Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] PSP -- Provision both AD and LDAP - Getting Close?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] PSP -- Provision both AD and LDAP - Getting Close?


Chronological Thread 
  • From: David Langenberg <>
  • To: "Bryan E. Wooten" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] PSP -- Provision both AD and LDAP - Getting Close?
  • Date: Tue, 1 Oct 2013 10:02:09 -0600
Hi Bryan,

Would you mind sending me your current configs?  Specifically psp.xml and the psp-resolver.xml.

Thanks

Dave


On Tue, Oct 1, 2013 at 9:59 AM, Bryan E. Wooten <> wrote:

I can’t seem to provision (./gsh –psp –bulkSync) groups with members to LDAP (AD works fine).

 

Looking at the log I see this:

 

2013-10-01 09:14:58,476: [main] INFO  BaseSpmlProvider.execute(153) -  - Target 'psp' - Add AddRequest[psoID=PSOIdentifier[id='cn=DeptRoleUIT-ADFinance-Provisioned,ou=sharepoint,ou=UIT,ou=grouper,o=utah.edu',targetID=openDJ,containerID=<null>],targetID=openDJ,returnData=everything,requestID=2013/10/01-09:14:58.473]

2013-10-01 09:14:58,478: [main] INFO  BaseSpmlProvider.execute(157) -  - Target 'psp' - Add XML:

<addRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='groupOpenDJ' requestID='2013/10/01-09:14:58.473' targetId='openDJ' returnData='everything'>

  <psoID ID='cn=DeptRoleUIT-ADFinance-Provisioned,ou=sharepoint,ou=UIT,ou=grouper,o=utah.edu' targetID='openDJ'/>

  <data>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>

      <dsml:value>top</dsml:value>

      <dsml:value>groupofuniquenames</dsml:value>

    </dsml:attr>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>

      <dsml:value>DeptRoleUIT-ADFinance-Provisioned</dsml:value>

    </dsml:attr>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='descriptionOpenDJ'>

      <dsml:value>DeptRoleUIT-ADFinance-Provisioned</dsml:value>

    </dsml:attr>

  </data>

  <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='uniquemember'>

      <spmlref:toPsoID ID='CN=u0002727,OU=people,DC=testad,DC=utah,DC=edu' targetID='ldap'/>

    </spmlref:reference>

 

Every thing looks fine except this:

 

<spmlref:toPsoID ID='CN=u0002727,OU=people,DC=testad,DC=utah,DC=edu' targetID='ldap'/>

 

I think it should be this:

 

<spmlref:toPsoID ID='unid=u0002727,OU=people,o=utah.edu targetID='openDJ'/>

 

I can’t figure out where the AD syntax is coming from, I’ve poured over the XML and can’t find a mistake.

 

Any help appreciated. I really need to provision to both AD and OpenDJ.

 

Thanks,

 

Bryan

 




--
David Langenberg
Identity & Access Management
The University of Chicago

Archive powered by MHonArc 2.6.16.

Top of Page