Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Dire warning in ldap.properties

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Dire warning in ldap.properties


Chronological Thread 
  • From: David Langenberg <>
  • To: J Richard Gilbert <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Dire warning in ldap.properties
  • Date: Fri, 18 Oct 2013 10:08:40 -0600

Hi,

That's a warning to be careful if you run the unit-test suite.  Generally you won't be doing that so there is no need to panic.

Dave


On Fri, Oct 18, 2013 at 9:59 AM, J Richard Gilbert <> wrote:
Hi,

As a newbie, I have been experimenting with grouper and now want to
try using the PSP to demonstrate management of a group in a test AD.
Having watched the training videos I am configuring ldap.properties,
in which I see the following...

# The default base DN for searches.
# All subordinate objects will be deleted during tests !
edu.vt.middleware.ldap.baseDn=
# The base DN for groups.
edu.internet2.middleware.psp.groupsBaseDn=
# The base DN for people.
edu.internet2.middleware.psp.peopleBaseDn=

That warning sounds a bit scary!  What does it really mean?

And what is the default base DN used for?  The configuration defines a
base for group searches and a base for people searches.  The AD I am
working with was configured (not by me) with ou=Staff and ou=Students
configured directly below the root of the tree.  To search for both
types of user in a single source therefore required me to give the
root as the search base.  This caused trouble: Grouper didn't like the
references which AD returns...

Subject API error: error with subject source id: qad, name: QA AD,
problem with getSubject by id, in sources.xml: search searchSubject: ,
edu.internet2.middleware.subject.SourceUnavailableException: Ldap
NamingException: Unprocessed Continuation Reference(s)

I found the explanation for this here:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200611.mbox/%3CC16E4268.9601B%%3E

I got round it by restricting my source to staff only and so was able
to specify a search base below the root.  I am wondering whether I am
going to come up against the same problem when I specify the root of
the tree for edu.vt.middleware.ldap.baseDn in ldap.properties.

Thank you

Richard
--
Richard Gilbert
Corporate Information and Computing Services
University of Sheffield, Sheffield, S10 2FN, UK
Phone: +44 114 222 3028   Fax: +44 114 222 1188



--
David Langenberg
Identity & Access Management
The University of Chicago



Archive powered by MHonArc 2.6.16.

Top of Page