Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Re: PSPNG failing to create records that already exist

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Re: PSPNG failing to create records that already exist


Chronological Thread 
  • From: Jeffrey Crawford <>
  • To: "Bee-Lindgren, Bert A" <>
  • Cc: Gouper Users List <>
  • Subject: Re: [grouper-users] Re: PSPNG failing to create records that already exist
  • Date: Tue, 28 Jun 2016 16:40:27 -0700

yes I do have something similar to what you posted. However our LDAP doesn't let us search on dn so we search against entryDN. We have to modify the dn string somewhat since we provision out from something higher than the root grouper tree:

(&(objectclass=groupOfNames)(entryDN=${utils.bushyDn(group.name, "cn", "ou").substring(0, utils.bushyDn(group.name, "cn", "ou").length()-15)},ou=svc,ou=groups,dc=ucsc,dc=edu))

Jeffrey E. Crawford
Enterprise Service Team

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------

On Tue, Jun 28, 2016 at 1:06 PM, Bee-Lindgren, Bert A <> wrote:

There appears to be a bug related to searching/matching based on DN. Is it true that your configuration includes something like the following?

changeLog.consumer.pspng_groupOfUniqueNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(dn=${utils.bushyDn(group.name, "cn", "ou")}))

If so (and gidNumber can't be used), I'll coordinate something so that the filter works.


Thanks,

  Bert






From: <> on behalf of Jeffrey Crawford <>
Sent: Tuesday, June 28, 2016 1:02 PM
To: Gouper Users List
Subject: [grouper-users] Re: PSPNG failing to create records that already exist
 
Bump :)

Jeffrey E. Crawford
Enterprise Service Team

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------

On Fri, Jun 17, 2016 at 12:39 PM, Jeffrey Crawford <> wrote:
Greetings,

I've got the DN naming squared away but The system seems to be unable to understand that a group already exists. basically I'm finding the following in my LDAP logs:

[2016-Jun-17 12:30:23.863 -0700] SEARCH REQ conn=1663604 op=187 msgID=188 base="ou=svc,ou=groups,dc=ucsc,dc=edu" scope=wholeSubtree filter="(|(&(objectclass=groupOfNames)(entryDN=cn=group,ou=substem,ou=its,ou=svc,ou=groups,dc=ucsc,dc=edu)))" attrs="cn,gidNumber,samAccountName,objectclass,member"
[2016-Jun-17 12:30:23.863 -0700] SEARCH RES conn=1663604 op=187 msgID=188 result=0 nentries=1 etime=1
[2016-Jun-17 12:30:24.073 -0700] ADD REQ conn=1663603 op=193 msgID=194 dn="cn=group,ou=substem,ou=its,ou=svc,ou=groups,dc=ucsc,dc=edu"
[2016-Jun-17 12:30:24.073 -0700] ADD RES conn=1663603 op=193 msgID=194 result=68 message="The entry cn=group,ou=substem,ou=its,ou=svc,ou=groups,dc=ucsc,dc=edu cannot be added because an entry with that name already exists" etime=1

Is this a bug or do I need to make sure an additional attribute is being returned?

Jeffrey E. Crawford
Enterprise Service Team

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------





Archive powered by MHonArc 2.6.16.

Top of Page