grouper-users - Re: [grouper-users] Active Directory >1500 group members

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Active Directory >1500 group members

From: Jeffrey Crawford <>
To: "Eszes, Gabor" <>
Cc: Gouper Users List <>
Subject: Re: [grouper-users] Active Directory >1500 group members
Date: Tue, 1 Nov 2016 11:26:54 -0700
Ironport-phdr: 9a23:7S/UaxD5yB/p3ssELIKiUyQJP3N1i/DPJgcQr6AfoPdwSP79rsbcNUDSrc9gkEXOFd2CrakV0ayG6uu5ADVIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBybrysXNWD1YLnjqvrosSbSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYeVcyDAgD1uSmxHh+pX4p8Y7oGx48sgs/M9YUKj8Y79wDfkBVGxnYCgJ45ihmALRQBDLrlQVWGIM2FIcLCXe/hzhdpD9r233uvcriweAOsijb706Vy6v/u9AUhb3hiAdO3Zt8mzZhNZ9nalzvRm6rFpyz5OCM9LdD+Z3Yq6IJYBSfmFGRMsEEnUZWo4=

I'm seeing the following, which does indeed look like it's missing the handler in question:

2016-11-01 11:08:36,579: [main] DEBUG AbstractLdap.search(193) -  - Search with the following parameters:
2016-11-01 11:08:36,579: [main] DEBUG AbstractLdap.search(194) -  -   dn = cn=eligibletologin,ou=au groups,ou=groups,dc=autest,dc=ucsc,dc=edu
2016-11-01 11:08:36,579: [main] DEBUG AbstractLdap.search(195) -  -   filter = objectclass=*
2016-11-01 11:08:36,579: [main] DEBUG AbstractLdap.search(196) -  -   filterArgs = []
2016-11-01 11:08:36,580: [main] DEBUG AbstractLdap.search(197) -  -   searchControls = javax.naming.directory.SearchControls@165ed70d
2016-11-01 11:08:36,580: [main] DEBUG AbstractLdap.search(198) -  -   handler = [edu.internet2.middleware.psp.ldap.QuotedDnResultHandler@d271d6c, edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@a302f30, edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler@1860b107]


So I looked around to see where these were being set, and lo and behold it seems to be reading from vim psp-vt-ldap-4.xml which some of the examples used. So looks like it's working now. I guess sometimes I just need the right prompt :).

Jeffrey E. Crawford
Enterprise Service Team

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

On Tue, Nov 1, 2016 at 10:13 AM, Eszes, Gabor <> wrote:

The RangeSearchResultHandler, per its source code [1], will log its workings at DEBUG level. You can see if it's doing anything at all.

I don't remember which, but the logger category either starts with 'edu.vt.middleware.ldap' or 'edu.internet2.middleware.psp.ldap'.

[1] https://github.com/Internet2/grouper-psp/blob/master/psp-ldap-target/src/main/java/edu/internet2/middleware/psp/ldap/RangeSearchResultHandler.java

________________________________________
From: <> on behalf of Jeffrey Crawford <>
Sent: Sunday, October 30, 2016 2:25 AM
To: Gouper Users List
Subject: [grouper-users] Active Directory >1500 group members

I've gotten Active Directory to work but I'm running into the > 1500 members issue. I've added the following to the file which doesn't complain but doesn't seem to fix the issue

ldap.properties
edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.psp.ldap.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.internet2.middleware.psp.ldap.RangeSearchResultHandler

Jeffrey E. Crawford
Enterprise Service Team<mailto:>

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------

Re: [grouper-users] Active Directory >1500 group members, Eszes, Gabor, 11/01/2016
- Re: [grouper-users] Active Directory >1500 group members, Jeffrey Crawford, 11/01/2016
- <Possible follow-up(s)>
- Re: [grouper-users] Active Directory >1500 group members, Bee-Lindgren, Bert, 11/01/2016
  - Re: [grouper-users] Active Directory >1500 group members, Jeffrey Crawford, 11/01/2016
    - Re: [grouper-users] Active Directory >1500 group members, Bee-Lindgren, Bert, 11/01/2016
      - Re: [grouper-users] Active Directory >1500 group members, Jeffrey Crawford, 11/01/2016

List archive

Re: [grouper-users] Active Directory >1500 group members