='http://grouper.internet2.edu/psp' status='success' requestID='2013/07/23-07:45:26.705'>

  <psp:id ID='uofu:group8'/>

  <psp:pso entityName='group'>

    <psoID ID='cn=group8,ou=uofu,OU=grouper,DC=testad,DC=utah,DC=edu' targetID='ldap'/>

   <data>

      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>

        <dsml:value>top</dsml:value>

        <dsml:value>group</dsml:value>

      </dsml:attr>

      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>

        <dsml:value>group8</dsml:value>

      </dsml:attr>

      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='description'>

        <dsml:value>group8</dsml:value>

      </dsml:attr>

    </data>

  </psp:pso>

  <psp:pso entityName='groupOpenDJ'>

    <psoID ID='cn=group8,ou=uofu,ou=grouper,o=utah.edu' targetID='openDJ'/>

    <data>

      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>

        <dsml:value>group8</dsml:value>

      </dsml:attr>

      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='descriptionOpenDJ'>

        <dsml:value>group8</dsml:value>

      </dsml:attr>

    </data>

  </psp:pso>

</psp:calcResponse>

-Bryan

 

From: [mailto:] On Behalf Of Bryan E. Wooten
Sent: Monday, July 22, 2013 6:03 PM
To:
Subject: [grouper-users] Weird PSP Ldap provisioning

 

I have my PSP configured to provision to both AD and OpenDJ. Provisioning folders as Ous works just fine.

 

When I create a group things get weird. The group is created as expected in AD, but OpenDJ is another story.

 

The PSP throws an exception (something about schema), but here is the weird thing the groups exists, well not the group but the object. (i.e.: cn=group, ou=uofu,o=utah.edu).

 

However the object does not show up in either Softterra or Apache Directory Studio. Unless I do a search on the DN then I get a hit, however the object has no object classes like top or groupofuniquenames…

 

I am at a loss, there are no errors in the OpenDJ access log or error log…

 

Frustrating since I was able to provision OpenDJ groups in the past…. (without AD in the mix). I think all my psp*.xml files are correct.

 

Any ideas on how to proceed or is this an OpenDJ question?

 

Thanks,

 

-Bryan


Archive powered by MHonArc 2.6.16.

Top of Page