grouper-users - [grouper-users] Troubles with Grouper PSP
Subject: Grouper Users - Open Discussion List
List archive
- From: Sean Mason <>
- To: "" <>
- Subject: [grouper-users] Troubles with Grouper PSP
- Date: Thu, 9 Jun 2016 14:18:07 +0000
- Accept-language: en-CA, en-US
Hi There, This is the second part to issues I’ve been having with Grouper 2.3.0. This part is related to provisioning the single group to an active directory security group. I started with an attempt at using “PSPNG”, and fell back to using the
“PSP”. I managed to get “PSP” working, but with a configuration that was confusing enough to me that I am not yet ready to trust the solution until I have a better understanding. I’m hoping someone can shed some light. I’m running Grouper 2.3.0, on RHEL 7, Oracle JDK 1.8.0_91. The repository is Postgres 9.2.14. I’m using Oracle JDK 1.7.0_79 for the PSP, so I didn’t have to work around the delivered scripts in the psp-resolver.xml The target is a single group in Active Directory, over which Grouper will have full control. I started with psp-example-grouper-to-active-directory as a base at first, editing only ldap.properties, selecting ‘flat’ structure, which resulted in issues I was unable to resolve: 1)
Add worked fine, but any modification resulted in the PSP wanting to delete the attributes “CN”, and “sAMAccountName”, which resulted in an active directory “unwilling to perform” error 2)
sAMAccountName was provisioned as the object GUID, rather than the object name I moved to psp-example-grouper-to-openldap-multiple as a base, editing psp.xml, and psp-services.xml, and psp-resolver.xml to include a single source. I will attach sanitized samples along with this note. With this base, I had more success,
except, every other bulkSync resulted in the removal of the desired group entirely. The next “bulkSync” would add the group back, then remove, and so on. However, if I changed the ‘authoritative’ attribute to ‘false’ in the group PSO object, that behavior was resolved. Resolution is a good thing, but I really do not understand why assigning grouper ‘authority’ over groups results in their
removal for every other run. I want it to have authority to remove rogue groups in the OU it has control over. Can someone shed some light? Thanks, Sean. |
Attachment:
nexus_psp.xml
Description: nexus_psp.xml
Attachment:
psp.xml
Description: psp.xml
Attachment:
psp-resolver.xml
Description: psp-resolver.xml
Attachment:
psp-services.xml
Description: psp-services.xml
- [grouper-users] Troubles with Grouper PSP, Sean Mason, 06/09/2016
- [grouper-users] RE: Troubles with Grouper PSP, Sean Mason, 06/09/2016
Archive powered by MHonArc 2.6.16.