Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] PSP Bulk Sync Problems

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] PSP Bulk Sync Problems


Chronological Thread 
  • From: David Langenberg <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] PSP Bulk Sync Problems
  • Date: Wed, 28 Aug 2013 09:44:02 -0600
Just to close the loop on this for the archives, the issue was related to AD not being case-sensitive and Java and thus the PSP defaulting to case-sensitive matching.  After tweaking his psp-resolver.xml and upper-casing rdnAttributeName and stemRdnAttributeName attribute values for the groupDn AttributeDefinition things started working right.

Dave


On Tue, Aug 27, 2013 at 9:02 AM, Bryan E. Wooten <> wrote:

Friends,

 

I am have some real issues with the PSP that I just can’t figure out. This is version 2.1.4.

 

Here is the scenario:

 

Create a group in Root:uofu:uit:Sharepoint:Group1 and add a member.

Run ./gsh –psp –bulkSync

 

Excellent success! I get distinguishedName: CN=g1,OU=sharepoint,OU=UIT,OU=grouper,DC=grouperad,DC=utah,DC=edu and

member: CN=u0152062,OU=People,DC=grouperad,DC=utah,DC=edu

in my Active directory.

 

Then go back to the UI and create in Root:uofu:uit:Sharepoint:Group2 and add a member.

Run ./gsh –psp –bulkSync

 

What on earth just happened? I see this on stdout:

 

 

<psp:syncResponse status='failure' requestID='2013/08/27-08:46:47.728' error='customError'>

    <deleteResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2013/08/27-08:46:47.728' error='customError'>

      <errorMessage>[LDAP: error code 66 - 0000208C: UpdErr: DSID-030A0493, problem 6003 (CANT_ON_NON_LEAF), data 0

_]</errorMessage>

    </deleteResponse>

    <errorMessage>[LDAP: error code 66 - 0000208C: UpdErr: DSID-030A0493, problem 6003 (CANT_ON_NON_LEAF), data 0

_]</errorMessage>

    <psp:id ID='OU=UIT,OU=grouper,DC=grouperad,DC=utah,DC=edu'/>

  </psp:syncResponse>

 

Group1 is now gone from Active Directory but Group2 is now there.

 

Ok let’s run ./gsh –psp –bullSync again.

 

Great, same error but now Group2 is missing in Active Directory but Group1 has reappeared.

 

Rinse and Repeat.

 

I have no clue what is going on.

 

Added a 3rd group, now Group1 and Group3 are in AD and Group2 is gone.

 

Run ./gsh –psp –bulkSync again.

 

Now I have Group2 in AD but no Group1 or Group3.

 

Thanks,

 

Bryan

 

 




--
David Langenberg
Identity & Access Management
The University of Chicago

Archive powered by MHonArc 2.6.16.

Top of Page