grouper-users - Re: [grouper-users] Re: Grouper PSPNG
Subject: Grouper Users - Open Discussion List
List archive
- From: Akki Kumar <>
- To: "Bee-Lindgren, Bert" <>
- Cc: Dave Churchley <>, Jeffrey Crawford <>, "" <>
- Subject: Re: [grouper-users] Re: Grouper PSPNG
- Date: Tue, 21 Feb 2017 14:27:34 -0500
- Ironport-phdr: 9a23:5j7Xjhb+P7GyrXURpn8/m0b/LSx+4OfEezUN459isYplN5qZrsm7bnLW6fgltlLVR4KTs6sC0LuL9fm8EjVauN6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCzbL52LBi6txjdu8YZjYd/NKo91wbCr2dVdehR2W5mP0+YkQzm5se38p5j8iBQtOwk+sVdT6j0fLk2QKJBAjg+PG87+MPktR/YTQuS/XQcSXkZkgBJAwfe8h73WIr6vzbguep83CmaOtD2TawxVD+/4apnVAPkhSEaPDMi7mrZltJ/g75aoBK5phxw3YjUYJ2ONPFjeq/RZM4WSXZdUspUUSFKH4GyYJYVD+cZP+lYoYnzqVUNoxWjGwejGPjixSVUinLsx6A2z/gtHAPA0Qc9H9wOqnPUrNDtOaoOUuC1z6jIxijGYfNL3Dfy8pLIeQ0mrP6WWLJ/a8vQyUgpFwPKl1WQtJLqPyiJ1uQMtGib6fFgWf6zh2MlsAxxrT2vyd0tionNnI4a1lfE9SBgzYszONa2Rkl7Ydu+H5tRsSGXL4p2QsU+Q252oiY6zKMJuYKlcCQQ1pso2gPfZ+Sbc4iI+BLsSvyeLipiiHJ/ZbK/gRC/+lWjxO3kTsS4zldHojZHn9TJuHAA1Afc5tSCR/Zy4kutxTiC2gXP5e1YL0A5kK/WJ4Avz7M/kJcYrF7NETXsmErsia+bbkUk9fas6+Tgerjmo4WTN45wig3nNaQuhtCzDf03MwQQUWWW9v6w1LLk/U3+T7VKiuM5nrPFv5DdIMQXvq+5AwlL3YY/8xuzETar3MgakHQCIlJIewmIg5TsNlzBPPz0EfmyjlGwnzt3yfDLO7jsDovDI3XMiLvheKxy609YyAo919Bf4JdUB6kbL/L2QEDwtd3YDhk2Mwyt3uboFs591p8fWWKIBK+ZK7/evUOK6+80LOmMYZUauDf5K/Q/+/Huino5lUcHfaa1xZsXdGy4HvN+LkWWe3rshcoBEX8UsQokVeDqlUaCXiBJZ3apRK884jA7CJm6DYfYWIyhmr2B3CGnHpJIfGBGDE6DEWv2e4meRfgDdT+ScYddlWlOf7WsDqsg0x2hrgL8j/JNI/DIsGVMv5/5yJ5/6uCWkRA0+TNuAsK11GCRCW59gm4DR3k70L0p8mJnzVLW+Kt7grR7CNla/bsdWwIzJ5/awPVnBsvuWwXHZY/RF36pR9ynBXc6SddnkIxGWFp0B9j31kOL5CGtGbJA0uXTXJE=
Hi Bert,Checking status of the below ticket.Since above ticket is holding our Grouper update from 2.2.2 to 2.3.0, please let me know estimated time (for the bug fix) so that I can forward a message to our management and plan accordingly.Thank you,AkkiOn Thu, Oct 6, 2016 at 4:14 PM, Akki Kumar <> wrote:Yes, adding configuration flag seems to be a right way do it since it will give the flexibility to create groups with or without members based on the flag configuration.Thank you,AkkiOn Mon, Oct 3, 2016 at 6:30 AM, Bee-Lindgren, Bert <> wrote:I understand. This thread is about groups that require a member (groupOfNames) and, in particular, what to do with them when the group no longer has members.
My thought is to add a configuration flag memberIsRequired that would both combine group creation with the addition of the initial member as well as delete the group when the last member is removed.
Does this sound right?
Thanks very much,Bert
On Oct 3, 2016, at 4:07 AM, Dave Churchley <> wrote:
+1
Yes, this would definitely be the case for us.
From: [] On Behalf Of Jeffrey Crawford
Sent: 02 October 2016 03:37
To: Akki Kumar <>
Cc: Bee-Lindgren, Bert <>; mchyzerpenn <>;
Subject: Re: [grouper-users] Re: Grouper PSPNG
Would this be an option? I'm wondering if in a situation like AD where you delete a group it may break all permissions that may be assigned to that group. I don't think Windows uses group names in the background rather it uses some sort of SID which would not be re-used.
I may be wrong but we may want pspng to have this "feature" be an option just in case some implementations don't use names as the main identifier. In short some people may want to be able to have empty groups.
just my $0.02 :)
Jeffrey E. Crawford
Enterprise Service Team
Both pilots and IT professionals require training and currency before charging into clouds!
