grouper-users - [grouper-users] PSP wants to delete cn and sAMAccountName for bulkSync?
Subject: Grouper Users - Open Discussion List
List archive
- From: Sean Mason <>
- To: "" <>
- Subject: [grouper-users] PSP wants to delete cn and sAMAccountName for bulkSync?
- Date: Fri, 3 Jun 2016 13:32:02 +0000
- Accept-language: en-CA, en-US
|
Hi There, I’m trying to get the PSP provisioning a couple of groups to an Active Directory. I am using version 2.3.0, and the psp-example-grouper-to-active-directory almost stock, save for our own sources.xml, references to it in the psp* config files, and ldap.properties configuration to suit our environment. When running gsh –psp –sync <groupName> for the first time for a group, and the operation is successful. However, if I try a second time to provision the same group (when there are no changes), it appears the software is attempting to
delete the CN and sAMAccountName attributes from the object, which the directory refuses to do. This is the request that I believe is the problem: <modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='group' requestID='2016/06/03-09:16:39.880' returnData='everything'> <psoID ID='CN=UW:SomeGroup,ou=grouper, ou=security groups,dc=example,dc=com' targetID='ldap'/> <modification modificationMode='delete'> <dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn' operation='delete'> <dsml:value>UW:SomeGroup</dsml:value> </dsml:modification> </modification> <modification modificationMode='delete'> <dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='sAMAccountName' operation='delete'> <dsml:value>$9G5A00-AVEGL41UBVKA</dsml:value> </dsml:modification> </modification> </modifyRequest> The response (I believe rightly) comes back: <psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2016/06/03-09:23:58.617' error='customError'> <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2016/06/03-09:23:58.851' error='customError'> <errorMessage>[LDAP: error code 53 - 00002077: SvcErr: DSID-031903C7, problem 5003 (WILL_NOT_PERFORM), data 0 _]</errorMessage> </modifyResponse> <errorMessage>[LDAP: error code 53 - 00002077: SvcErr: DSID-031903C7, problem 5003 (WILL_NOT_PERFORM), data 0 _]</errorMessage> <psp:id ID='UW:SomeGroup'/> </psp:syncResponse> I am at a loss on how to stop this behavior when there are no changes required on a group.
Any advice would be appreciated, Thanks, Sean. |
- [grouper-users] PSP wants to delete cn and sAMAccountName for bulkSync?, Sean Mason, 06/03/2016
Archive powered by MHonArc 2.6.16.