grouper-users - Re: [grouper-users] Re: Error - Found multiple matching subjects
Subject: Grouper Users - Open Discussion List
List archive
- From: Stephen A Sazama <>
- To: "Hyzer, Chris" <>
- Cc: Akki Kumar <>, "" <>
- Subject: Re: [grouper-users] Re: Error - Found multiple matching subjects
- Date: Wed, 24 May 2017 12:08:18 -0400
- Ironport-phdr: 9a23:46wUZhwV1eva0j7XCy+O+j09IxM/srCxBDY+r6Qd2u4QIJqq85mqBkHD//Il1AaPBtSErakdwLuO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFKiTanb75+MRq6oAHNusILnYZsN6E9xwfTrHBVYepW32RoJVySnxb4+Mi9+YNo/jpTtfw86cNOSL32cKskQ7NWCjQmKH0169bwtRbfVwuP52ATXXsQnxFVHgXK9hD6XpP2sivnqupw3TSRMMPqQbwoXzmp8qFmQwLqhigaLT406GPYisJwgqxVoxyvugJxzJLPbY6PKPZzZLnQcc8GSWdDWMtaSixPApm7b4sKF+cPIPpYoJflp1sOsxS+AxSnCf/ywTFVnHD33Lc10+E7Hgrb2wEgBMkOv27VrdrvMacdS/u4zLTNzTredf9Zxyry6JXRfx0nvPqCU7Vwcc/LxkkuEQPIlluRppL+MDOO0eQCr2ub4PR8Ve61kG4otRl9ojmzxsc3kIXJmpoVxkjL9SV+x4Y1Ktm4R1BhbdG4F5tQsjmWN4pwQsM+XW5ooiA6xaMauZKlZiQF1okoxwPHZ/ybc4iI+AzsW/yMLjtinnJlZbS/iw6p/ki6y+38TdO40FdRriZdktnMqmwN1wTI6seZUPt94EOh1iiT1wzJ6OFLO140mrDDJ5483r4wl54TvV7FHiDohEX7irKdeEY8+uWw6unqYa/qqoGSOoNqkA3yL6sjl8KlDek7PQUCR3aX9fi42bH5/kD0QK9GguMonqTXqpzWO9gXqrK/DgRIyIgs8Qy/AC2j0NkAnXkIMlZFeBWfgof3IFHBOu70Ae2ig1SpjThn3fHGPqXhApXIIXnPiqvufbF460JEyQozy85Q545MB7wAI///QFH9udLGAhMjLgC5zOjqBM9+244RQW6PB7WWMKLWsV+G/OIvJOyMaZcOuDbmMfck5uThjXojllIGYKmp2IYYZGqmEft7PkWVeWDsjcsZEWcWogo+S/TniFKYUT5UenayR7wz5isiBIK7FofMWJqtgKea0Se/H51WfXxGCkuSHXvydoWEXesMZzyIIs9njDMESaatR5U/2h6zqQ+pg4Zge6D06z8Vr9ar/9hv5vaZ3UU3/jxlHcmH+2CWRCdphm4OQXk70L0p8mJnzVLW6rR1m/xVE5R6r8hAQA4/PNaI1PdzGdn3Uyrce9vPRVq7FIb1SQotR848loddK312HM+v20jO
I fixed the problem where subjects that have id’s in multiple sources cause an error in the UI.
2.3.0 UI patch #26.
These jiras are in the patch:
Same subject ID in multiple sources causes error:
https://bugs.internet2.edu/
jira/browse/GRP-1542
Subject API diagnostic does not show for admins but might show for non admins:
NOTE: everyone should install the patch for this part…
https://bugs.internet2.edu/
jira/browse/GRP-1545
Can be looping in CSRF when session dies:
https://bugs.internet2.edu/
jira/browse/GRP-1546
Do you still need the other functionality?
Do you not have a source that has all members once? i.e. is AD a superset of LDAP or viceversa? Can you make a process that collates all subjects into one place (union of all subjects)?
Yes, you can mark folders as allowed or not allowed. See the rule at the bottom of this wiki:
https://spaces.internet2.edu/
display/Grouper/Grouper+ external+subjects
Thanks
Chris
From: Stephen A Sazama [mailto:]
Sent: Wednesday, May 17, 2017 1:22 PM
To: Akki Kumar <>
Cc: Hyzer, Chris <>;
Subject: Re: [grouper-users] Re: Error - Found multiple matching subjects
Hi Chris,
I'll see if I can explain what we're trying to do. We have an LDAP source for all of our Grouper people subjects, and we are already provisioning a number of groups back to LDAP. We now want to provision some other groups into our Active Directory, so Akki added that as a source and the result is that we basically have 2 subjects for each person (one in LDAP source and one in AD source), since they are identified by a numeric ID number that is present in both LDAP and AD. That just makes it confusing for users when they go to add a group member and get 2 options that appear to be the same, so we want to figure out what is the best way for us to configure this.
