Grouper Users - Open Discussion List

[Rob Gorrell <>]

So i've watching the training videos and trying to learn more about the PSP and provisioning down to AD, but for whatever reason, am not having success in making the training video examples work in my environment. grouper appears to be connecting to my provisioning source, but is coming back with a custom error that I believe is related to a problem in an LDAP path/referrer according the MS documentation of the error result being returning. This is whats in my grouper error log:
<psp:bulkSyncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2013/10/25-14:59:15.807' error='customError'>
  <errorMessage>[LDAP: error code 10 - 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
        ref 1: 'auth.uncg.edu'
_]</errorMessage>
</psp:bulkSyncResponse>

my ldap.properties contains the following baseDN's:
edu.vt.middleware.ldap.baseDn=dc=auth,dc=uncg,dc=edu
edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=groups,dc=auth,dc=uncg,dc=edu
edu.internet2.middleware.psp.peopleBaseDn=ou=accounts,dc=auth,dc=uncg,dc=edu

Our domain, auth.uncg.edu, is pretty simple. All users are flat under an OU called accounts and all groups I want to be provisioned under a similar top level OU called groups. I've created a sub ou called grouper in the meantime as I don't want grouper to step on the manually created groups until we switchover.

Any suggestions on what might not be lining up here and what grouper is doing (presumably trying to create an OU in AD to match a stem) thats causing the ldap server to return a DSID-031007EF? I don't see any incorrect DN's listed in whats going on in the grouper error log.

-Rob

--

Robert W. Gorrell
Systems Architect, Identity and Access Management

University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA