grouper-users - [grouper-users] provisioning groups to AD, but no members?
Subject: Grouper Users - Open Discussion List
List archive
- From: Rob Gorrell <>
- To: "" <>
- Subject: [grouper-users] provisioning groups to AD, but no members?
- Date: Fri, 13 Dec 2013 13:29:49 -0500
So I've been working on understanding the PSP for some time now. I've finally resolved my problems in getting grouper groups to provision to my active directory using PSP, but now even though the group objects are being created, the memberships aren't being written. I'm using the flat structure with cnSourceAttributeID=name. the only real change I've made to psp.xml from the example is to comment out the sAMAccountName stuff and let AD choose that (was having length and semicolon problems with this attribute)
trying to provision a simple group of uncg:test with rwgorrel (cn=rwgorrel,ou=accounts,o=uncg) produces an AD group of cn=uncg:test,ou=devgroups,o=uncg but its membership is empty.After running a 'bin/gsh.sh -psp -sync uncg:test' grouper doesn't seem to contact a source to look up the DN for my member object (rwgorrel). This section of log has caught my attention, though I'm not 100% sure what to make of it. Does something need to be changed in my psp.xml to match up with AD's name for member and memberOf attributes?
2013-12-13 13:21:07,300: [main] DEBUG PsoReferences.getReferences(148) - - Pso references 'member' - Get references for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(90) - - Pso reference 'membersLdap' - Get references for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(97) - - Pso reference 'membersLdap' - Source attribute does not exist
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(90) - - Pso reference 'membersGsa' - Get references for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(97) - - Pso reference 'membersGsa' - Source attribute does not exist
2013-12-13 13:21:07,300: [main] DEBUG PsoReferences.getReferences(160) - - Pso references 'member' - Returned 0 references.
2013-12-13 13:21:07,301: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) - - PSO Identifier Definition 'groupDn' - Source attribute 'groupDnAlternate' does not exist
2013-12-13 13:21:07,301: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) - - PSO Identifier Definition 'groupDn' - Source attribute 'groupDnAlternateChangeLog' does not exist
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(282) - - Pso 'group' - Get pso for 'uncg:test' returned 1 objects.
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(222) - - Pso 'member' - Get pso for 'uncg:test'
2013-12-13 13:21:07,302: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) - - PSO Identifier Definition 'memberDn' - Source attribute 'memberDn' does not exist
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(229) - - Pso 'member' - Unable to calculate pso identifier for 'uncg:test'
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(222) - - Pso 'groupMembership' - Get pso for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReferences.getReferences(148) - - Pso references 'member' - Get references for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(90) - - Pso reference 'membersLdap' - Get references for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(97) - - Pso reference 'membersLdap' - Source attribute does not exist
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(90) - - Pso reference 'membersGsa' - Get references for 'uncg:test'
2013-12-13 13:21:07,300: [main] DEBUG PsoReference.getReferences(97) - - Pso reference 'membersGsa' - Source attribute does not exist
2013-12-13 13:21:07,300: [main] DEBUG PsoReferences.getReferences(160) - - Pso references 'member' - Returned 0 references.
2013-12-13 13:21:07,301: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) - - PSO Identifier Definition 'groupDn' - Source attribute 'groupDnAlternate' does not exist
2013-12-13 13:21:07,301: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) - - PSO Identifier Definition 'groupDn' - Source attribute 'groupDnAlternateChangeLog' does not exist
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(282) - - Pso 'group' - Get pso for 'uncg:test' returned 1 objects.
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(222) - - Pso 'member' - Get pso for 'uncg:test'
2013-12-13 13:21:07,302: [main] DEBUG PsoIdentifier.getPSOIdentifier(86) - - PSO Identifier Definition 'memberDn' - Source attribute 'memberDn' does not exist
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(229) - - Pso 'member' - Unable to calculate pso identifier for 'uncg:test'
2013-12-13 13:21:07,302: [main] DEBUG Pso.getPSO(222) - - Pso 'groupMembership' - Get pso for 'uncg:test'
Thanks
-Rob
-Rob
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
336-334-5954
PGP Key ID B36DB0CA
- [grouper-users] provisioning groups to AD, but no members?, Rob Gorrell, 12/13/2013
- [grouper-users] Re: provisioning groups to AD, but no members?, Rob Gorrell, 12/13/2013
- Re: [grouper-users] Re: provisioning groups to AD, but no members?, David Langenberg, 12/13/2013
- [grouper-users] Re: provisioning groups to AD, but no members?, Rob Gorrell, 12/13/2013
Archive powered by MHonArc 2.6.16.