- Do we want AD to be a second source, or can we configure it as something else since we only want to provision out to it? AD subjects wouldn't be needed if we can get it to recognize LDAP subject memberships by the ID and provision those to AD.
- Is there a way to mark groups such that they can only be assigned members from a given source? For example, we would want all groups to use the LDAP source by default, but mark a few to use the AD source so we can provision memberships back to AD.
I would think this scenario (one source of record, multiple LDAP/AD/Database sources to provision to) is fairly common. Please let us know if there are any existing examples we can take a look at.
Thanks!
Stephen
On Thu, May 11, 2017 at 2:39 PM, Akki Kumar <
> wrote: Hi Chris,
The Sources.xml file has two different source ids (ldap & ad). When I search for the user (Screenshot - a.jpg) in the Member Name or ID field, it spins and errors out (do not show the drop down). However, when I search for the user in the Search for an entity window (Screenshot - c.jpg), and it works. I am little baffled as to why the userid search work in the Search for an entity window and not for the Member Name or ID.
Is screenshot will fine? I have attached screenshots to below link:
Screenshots:
Both source ids, ldap & ad, points to a different directory access protocol.
Thanks,
Akki
On Thu, May 11, 2017 at 1:10 PM, Hyzer, Chris <> wrote:
So you have two sources, with different source ids, and you search for a user, and select the user in the drop down? Then after selecting they user you click add, and I gives an error?
As you know, its best not to have overlaps in subject sources… any chance you can get a normalized view of users in a database or something? However, this should work. If you type in the userid and click add, that wont work, but if you type in a userid, and select the user from the combobox, and click add, that should work. That associates it with a source id (or at least it should J )
Any chance you can make a quick video (e.g. on your phone) of the screen where you get the error and send it to me so I can see how this happens?
Thanks
Chris
From: Akki Kumar [mailto:]
Sent: Thursday, May 11, 2017 11:35 AM
To: Hyzer, Chris <>
Cc:
Subject: Error - Found multiple matching subjects
Hi Chris,
I installed Grouper 2.3.0 and created two source adapters, LDAP & AD, in sources.xml. Grouper threw below error when I search for a user (after clicking on the "Add members" button). I believe, it's trying to search for a user in both, LDAP & AD, and that is one of the reason it found multiple subjects.
Question:
- Is there a way for a grouper to suggest both LDAP& AD user (in the search), instead of throwing an error?
Note:
- Multiple_Results parameter is set to true
- All patches are applied to grouper api
- I set authentication sourceId to ldap
Error:
2017-05-11 11:11:39,932: [ajp-nio-8009-exec-2] ERROR GrouperUiRestServlet.doGet(
326) - - Problem calling reflection from URL: edu.internet2.middleware. grouper.grouperUi. serviceLogic.UiV2Group. addMemberFilter edu.internet2.middleware.
subject. SubjectNotUniqueException: found multiple matching subjects: 2, <USER_NAME>, Problem calling method addMemberFilter on edu.internet2.middleware.
grouper.grouperUi. serviceLogic.UiV2Group at edu.internet2.middleware.
grouper.subj. SourcesXmlResolver. thereCanOnlyBeOne( SourcesXmlResolver.java:492) at edu.internet2.middleware.
grouper.subj. SourcesXmlResolver. findByIdOrIdentifier( SourcesXmlResolver.java:527) at edu.internet2.middleware.
grouper.subj.CachingResolver. findByIdOrIdentifier( CachingResolver.java:377) at edu.internet2.middleware.
grouper.subj. ValidatingResolver. findByIdOrIdentifier( ValidatingResolver.java:203) at edu.internet2.middleware.
grouper.SubjectFinder. findByIdOrIdentifier( SubjectFinder.java:316) at edu.internet2.middleware.
grouper.grouperUi. serviceLogic.UiV2Group$1. lookup(UiV2Group.java:599) at edu.internet2.middleware.
grouper.grouperUi. serviceLogic.UiV2Group$1. lookup(UiV2Group.java:581) at edu.internet2.middleware.
grouper.grouperUi.beans.dojo. DojoComboLogic.logic( DojoComboLogic.java:118) at edu.internet2.middleware.
grouper.grouperUi. serviceLogic.UiV2Group. addMemberFilter(UiV2Group. java:581) at sun.reflect.
NativeMethodAccessorImpl. invoke0(Native Method) at sun.reflect.
NativeMethodAccessorImpl. invoke( NativeMethodAccessorImpl.java: 57) at sun.reflect.
DelegatingMethodAccessorImpl. invoke( DelegatingMethodAccessorImpl. java:43) at java.lang.reflect.Method.
invoke(Method.java:606) at edu.internet2.middleware.
grouper.util.GrouperUtil. invokeMethod(GrouperUtil.java: 4143) at edu.internet2.middleware.
grouper.util.GrouperUtil. callMethod(GrouperUtil.java: 4094) at edu.internet2.middleware.
grouper.j2ee. GrouperUiRestServlet.doGet( GrouperUiRestServlet.java:293) at javax.servlet.http.
HttpServlet.service( HttpServlet.java:635) at javax.servlet.http.
