Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Re: Grouper PSPNG

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Re: Grouper PSPNG

Chronological Thread 
  • From: Akki Kumar <>
  • To: "Bee-Lindgren, Bert" <>
  • Cc: Dave Churchley <>, Jeffrey Crawford <>, "" <>
  • Subject: Re: [grouper-users] Re: Grouper PSPNG
  • Date: Tue, 21 Feb 2017 14:27:34 -0500
  • Ironport-phdr: 9a23:5j7Xjhb+P7GyrXURpn8/m0b/LSx+4OfEezUN459isYplN5qZrsm7bnLW6fgltlLVR4KTs6sC0LuL9fm8EjVauN6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCzbL52LBi6txjdu8YZjYd/NKo91wbCr2dVdehR2W5mP0+YkQzm5se38p5j8iBQtOwk+sVdT6j0fLk2QKJBAjg+PG87+MPktR/YTQuS/XQcSXkZkgBJAwfe8h73WIr6vzbguep83CmaOtD2TawxVD+/4apnVAPkhSEaPDMi7mrZltJ/g75aoBK5phxw3YjUYJ2ONPFjeq/RZM4WSXZdUspUUSFKH4GyYJYVD+cZP+lYoYnzqVUNoxWjGwejGPjixSVUinLsx6A2z/gtHAPA0Qc9H9wOqnPUrNDtOaoOUuC1z6jIxijGYfNL3Dfy8pLIeQ0mrP6WWLJ/a8vQyUgpFwPKl1WQtJLqPyiJ1uQMtGib6fFgWf6zh2MlsAxxrT2vyd0tionNnI4a1lfE9SBgzYszONa2Rkl7Ydu+H5tRsSGXL4p2QsU+Q252oiY6zKMJuYKlcCQQ1pso2gPfZ+Sbc4iI+BLsSvyeLipiiHJ/ZbK/gRC/+lWjxO3kTsS4zldHojZHn9TJuHAA1Afc5tSCR/Zy4kutxTiC2gXP5e1YL0A5kK/WJ4Avz7M/kJcYrF7NETXsmErsia+bbkUk9fas6+Tgerjmo4WTN45wig3nNaQuhtCzDf03MwQQUWWW9v6w1LLk/U3+T7VKiuM5nrPFv5DdIMQXvq+5AwlL3YY/8xuzETar3MgakHQCIlJIewmIg5TsNlzBPPz0EfmyjlGwnzt3yfDLO7jsDovDI3XMiLvheKxy609YyAo919Bf4JdUB6kbL/L2QEDwtd3YDhk2Mwyt3uboFs591p8fWWKIBK+ZK7/evUOK6+80LOmMYZUauDf5K/Q/+/Huino5lUcHfaa1xZsXdGy4HvN+LkWWe3rshcoBEX8UsQokVeDqlUaCXiBJZ3apRK884jA7CJm6DYfYWIyhmr2B3CGnHpJIfGBGDE6DEWv2e4meRfgDdT+ScYddlWlOf7WsDqsg0x2hrgL8j/JNI/DIsGVMv5/5yJ5/6uCWkRA0+TNuAsK11GCRCW59gm4DR3k70L0p8mJnzVLW+Kt7grR7CNla/bsdWwIzJ5/awPVnBsvuWwXHZY/RF36pR9ynBXc6SddnkIxGWFp0B9j31kOL5CGtGbJA0uXTXJE=

Hi Bert,

At your earliest convenience, please let me know estimated time for the bug fix.

Thank you,

On Thu, Feb 9, 2017 at 3:43 PM, Akki Kumar <> wrote:
Hi Bert,

Checking status of the below ticket. 

Since above ticket is holding our Grouper update from 2.2.2 to 2.3.0, please let me know estimated time (for the bug fix) so that I can forward a message to our management and plan accordingly.

Thank you,

On Thu, Oct 6, 2016 at 4:14 PM, Akki Kumar <> wrote:
Yes, adding configuration flag seems to be a right way do it since it will give the flexibility to create groups with or without members based on the flag configuration. 

Thank you,

On Mon, Oct 3, 2016 at 6:30 AM, Bee-Lindgren, Bert <> wrote:
I understand. This thread is about groups that require a member (groupOfNames) and, in particular, what to do with them when the group no longer has members. 

My thought is to add a configuration flag memberIsRequired that would both combine group creation with the addition of the initial member as well as delete the group when the last member is removed. 

