grouper-users - Re: [grouper-users] PSP provisioning to AD
Subject: Grouper Users - Open Discussion List
List archive
- From: David Langenberg <>
- To: Rob Gorrell <>
- Cc: "" <>
- Subject: Re: [grouper-users] PSP provisioning to AD
- Date: Fri, 25 Oct 2013 13:17:56 -0600
Looks like the PSP got back an LDAP Referral. Try pointing it directly at a specific DC.
Dave
On Fri, Oct 25, 2013 at 1:13 PM, Rob Gorrell <> wrote:
-RobAny suggestions on what might not be lining up here and what grouper is doing (presumably trying to create an OU in AD to match a stem) thats causing the ldap server to return a DSID-031007EF? I don't see any incorrect DN's listed in whats going on in the grouper error log.Our domain, auth.uncg.edu, is pretty simple. All users are flat under an OU called accounts and all groups I want to be provisioned under a similar top level OU called groups. I've created a sub ou called grouper in the meantime as I don't want grouper to step on the manually created groups until we switchover.So i've watching the training videos and trying to learn more about the PSP and provisioning down to AD, but for whatever reason, am not having success in making the training video examples work in my environment. grouper appears to be connecting to my provisioning source, but is coming back with a custom error that I believe is related to a problem in an LDAP path/referrer according the MS documentation of the error result being returning. This is whats in my grouper error log:my ldap.properties contains the following baseDN's:
<psp:bulkSyncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2013/10/25-14:59:15.807' error='customError'>
<errorMessage>[LDAP: error code 10 - 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: 'auth.uncg.edu'
_]</errorMessage>
</psp:bulkSyncResponse>
edu.vt.middleware.ldap.baseDn=dc=auth,dc=uncg,dc=edu
edu.internet2.middleware.psp.groupsBaseDn=ou=grouper,ou=groups,dc=auth,dc=uncg,dc=edu
edu.internet2.middleware.psp.peopleBaseDn=ou=accounts,dc=auth,dc=uncg,dc=edu
--Robert W. Gorrell
Systems Architect, Identity and Access Management
David Langenberg
Identity & Access Management
The University of Chicago
- [grouper-users] PSP provisioning to AD, Rob Gorrell, 10/25/2013
- Re: [grouper-users] PSP provisioning to AD, David Langenberg, 10/25/2013
- Re: [grouper-users] PSP provisioning to AD, Rob Gorrell, 10/30/2013
- Re: [grouper-users] PSP provisioning to AD, David Langenberg, 10/30/2013
- Re: [grouper-users] PSP provisioning to AD, Rob Gorrell, 10/30/2013
- Re: [grouper-users] PSP provisioning to AD, David Langenberg, 10/25/2013
Archive powered by MHonArc 2.6.16.