HttpServlet.service( HttpServlet.java:742) at org.apache.catalina.core.
ApplicationFilterChain. internalDoFilter( ApplicationFilterChain.java: 230) at org.apache.catalina.core.
ApplicationFilterChain. doFilter( ApplicationFilterChain.java: 165) at org.apache.tomcat.websocket.se
rver.WsFilter.doFilter( WsFilter.java:52) at org.apache.catalina.core.
ApplicationFilterChain. internalDoFilter( ApplicationFilterChain.java: 192) at org.apache.catalina.core.
ApplicationFilterChain. doFilter( ApplicationFilterChain.java: 165) at org.owasp.csrfguard.
CsrfGuardFilter.doFilter( CsrfGuardFilter.java:110) at org.apache.catalina.core.
ApplicationFilterChain. internalDoFilter( ApplicationFilterChain.java: 192) at org.apache.catalina.core.
ApplicationFilterChain. doFilter( ApplicationFilterChain.java: 165) at edu.internet2.middleware.
grouper.ui.GrouperUiFilter. doFilter(GrouperUiFilter.java: 1049) at org.apache.catalina.core.
ApplicationFilterChain. internalDoFilter( ApplicationFilterChain.java: 192) at org.apache.catalina.core.
ApplicationFilterChain. doFilter( ApplicationFilterChain.java: 165) at edu.yale.its.tp.cas.client.
filter.CASFilter.doFilter( CASFilter.java:209) at org.apache.catalina.core.
ApplicationFilterChain. internalDoFilter( ApplicationFilterChain.java: 192) at org.apache.catalina.core.
ApplicationFilterChain. doFilter( ApplicationFilterChain.java: 165) at uk.ac.bris.is.grouper.ui.
PreCASFilter.doFilter( PreCASFilter.java:128) at org.apache.catalina.core.
ApplicationFilterChain. internalDoFilter( ApplicationFilterChain.java: 192) at org.apache.catalina.core.
ApplicationFilterChain. doFilter( ApplicationFilterChain.java: 165) at org.apache.catalina.core.
StandardWrapperValve.invoke( StandardWrapperValve.java:198) at org.apache.catalina.core.
StandardContextValve.invoke( StandardContextValve.java:96) at org.apache.catalina.
authenticator. AuthenticatorBase.invoke( AuthenticatorBase.java:595) at org.apache.catalina.core.
StandardHostValve.invoke( StandardHostValve.java:140) at org.apache.catalina.valves.
ErrorReportValve.invoke( ErrorReportValve.java:80) at org.apache.catalina.valves.
AbstractAccessLogValve.invoke( AbstractAccessLogValve.java: 624) at org.apache.catalina.core.
StandardEngineValve.invoke( StandardEngineValve.java:87) at org.apache.catalina.connector.
CoyoteAdapter.service( CoyoteAdapter.java:341) at org.apache.coyote.ajp.
AjpProcessor.service( AjpProcessor.java:478) at org.apache.coyote.
AbstractProcessorLight. process( AbstractProcessorLight.java: 66) at org.apache.coyote.
AbstractProtocol$ ConnectionHandler.process( AbstractProtocol.java:798) at org.apache.tomcat.util.net.
NioEndpoint$SocketProcessor. doRun(NioEndpoint.java:1441) at org.apache.tomcat.util.net.
SocketProcessorBase.run( SocketProcessorBase.java:49) at java.util.concurrent.
ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1145) at java.util.concurrent.
ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:615) at org.apache.tomcat.util.
threads.TaskThread$ WrappingRunnable.run( TaskThread.java:61) at java.lang.Thread.run(Thread.
java:745)
Thank you,
Akki
- [grouper-users] Error - Found multiple matching subjects, Akki Kumar, 05/11/2017
- [grouper-users] RE: Error - Found multiple matching subjects, Hyzer, Chris, 05/11/2017
- [grouper-users] Re: Error - Found multiple matching subjects, Akki Kumar, 05/11/2017
- Re: [grouper-users] Re: Error - Found multiple matching subjects, Stephen A Sazama, 05/17/2017
- RE: [grouper-users] Re: Error - Found multiple matching subjects, Hyzer, Chris, 05/21/2017
- Re: [grouper-users] Re: Error - Found multiple matching subjects, Stephen A Sazama, 05/24/2017
- RE: [grouper-users] Re: Error - Found multiple matching subjects, Hyzer, Chris, 05/24/2017
- Re: [grouper-users] Re: Error - Found multiple matching subjects, Stephen A Sazama, 05/24/2017
- RE: [grouper-users] Re: Error - Found multiple matching subjects, Hyzer, Chris, 05/21/2017
- Re: [grouper-users] Re: Error - Found multiple matching subjects, Stephen A Sazama, 05/17/2017
- [grouper-users] Re: Error - Found multiple matching subjects, Akki Kumar, 05/11/2017
- [grouper-users] RE: Error - Found multiple matching subjects, Hyzer, Chris, 05/11/2017
Archive powered by MHonArc 2.6.19.