Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] psp : sync ok but not bulkSync

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] psp : sync ok but not bulkSync


Chronological Thread 
  • From: Jeffrey Crawford <>
  • To: Wallaert-Taquet Brigitte <>
  • Cc: Gouper Users List <>
  • Subject: Re: [grouper-users] psp : sync ok but not bulkSync
  • Date: Tue, 20 Oct 2015 12:17:03 -0700
I had a similar problem that was caused by me doing fancy things, not sure if its the same problem you have but look here
https://lists.internet2.edu/sympa/arc/grouper-users/2014-11/msg00093.html

Jeffrey E. Crawford
ITS Application Administrator (IdM)
831-459-4365

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------

On Mon, Oct 19, 2015 at 8:07 AM, Wallaert-Taquet Brigitte <> wrote:
Hello,

I test psp with a ldap test server and I probably forgot something...

The psp -sync with a specific group is ok but not the bulkSync.

For example, this is ok :
./gsh.sh -psp -sync mes-groupes:appli:nuxeo-admin -entityName group

I obtain that :
<psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='success' requestID='2015/10/19-16:45:02.104'>
  <addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='2015/10/19-16:45:03.321'>
    <pso entityName='group'>
      <psoID ID='cn=appli:nuxeo-admin,ou=groups,dc=univ-lille1,dc=fr' targetID='ldap'/>
      <data>
        <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>
          <dsml:value>groupOfNames</dsml:value>
          <dsml:value>ustlPrivGroupe</dsml:value>
        </dsml:attr>
      </data>
      <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
        <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
          <spmlref:toPsoID ID='uid=user1,ou=people,dc=univ-lille1,dc=fr' targetID='ldap'/>
        </spmlref:reference>
        <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
          <spmlref:toPsoID ID='uid=user2,ou=people,dc=univ-lille1,dc=fr' targetID='ldap'/>
        </spmlref:reference>
      </capabilityData>
    </pso>
  </addResponse>
  <psp:id ID='mes-groupes:appli:nuxeo-admin'/>
</psp:syncResponse>


But when I try that :
./gsh.sh -psp -bulkSync -entityName group

 I obtain this error :
2015-10-19 16:39:24,073: [main] DEBUG Psp.getAllSourceIdentifiers(1582) -  - PSP 'psp' - Calc BulkCalcRequest[id2015-10-19 16:39:24,073: [main] DEBUG Psp.getAllSourceIdentifiers(1582) -  - PSP 'psp' - Calc BulkCalcRequest[id=edu.internet2.middleware.psp.spml.request.BulkProvisioningRequest,requestID=<null>,returnData=identifier,schemaEntityRef=SchemaEntityRef[targetID=<null>,entityName=group,isContainer=false], Resolved attributes '[groupCnLdap]'.=edu.internet2.middleware.psp.spml.request.BulkProvisioningRequest,requestID=<null>,returnData=identifier,schemaEntityRef=SchemaEntityRef[targetID=<null>,entityName=group,isContainer=false], Resolved attributes '[groupCnLdap]'.

When I pass authoritative to true, the bulkSync delete all the groups with objectClass=groupOfNames in the ldap but don't publish Grouper's groups in the ldap...

Here is my configuration :

a part of my psp.xml :
<pso
    id="group"
    authoritative="true"
    allSourceIdentifiersRef="groupCnLdap">

    <!-- The ldap group DN. -->
    <identifier
      ref="groupDn"
      targetId="ldap"
      containerId="${edu.internet2.middleware.psp.groupsBaseDn}" />

    <!-- Identifies ldap group objects which exist on the target by objectClass attribute value. -->
    <identifyingAttribute
      name="objectClass"
      value="${edu.internet2.middleware.psp.groupObjectClass}" />

    <attribute name="objectClass" />

 <!-- The ldap group "member" attribute. -->
    <references name="member">

      <reference
        ref="membersLdap"
        toObject="member" />
      <reference
        ref="membersGsa"
        toObject="group" />
    </references>
  </pso>

a part of my psp-resolver.xml :
  <resolver:DataConnector   id="GroupPSPConnector"
    xsi:type="grouper:GroupDataConnector">
   <grouper:Filter xsi:type="grouper:GroupExactAttribute" name="psp-publication" value="true" />
    <grouper:Attribute id="members" />
    <grouper:Attribute id="groups" />
  </resolver:DataConnector>

  <resolver:AttributeDefinition
    id="groupCnLdap"
    xsi:type="ad:Simple">
    <resolver:Dependency ref="GroupPSPConnector" />
  </resolver:AttributeDefinition>

  <resolver:AttributeDefinition
    id="groupDn"
    xsi:type="psp-grouper-ldap:LdapDnFromGrouperNamePSOIdentifier"
    structure="${edu.internet2.middleware.psp.structure}"
    sourceAttributeID="cn-ldap"
    baseDn="${edu.internet2.middleware.psp.groupsBaseDn}"
    rdnAttributeName="cn" >
    <resolver:Dependency ref="GroupPSPConnector" />
    <resolver:Dependency ref="UpdateGroupNameChangeLogDataConnector" />
    <resolver:Dependency ref="UpdateGroupDescriptionChangeLogDataConnector" />
  </resolver:AttributeDefinition>

a part of my ldap.properties :
edu.internet2.middleware.psp.groupsBaseDn=ou=groups,dc=univ-lille1,dc=fr
edu.internet2.middleware.psp.groupObjectClass=groupOfNames
edu.internet2.middleware.psp.structure=flat

I have several groups with a psp-publication=true (see screen.jpg).

Any idea for help ?

Thanks a lot !
--
Logo Université de Lille Sciences et Technologies

Brigitte WALLAERT TAQUET
Cheffe de projet GED Nuxeo
Experte Grouper d'Internet2

Université de Lille - Sciences et Technologies
| www.univ-lille1.fr
Service: CRI Bât. M4 - Bureau 34 59655 Villeneuve d'Ascq
Tél. +33 (0)3 20 33 71 65


Archive powered by MHonArc 2.6.16.

Top of Page