Does this sound right?

Thanks very much,

On Oct 3, 2016, at 4:07 AM, Dave Churchley <> wrote:



Yes, this would definitely be the case for us.


From: [] On Behalf Of Jeffrey Crawford
Sent: 02 October 2016 03:37
To: Akki Kumar <>
Cc: Bee-Lindgren, Bert <>; mchyzerpenn <>;
Subject: Re: [grouper-users] Re: Grouper PSPNG


Would this be an option? I'm wondering if in a situation like AD where you delete a group it may break all permissions that may be assigned to that group. I don't think Windows uses group names in the background rather it uses some sort of SID which would not be re-used.


I may be wrong but we may want pspng to have this "feature" be an option just in case some implementations don't use names as the main identifier. In short some people may want to be able to have empty groups.


just my $0.02 :)

Jeffrey E. Crawford
Enterprise Service Team


Both pilots and IT professionals require training and currency before charging into clouds!



On Fri, Sep 30, 2016 at 9:58 AM, Akki Kumar <> wrote:

Hi Bert,


Thank you for creating Jira ticket. 


Yes, grouper should delete group when the last member or all members of the group are deleted.



Thank you,



On Mon, Sep 26, 2016 at 6:51 AM, Bee-Lindgren, Bert <> wrote:



PSPNG does not currently support combining group creation with the addition of the group's initial member. I've created a Jira for adding this.


Are there any concerns about removing the last member?... does the group need to be deleted?





From: Akki Kumar <>
Sent: Wednesday, September 21, 2016 11:29 AM
To: mchyzerpenn; Bee-Lindgren, Bert
Subject: Re: Grouper PSPNG




Does PSPNG support member addition while creating a group in LDAP? Our LDAP system requires adding members during group creation and I couldn't find a way do it through PSPNG


changeLog.consumer.pspng_testOne.groupCreationLdifTemplate = dn: cn=${grouperUtil.extensionFromName(name)}||cn: ${grouperUtil.extensionFromName(name)}||objectclass: groupOfNames||member: <CONFIGURATION_TO_ADD_MEMBER>



Thank you,





On Tue, Sep 20, 2016 at 10:57 AM, Akki Kumar <> wrote:



I am trying to integrate PSPNG with our LDAP system and its erroring out. I followed configuration “Group of Unique Names”:



When I run loader with “Group of Unique Names” configuration, it shows below error:


Problem while creating new object: [dn=cn=testGroup,ou=test,ou=testgrouper,dc=umd,dc=edu[[cn[testGroup]], [objectclass[groupOfNames]]]]

[org.ldaptive.LdapException@979158603::resultCode=OBJECT_CLASS_VIOLATION, matchedDn=null, responseControls=null, referralURLs=[], messageId=-1, message=LDAPException(resultCode=65 (object class violation), errorMessage='object class violation'), providerException=LDAPException(resultCode=65 (object class violation), errorMessage='object class violation')]

        at org.ldaptive.provider.ProviderUtils.throwOperationException(

        at org.ldaptive.provider.unboundid.UnboundIDConnection.processLDAPException(

        at org.ldaptive.provider.unboundid.UnboundIDConnection.add(

        at edu.internet2.middleware.grouper.pspng.LdapProvisioner.performLdapAdd(

        at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(

        at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(

        at edu.internet2.middleware.grouper.pspng.Provisioner.prepareGroupCache(

        at edu.internet2.middleware.grouper.pspng.Provisioner.startProvisioningBatch(

        at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.processGroup(

        at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.thread_manageFullSyncProcessing(

        at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner$


Caused by: LDAPException(resultCode=65 (object class violation), errorMessage='object class violation')

        at com.unboundid.ldap.sdk.LDAPConnection.add(

        at org.ldaptive.provider.unboundid.UnboundIDConnection.add(

        ... 9 more





·      *  What configuration are needed to add members during group creation by Grouper?

changeLog.consumer.pspng_testOne.groupCreationLdifTemplate = dn: cn=${grouperUtil.extensionFromName(name)}||cn: ${grouperUtil.extensionFromName(name)}||objectclass: groupOfNames||member: <CONFIGURATION_TO_ADD_MEMBER>

·         *  Also when I set attribute supportsEmptyGroups = false, it still throws above error. Does PSPSNG supportsEmptyGroups attribute works when set to false?


Thank you,





Archive powered by MHonArc 2.6.19.

Top of Page