grouper-users - [grouper-users] provisioning groups memberships to AD groups
Subject: Grouper Users - Open Discussion List
List archive
- From: <>
- To:
- Subject: [grouper-users] provisioning groups memberships to AD groups
- Date: Wed, 11 Mar 2015 19:55:50 +0000 (UTC)
Trying to add group members to AD groups . below is the error i get . is
there a way to look up members in AD before adding them to groups . bewlow is
my psp.xml and resolver .
2015-03-11 14:45:47,360: [Timer-3] INFO BaseSpmlProvider.execute(351) - -
Target 'ldap' - Modify
ModifyRequest[psoID=PSOIdentifier[id='CN=students,OU=SYNC,DC=exlab,DC=uab,DC=e
du',targetID
=ldap,containerID=<null>],mod=DSMLModification[name=member,op=add],returnData=
everything,requestID=2015/03/11-14:45:47.358]
2015-03-11 14:45:47,360: [Timer-3] INFO BaseSpmlProvider.execute(355) - -
Target 'ldap' - Modify XML:
<modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='group'
requestID='2015/03/11-14:45:47.358' returnData='everything'>
<psoID ID='CN=students,OU=SYNC,DC=exlab,DC=uab,DC=edu' targetID='ldap'/>
<modification modificationMode='add'>
<dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'
name='member' operation='add'>
<dsml:value>elbe</dsml:value>
<dsml:value>elbl</dsml:value>
<dsml:value>elbr</dsml:value>
<dsml:value>elbu</dsml:value>
<dsml:value>elco</dsml:value>
<dsml:value>eldo</dsml:value>
<dsml:value>eled</dsml:value>
<dsml:value>elma</dsml:value>
<dsml:value>elpo</dsml:value>
<dsml:value>elta</dsml:value>
<dsml:value>elto</dsml:value>
<dsml:value>elwi</dsml:value>
</dsml:modification>
</modification>
</modifyRequest>
2015-03-11 14:45:47,361: [Timer-3] DEBUG LdapSpmlTarget.execute(473) - -
Target 'ldap' - Modifying
'ModifyRequest[psoID=PSOIdentifier[id='CN=students,OU=SYNC,DC=exlab,DC=uab,DC=
edu',target
ID=ldap,containerID=<null>],mod=DSMLModification[name=member,op=add],returnDat
a=everything,requestID=2015/03/11-14:45:47.358]'
2015-03-11 14:45:47,361: [Timer-3] DEBUG LdapSpmlTarget.execute(474) - -
Target 'ldap' - Modifications '[Add attribute: member: elbe, elbl, elbr, elbu,
elco, eldo, eled, elma, elpo, elta,
elto, elwi]'
2015-03-11 14:45:47,361: [Timer-3] DEBUG LdapSpmlTarget.execute(476) - -
Target 'ldap' - Modify DN 'CN=students,OU=SYNC,DC=exlab,DC=uab,DC=edu'
2015-03-11 14:45:47,367: [Timer-3] ERROR BaseSpmlProvider.execute(386) - -
Target 'ldap' - Modify
ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDA
P: error cod
e 53 - 0000054F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data
0
_]},requestID=2015/03/11-14:45:47.358]
2015-03-11 14:45:47,368: [Timer-3] ERROR BaseSpmlProvider.execute(388) - -
Target 'ldap' - Modify XML:
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
requestID='2015/03/11-14:45:47.358' error='customError'>
<errorMessage>[LDAP: error code 53 - 0000054F: SvcErr: DSID-031A120C,
problem 5003 (WILL_NOT_PERFORM), data 0
_]</errorMessage>
</modifyResponse>
2015-03-11 14:45:47,368: [Timer-3] ERROR BaseSpmlProvider.execute(386) - -
Target 'psp' - Modify
ModifyResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDA
P: error code
53 - 0000054F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
_]},requestID=2015/03/11-14:45:47.358]
2015-03-11 14:45:47,368: [Timer-3] ERROR BaseSpmlProvider.execute(388) - -
Target 'psp' - Modify XML:
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure'
requestID='2015/03/11-14:45:47.358' error='customError'>
<errorMessage>[LDAP: error code 53 - 0000054F: SvcErr: DSID-031A120C,
problem 5003 (WILL_NOT_PERFORM), data 0
_]</errorMessage>
</modifyResponse>
----------------
psp.xml
<!-- Provision a grouper group as an ldap group. -->
<pso
id="group"
authoritative="true"
allSourceIdentifiersRef="groupNames">
<!-- The ldap group DN. -->
<identifier
ref="groupDn"
targetId="ldap"
containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />
<!-- Identifies ldap group objects which exist on the target by
objectClass attribute value. -->
<identifyingAttribute
name="objectClass"
value="${edu.internet2.middleware.psp.groupObjectClass}" />
<!-- The "old" ldap group DN if a group has been renamed. -->
<alternateIdentifier ref="groupDnAlternate" />
<!-- The "old" ldap group DN calculated from group update change log
events. -->
<alternateIdentifier ref="groupDnAlternateChangeLog" />
<!-- The ldap group "objectClass" attribute. -->
<attribute
name="objectClass"
ref="groupObjectclass" />
<!-- The ldap group "cn" attribute. -->
<attribute name="cn" />
<!-- The ldap group "description" attribute. -->
<attribute
name="description"
ref="groupDescription" />
<!-- See http://ldapwiki.willeke.com/wiki/SamAccountName. -->
<attribute
name="sAMAccountName"
ref="cn" />
<!-- The ldap group "hasMember" attribute includes the ids of the subjects
that are members of the group. -->
<attribute
name="member"
ref="hasMember" />
<!-- The ldap group "member" attribute. -->
<references
name="member"
caseSensitive="false">
<reference
ref="membersLdap"
toObject="member" />
<reference
ref="membersGsa"
toObject="group" />
</references>
</pso>
------------------------
resolver.xml
<!-- The values of the group "hasMember" attribute include the names of the
groups which are members of the group. -->
<!-- The values of the group "hasMember" attribute include the ids of the
subjects which are members of the group. -->
<resolver:AttributeDefinition
id="hasMember"
xsi:type="grouper:Member"
sourceAttributeID="members">
<resolver:Dependency ref="GroupDataConnector" />
<grouper:Attribute
id="name"
source="ldap" />
<grouper:Attribute
id="name"
source="g:gsa" />
<grouper:Attribute
id="id"
source="jdbc" />
</resolver:AttributeDefinition>
- [grouper-users] provisioning groups memberships to AD groups, kripal, 03/11/2015
Archive powered by MHonArc 2.6.16.