------------------------------
---------
On Fri, Sep 30, 2016 at 9:58 AM, Akki Kumar <
> wrote: Hi Bert,
Thank you for creating Jira ticket.
Yes, grouper should delete group when the last member or all members of the group are deleted.
Thank you,
Akki
On Mon, Sep 26, 2016 at 6:51 AM, Bee-Lindgren, Bert <> wrote:
Akki,
PSPNG does not currently support combining group creation with the addition of the group's initial member. I've created a Jira for adding this.
https://bugs.internet2.edu/jir
a/browse/GRP-1376
Are there any concerns about removing the last member?... does the group need to be deleted?
Sincerely,
Bert
From: Akki Kumar <
>
Sent: Wednesday, September 21, 2016 11:29 AM
To: mchyzerpenn; Bee-Lindgren, Bert
Cc:
Subject: Re: Grouper PSPNG
Hello,
Does PSPNG support member addition while creating a group in LDAP? Our LDAP system requires adding members during group creation and I couldn't find a way do it through PSPNG.
changeLog.consumer.pspng_testO
ne.groupCreationLdifTemplate = dn: cn=${grouperUtil.extensionFrom Name(name)}||cn: ${grouperUtil.extensionFromNam e(name)}||objectclass: groupOfNames||member: <CONFIGURATION_TO_ADD_MEMBER>
Thank you,
Akki
On Tue, Sep 20, 2016 at 10:57 AM, Akki Kumar <
> wrote: Hello,
I am trying to integrate PSPNG with our LDAP system and its erroring out. I followed configuration “Group of Unique Names”: https://spaces.internet2.edu/d
isplay/Grouper/Grouper+Provisi oning%3A+PSPNG
When I run loader with “Group of Unique Names” configuration, it shows below error:
Problem while creating new object: [dn=cn=testGroup,ou=test,ou=te
stgrouper,dc=umd,dc=edu[[cn[te stGroup]], [objectclass[groupOfNames]]]] [org.ldaptive.LdapException@97
9158603::resultCode=OBJECT_CLA SS_VIOLATION, matchedDn=null, responseControls=null, referralURLs=[], messageId=-1, message=LDAPException(resultCo de=65 (object class violation), errorMessage='object class violation'), providerException=LDAPExceptio n(resultCode=65 (object class violation), errorMessage='object class violation')] at org.ldaptive.provider.Provider
Utils.throwOperationException( ProviderUtils.java:55) at org.ldaptive.provider.unboundi
d.UnboundIDConnection.processL DAPException(UnboundIDConnecti on.java:543) at org.ldaptive.provider.unboundi
d.UnboundIDConnection.add(Unbo undIDConnection.java:317) at edu.internet2.middleware.group
er.pspng.LdapProvisioner.perfo rmLdapAdd(LdapProvisioner.java :253) at edu.internet2.middleware.group
er.pspng.LdapGroupProvisioner. createGroup(LdapGroupProvision er.java:226) at edu.internet2.middleware.group
er.pspng.LdapGroupProvisioner. createGroup(LdapGroupProvision er.java:54) at edu.internet2.middleware.group
er.pspng.Provisioner.prepareGr oupCache(Provisioner.java:678) at edu.internet2.middleware.group
er.pspng.Provisioner.startProv isioningBatch(Provisioner.java :453) at edu.internet2.middleware.group
er.pspng.FullSyncProvisioner.p rocessGroup(FullSyncProvisione r.java:314) at edu.internet2.middleware.group
er.pspng.FullSyncProvisioner.t hread_manageFullSyncProcessing (FullSyncProvisioner.java:175) at edu.internet2.middleware.group
er.pspng.FullSyncProvisioner$1 .run(FullSyncProvisioner.java: 133) at java.lang.Thread.run(Thread.ja
va:745) Caused by: LDAPException(resultCode=65 (object class violation), errorMessage='object class violation')
at com.unboundid.ldap.sdk.LDAPCon
nection.add(LDAPConnection.jav a:1969) at org.ldaptive.provider.unboundi
d.UnboundIDConnection.add(Unbo undIDConnection.java:311) ... 9 more
Questions:
· * What configuration are needed to add members during group creation by Grouper?
changeLog.consumer.pspng_testO
ne.groupCreationLdifTemplate = dn: cn=${grouperUtil.extensionFrom Name(name)}||cn: ${grouperUtil.extensionFromNam e(name)}||objectclass: groupOfNames||member: <CONFIGURATION_TO_ADD_MEMBER> · * Also when I set attribute supportsEmptyGroups = false, it still throws above error. Does PSPSNG supportsEmptyGroups attribute works when set to false?
Thank you,
Akki
- Re: [grouper-users] Re: Grouper PSPNG, Akki Kumar, 02/09/2017
- Re: [grouper-users] Re: Grouper PSPNG, Akki Kumar, 02/21/2017
Archive powered by MHonArc 2.6.19.