Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

Ive been discussing this with Norman, and at this point it boils down to needing to add to grouper.properties

 

 

#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)

configuration.autocreate.system.groups = true

 

# A wheel group allows you to enable non-GrouperSystem subjects to act

# like a root user when interacting with the registry.

groups.wheel.use                      = true

 

 

 

I think we should change grouper.base.properties to have those settings by default.  I could see why people would want them off, but more people would want them on and have fewer errors.  Sound good?  J

 

https://bugs.internet2.edu/jira/browse/GRP-1430

 

Thanks

Chris

 

 

From: Singley, Norman [mailto:]
Sent: Friday, December 02, 2016 2:59 PM
To: Hyzer, Chris <>; Mailing List <>
Subject: RE: Oldap source

 

Chris -

 

Great catch on the umid / uid.  It’s actually the opposite  - I search for uid (what we call netid, in this case ns180505e ).  I fixed that, and now, I am not getting the entity not found error, so THANKS!!. I can successfully add members to the wheel group, but still can’t create any new folders.   When I go to add a folder and search for Root, It says “the value entered is not valid”

 

We seem to be getting a proper connection to the oldap then, but the privs are not getting assigned to the identities? 

 

 

Yes, I did send /grouper/grouper.ws-2.3.0/grouper-ws/build/dist/grouper-ws/WEB-INF/classes/sources.xml -   All three of the sources.xml are the same. 

 

I’m kind of a novice with the shell. I started it from /grouper/grouper.ui-2.3.0/dist/grouper/WEB-INF/bin/gsh but when I run–registry –drop –runscript it says: Error: unable to evaluate command: Sourced file: inline evaluation of: `` -registry -drop -runscript;'' : illegal use of undefined object or 'void' literal

 

 

 

I do get a cleaner startup now, after clearing out the old logs. 

 

I can successfully query the oldap using gsh:

 

gsh 5% grouperSession = GrouperSession.startRootSession();

edu.internet2.middleware.grouper.GrouperSession: 548aa1e45f3f4dafba0eaf833d3055f4,'GrouperSystem','application'

gsh 6% SubjectFinder.findByIdentifierAndSource("ns180505e", "oid", false);

subject: id='ns180505e' type='person' source='oid' name='Norman Singley'

 

 

 

 

From: Hyzer, Chris []
Sent: Friday, December 02, 2016 12:23 PM
To: Singley, Norman; Mailing List
Subject: RE: Oldap source

 

Your subject id is umid and your subject identifier is uid right?

 

Your search says that but you have this:

 

FROM:

     <init-param>

      <param-name>SubjectID_AttributeType</param-name>

      <param-value>uid</param-value>

    </init-param>

 

Which I think you should change to this:

 

     <init-param>

      <param-name>SubjectID_AttributeType</param-name>

      <param-value>umid</param-value>

    </init-param>

 

The UI is showing subject id of ns180505e which would not be resolved.

 

Any chance you can change that, reinit your database to wipe out the old way you configured it and try again?

 

gsh -registry -drop -runscript

 

Do you still need the sample data and subjects?   I would start fresh without that stuff.

 

Some troubleshooting… after the above…

 

What path of sources.xml did you send me?  Its /grouper/grouper.ui-2.3.0/dist/grouper/WEB-INF/classes/sources.xml   right?

 

If you stop tomcat, delete logs, and start, do you not see that stack in the logs anymore?

 

Add this to the log4j.properties

 

log4j.logger.edu.internet2.middleware.subject = DEBUG

 

Start gsh from /grouper/grouper.ui-2.3.0/dist/grouper/WEB-INF/bin/gsh

 

Try to resolve subjects.  E.g.

 

https://spaces.internet2.edu/pages/viewpage.action?pageId=14517859

 

grouperSession = GrouperSession.startRootSession();

SubjectFinder.findByIdAndSource("790505106", "oid", false);

 

Or

 

grouperSession = GrouperSession.startRootSession();

SubjectFinder.findByIdentifierAndSource("ns180505e", "oid", false);

 

 

 

From: Singley, Norman []
Sent: Friday, December 02, 2016 1:59 PM
To: Hyzer, Chris <>;
Subject: RE: Oldap source

 

Thanks Chris. 

 

Here is the LDIF record for one of the identities.

 

 

Norman Singley

Directory Services

406 243 6799

 

 

 

From: Hyzer, Chris []
Sent: Friday, December 02, 2016 11:54 AM
To: Singley, Norman;
Subject: RE: Oldap source

 

Send us what one of those subjects (which should be resolvable but which isn’t) looks like in ldap, all the attributes/values, note feel free to sanitize…

 

From: [] On Behalf Of Singley, Norman
Sent: Friday, December 02, 2016 1:37 PM
To:
Subject: [grouper-users] Oldap source

 

Hi Folks.

 

I had to take a break from working on this, but I have time to get after it again.  I am having trouble, I think with getting all of the identity details from our openldap. I have grouper configured to authenticate through our CAS/Shib, and as far as I can tell, that’s working. 

 

When  I get to the UI, however, none of the members of my wheel group can create new folders.   I can add new members to the wheel group using the UI.

 

Next to the netid, there is an Entity not found error:

 

 

 

 

If I click on an identity, I get an “Error: cannot find subject” in a pink bar at the top of the page.

 

Playing around a bit, I tried going into the lite UI, and when I bring up the member details page I get this:

 

 

 

All three sources.xml files are the same, and attached. 

So, I’m not really sure where to go next.  Thanks for any help. 

 

 

Norman Singley

Directory Services

406 243 6799