Grouper Users - Open Discussion List

[David Langenberg <>]

The first error is fairly safe to ignore.  It generally can be described as "this change doesn't match our criteria for pushing to LDAP".  The second error though makes me think you are missing something perhaps in your ldap.properties.  It would be helpful to see a sanitized version of that file.

Dave

On Fri, Sep 5, 2014 at 3:53 AM, Mark Cairney <> wrote:

OK I'm trying to proceed with the simplest case i.e. no baseStem set.
The process is still on-going but I'm seeing a lot of errors being
generated which seem to fall into 2 types. So far it's been running for
about 13 hours with no changes yet being made to the LDAP server.

1.
2014-09-05 00:00:00,025: [main] ERROR Psp.execute(1187) -  - Psp 'psp' -
Diff
DiffResponse[id=1C5998B7-EB74-4D38-8DB8-94E251A07174,status=failure,error=noSuchIdentifier,errorMessages={Unable
to calculate provisioned object.},requestID=2014/09/04-23:59:59.742]
2014-09-05 00:00:00,025: [main] ERROR Psp.execute(1189) -  - Psp 'psp' -
Diff XML:
<psp:diffResponse xmlns:psp='http://grouper.internet2.edu/psp'
status='failure' requestID='2014/09/04-23:59:59.742'
error='noSuchIdentifier'>
  <errorMessage>Unable to calculate provisioned object.</errorMessage>
  <psp:id ID='1C5998B7-EB74-4D38-8DB8-94E251A07174'/>
</psp:diffResponse>

(this looks like it's just complaining about not being able to find a
match for that ID. Given the Dev LDAP server is simply a clone of one of
our Test ones this doesn't worry/surprise me too much as we haven't done
a full sync of the user accounts on both).


2.

2014-09-05 00:58:00,539: [main] ERROR Psp.doesIdentifierExist(445) -  -
The lookup response is not a success
'LookupResponse[pso=<null>,status=failure,error=customError,errorMessages={Unable
to determine schema entity for
uid=******,ou=people,ou=central,dc=authorise-dev,dc=ed,dc=ac,dc=uk},requestID=2014/09/05-00:58:00.533]'


Should I be worrying about these errors? I'm also wondering if I've
choosed the wrong example set for my config as I run an OpenLDAP server
but looking at the config there's a whole bunch of attributes we don't
currently have like "isMemberOf, hasMember, seeAlso" etc. I've just
spotted an "eduMember.schema" file so I've added that to the server and
re-started the bulkSync. In the meantime my config files are attached in
case there's anywhere obvious I'm going wrong.

On 03/09/14 09:25, Mark Cairney wrote:
> OK that sounds equally as complicated- I'm even having trouble picturing
> what the config looks like in my head. Ultimately what I'd like to have
> is Grouper exporting only specified stems (e.g.
> affiliations,courses,org) to an individual target LDAP server.
>
> I've been pointed in the direction of some docs + powerpoints by Bryan,
> looking through this it looks like this could be do-able using Group
> Filters in the GroupDataConnector in psp-resolver.xml. This is likely to
> result in the group OU's changing but we may have to live with that as
> they are themselves a result of us provisioning each stem individually
> on Grouper 1.5 which was a workaround to do this.
>
> I'm probably trying to run before I can walk anyway so I'll proceed with
> a base config to provision all stems on Dev and once that's working look
> at this side of things.
>
> Kind regards,
>
> Mark
>
> On 02/09/14 16:10, David Langenberg wrote:
>> Hi Mark,
>>
>> Even in the multiple case, you'll still have one ldap.properties, but
>> you'll now also have the individual ldap connector configs.  I don't think
>> there's going to be a sane way to break up the configs unfortunately.
>>
>> Dave
>>
>>
>> On Tue, Sep 2, 2014 at 3:47 AM, Mark Cairney <> wrote:
>>
>>> Hi,
>>>
>>> We're looking to upgrade from our existing 1.5 install to 2.2 and this
>>> means moving from LDAPPC to PSP.
>>>
>>> In our current setup which I'd like to replicate we a subset of stems
>>> provisioned, each of which has it's own separate ldappc.xml file.
>>>
>>> Looking at the examples there is a multiple openLDAP example so my
>>> current thinking is to have multiple "ldap.properties" files for each
>>> stem. Is this possible/ sensible?
>>>
>>> We use the "memberOf" overlay so we would only be looking to export the
>>> groups and their members.
>>>
>>> I'll admit that having not looked much at Grouper since we initially got
>>> it working the new approach seems to have a baffling amount of
>>> configuration options and files so a helping hand would be appreciated :-)
>>>
>>> Kind regards,
>>>
>>> Mark
>>>
>>> --
>>> /****************************
>>>
>>> Mark Cairney
>>> ITI UNIX Section
>>> Information Services
>>> University of Edinburgh
>>>
>>> Tel: 0131 650 6565
>>> Email:
>>> PGP: 0x435A9621
>>>
>>> *******************************/
>>>
>>> The University of Edinburgh is a charitable body, registered in
>>> Scotland, with registration number SC005336.
>>>
>>>
>>
>>
>

--
/****************************

Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email:
PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

--
David Langenberg

Identity & Access Management

The University of Chicago