Subject: Grouper Users - Open Discussion List
- From: David Langenberg <>
- To: Rob Gorrell <>
- Cc: "" <>
- Subject: Re: [grouper-users] PSP provisioning to AD
- Date: Fri, 25 Oct 2013 13:17:56 -0600
Looks like the PSP got back an LDAP Referral. Try pointing it directly at a specific DC.
On Fri, Oct 25, 2013 at 1:13 PM, Rob Gorrell <> wrote:
-RobAny suggestions on what might not be lining up here and what grouper is doing (presumably trying to create an OU in AD to match a stem) thats causing the ldap server to return a DSID-031007EF? I don't see any incorrect DN's listed in whats going on in the grouper error log.Our domain, auth.uncg.edu, is pretty simple. All users are flat under an OU called accounts and all groups I want to be provisioned under a similar top level OU called groups. I've created a sub ou called grouper in the meantime as I don't want grouper to step on the manually created groups until we switchover.So i've watching the training videos and trying to learn more about the PSP and provisioning down to AD, but for whatever reason, am not having success in making the training video examples work in my environment. grouper appears to be connecting to my provisioning source, but is coming back with a custom error that I believe is related to a problem in an LDAP path/referrer according the MS documentation of the error result being returning. This is whats in my grouper error log:my ldap.properties contains the following baseDN's:
<psp:bulkSyncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2013/10/25-14:59:15.807' error='customError'>
<errorMessage>[LDAP: error code 10 - 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: 'auth.uncg.edu'
Identity & Access Management
The University of Chicago
- [grouper-users] PSP provisioning to AD, Rob Gorrell, 10/25/2013
Archive powered by MHonArc 2.6.16.