Grouper Users - Open Discussion List

["Bryan E. Wooten" <>]

Hi all,

 

I am trying to get the PSP to provision to both AD and OpenDJ. But I am having trouble adding members to groups in OpenDJ. I can add members to AD.

 

I believe the issue lies in this piece of XML in the psp-resolver.xml:

 

<resolver:AttributeDefinition

    id="memberDn"

    xsi:type="psp:PSOIdentifier"

    sourceAttributeID="entryDN">

    <resolver:Dependency ref="LDAPMemberPersonLookup1" />

  </resolver:AttributeDefinition>

 

And

 

<resolver:AttributeDefinition

    id="memberOpenDJDn"

    xsi:type="psp:PSOIdentifier"

    sourceAttributeID="dn">

    <resolver:Dependency ref="MemberOpenDJDataConnector" />

  </resolver:AttributeDefinition>

 

I think the problem lies in the sourceAttributeID value. With it set to either “dn” or “distiguishedName” in memberOpenDJDn I get this in my log file:

 

2013-07-25 09:41:31,208: [main] DEBUG Psp.execute(1069) -  - PSP 'psp' - Calc CalcRequest[id=u0030078,requestID=<null>,returnData=identifier,schemaEntityRef=SchemaEntityRef[targetID=openDJ,entityName=memberOpenDJ,isContainer=false]] Resolving attributes '[memberOpenDJDn]'.

2013-07-25 09:41:31,209: [main] DEBUG SimpleAttributeAuthority.getAttributes(86) -  - get attributes 'u0030078' aa 'psp.AttributeAuthority'

2013-07-25 09:41:31,210: [main] DEBUG DefaultConnectionHandler.connectInternal(74) -  - Bind with the following parameters:

2013-07-25 09:41:31,211: [main] DEBUG DefaultConnectionHandler.connectInternal(75) -  -   authtype = simple

2013-07-25 09:41:31,211: [main] DEBUG DefaultConnectionHandler.connectInternal(76) -  -   dn = cn=Directory Manager

2013-07-25 09:41:31,212: [main] DEBUG DefaultConnectionHandler.connectInternal(83) -  -   credential = <suppressed>

2013-07-25 09:41:31,214: [main] DEBUG AbstractLdap.search(193) -  - Search with the following parameters:

2013-07-25 09:41:31,215: [main] DEBUG AbstractLdap.search(194) -  -   dn = ou=people,o=utah.edu

2013-07-25 09:41:31,215: [main] DEBUG AbstractLdap.search(195) -  -   filter = (&(unid=u0030078)(objectClass=person))

2013-07-25 09:41:31,215: [main] DEBUG AbstractLdap.search(196) -  -   filterArgs = []

2013-07-25 09:41:31,215: [main] DEBUG AbstractLdap.search(197) -  -   searchControls = javax.naming.directory.SearchControls@2e095b5c

2013-07-25 09:41:31,216: [main] DEBUG AbstractLdap.search(198) -  -   handler = [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@6859ed1f, edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler@67dec3be, edu.vt.middleware.ldap.handler.BinarySearchResultHandler@52052438]

2013-07-25 09:41:31,233: [main] DEBUG PsoIdentifierAttributeDefinition.doResolve(50) -  - PSOIdentifier attribute definition 'memberOpenDJDn' - Resolve principal 'u0030078'

2013-07-25 09:41:31,234: [main] DEBUG Psp.execute(1072) -  - PSP 'psp' - Calc CalcRequest[id=u0030078,requestID=<null>,returnData=identifier,schemaEntityRef=SchemaEntityRef[targetID=openDJ,entityName=memberOpenDJ,isContainer=false]] Resolved attributes '[]'.

2013-07-25 09:41:31,235: [main] DEBUG Pso.getPSO(222) -  - Pso 'memberOpenDJ' - Get pso for 'u0030078'

2013-07-25 09:41:31,235: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) -  - PSO Identifier Definition 'memberOpenDJDn' - Source attribute 'memberOpenDJDn' does not exist

2013-07-25 09:41:31,235: [main] DEBUG Pso.getPSO(229) -  - Pso 'memberOpenDJ' - Unable to calculate pso identifier for 'u0030078'

2013-07-25 09:41:31,236: [main] ERROR Psp.execute(1015) -  - Psp 'psp' - Calc CalcResponse[id=u0030078,status=failure,error=noSuchIdentifier,errorMessages={Unable to calculate provisioned object.},requestID=2013/07/25-09:41:31.208]

2013-07-25 09:41:31,236: [main] ERROR Psp.execute(1017) -  - Psp 'psp' - Calc XML:

<psp:calcResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2013/07/25-09:41:31.208' error='noSuchIdentifier'>

  <errorMessage>Unable to calculate provisioned object.</errorMessage>

  <psp:id ID='u0030078'/>

</psp:calcResponse>

 

But I know the subjectID exists in my OpenDJ because that is my subject source and I see a successful query in my OpenDJ log file:

 

[17/Jul/2013:17:43:20 -0600] BIND REQ conn=1351842 op=0 msgID=1 version=3 type=SIMPLE dn="cn=Directory Manager"

[17/Jul/2013:17:43:20 -0600] BIND RES conn=1351842 op=0 msgID=1 result=0 authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=1

[17/Jul/2013:17:43:20 -0600] SEARCH REQ conn=1351842 op=1 msgID=2 base="ou=people,o=utah.edu" scope=wholeSubtree filter="(&(unid=u0030078)(objectClass=person))" attrs="ALL"

[17/Jul/2013:17:43:20 -0600] SEARCH RES conn=1351842 op=1 msgID=2 result=0 nentries=1 etime=0

 

I have tried setting sourceAttributeId to “entryDN”, but that results in an expection in my grouper log file:

 

sequence number 1370772, sequenceNumber: 1370772, edu.internet2.middleware.psp.PspException: edu.internet2.middleware.psp.PspNoSuchIdentifierException: Psp 'psp' - Has reference from 'PSOIdentifier[id='cn=group10,ou=uofu,OU=grouper,DC=testad,DC=utah,DC=edu',targetID=openDJ,containerID=<null>]' to 'Reference[toPsoID=PSOIdentifier[id='unid=u0152062,ou=people,o=utah.edu',targetID=openDJ,containerID=<null>],type=member]' SearchResponse[psos=0,status=failure,error=noSuchIdentifier,errorMessages={[LDAP: error code 32 - The entry cn=group10,ou=uofu,OU=grouper,DC=testad,DC=utah,DC=edu specified as the search base does not exist in the Directory Server]},requestID=2013/07/25-09:30:52.809]

        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processModificationReferences(PspChangeLogConsumer.java:947)

        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processModification(PspChangeLogConsumer.java:749)

        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processModification(PspChangeLogConsumer.java:811)

        at edu.internet2.middleware.psp.group

 

 

This is very confusing. Any help will be appreciated. This is my last hurdle before giving Grouper the thumbs up and moving towards a production deployment.

 

Thanks,

 

Bryan