Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] plus signs in email addresses

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] plus signs in email addresses


Chronological Thread 
  • From: Ben Beecher <>
  • To: "Bee-Lindgren, Bert" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] plus signs in email addresses
  • Date: Fri, 16 Jun 2017 14:52:06 -0400
  • Ironport-phdr: 9a23:EqlIIROHiY7z5p/iGPIl6mtUPXoX/o7sNwtQ0KIMzox0I//yrarrMEGX3/hxlliBBdydsKMbzbWH+Pm7ACQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Y75+Nhe7oAHeusULj4ZuN7s6xwfUrHdPZ+lY335jK0iJnxb76Mew/Zpj/DpVtvk86cNOUrj0crohQ7BAAzsoL2465MvwtRneVgSP/WcTUn8XkhVTHQfI6gzxU4rrvSv7sup93zSaPdHzQLspVzmu87tnRRn1gyocKTU37H/YhdBxjKJDoRKuuRp/w5LPYIqIMPZyZ77Rcc8GSWZEWMtaSi5PDZ6mb4YXDeUBM+ZWoYf+qVUTsxWxGRKhC/nzxjJSnHL6wbE23uYnHArb3AIgBdUOsHHModjoKqgSV/2+wbTWwjrdc/xW2Sny6JLVeR0muv6DQ6x/ftbRyUYxDQPIlUmfqYvhPzOI0+QCqGmb4PB6We2xlmEnthh8rz6yzckijYnJg5gaylHC9Shh3IY6O8G3SE59Yd6jFJtQqj2aN4pxQsMkWGFkoiA6xaMauZKjcygK0pMnxwPHa/OZaYiE+AjsVP6JITtghnJlf6mwhwyv8Uim0e38Vte70FJOriZfiNnMq3YN2hrO4caEUvtw5lqt1SiM2gzJ6uxJJVo4mKjFJ5I7wrM8i4IfvVrfEiLygkn7j6+bel869uS15OnreLfrqoKaOoRpkA/xKL4ulda6AekgMggBQWyb+eOk2b3k4E35XK1KjucxkqbEtZDVP8UbpqqlDwNLyIos9wqwAy2639QfmXkHMVdFdwmGj4fzIV3BPu33Deqnj1Stljdk2ezGM6X8DpnTLXXPirfscLJn50Ne1gY/19BS649MBrEEOv3zW0vxtNLCDh8+Ngy52+bnB85j2o4RQm+AHqiZMKfPsV+N/e0vIvODaJULtzngNvgp/+TugmMhmV8BYamp2oMaaH+iHvRhPkWZeWTjgs0YHWcXpQoxUvbqiEaZXD5XZnayRL485iolBI68DIfDQJytj6Kb3Ce9AJJWen5KBkqSHnj1aoXXE8sLPWi4L8Iktj0CWbe7RollnTujrhOwg+5tI/DIvCcVuNfn1d556Pfekzk19CAyAM2B3mqNCWx4gzVbaSUx2fVVrEo14FqO2qh1mbQMH9Fe7PNESC8xMprByuZ7Apb/Vh+XLYTBc0qvXtjzWWJ5ddk22dJbJh8lQ9g=

Bert,

Eventually we will move to PSPNG but we are not able to do that yet. If you can modify PSP so that these email addresses are ignored with no error that would solve this problem for us.

target LDAP is OpenLdap

we use this base DN for groups
edu.internet2.middleware.psp.groupsBaseDn=ou=Groups,ou=Grouper,o=Columbia University,c=US
we use this base DN for subjects
edu.internet2.middleware.psp.peopleBaseDn=ou=People,o=Columbia University,c=US

object class is groupOfNames, here is a sample entry with one normal subject and one external subject

dn: cn=cu:app:maillist:sciencefictionmovieclub,ou=Groups,ou=Grouper,o=Columbia University,c=US
objectClass: groupOfNames
objectClass: top
cn: cu:app:maillist:sciencefictionmovieclub
member: uni=abc1234,ou=People,o=Columbia University,c=US
member: mail=

Ben

On Wed, Jun 14, 2017 at 10:11 AM, Bee-Lindgren, Bert <> wrote:

Ben,


We have external users who are identified by email address.

> ...

> 2) PSP gives an error


PSPNG might already be able to work with these subjects, and if it can't, will likely be addressed by our active work to escape DN-relevant characters. However, I'll need some more information about what PSP is doing for you:


a) What is the target LDAP server? (AD, OpenLdap/389ds/OpenDj, or something else)

b) What are your account/subject DN formats?

c) What group objectclass(es) are you maintaining? (Briefly) How do these subjects' email addresses play into the provisioning process?



This will allow an accurate of your non-question of PSPNG's support for these subjects.  It will also help scope what would have to change in PSP (if totally necessary).



Thanks,

  Bert




From: <> on behalf of Ben Beecher <>
Sent: Wednesday, June 14, 2017 9:58 AM
To:
Subject: [grouper-users] plus signs in email addresses
 
We have external users who are identified by email address. If the email address contains a plus sign we have two problems:

(1) The user interface gives "Error: cannot find subject" when we click on the external user. To fix this Grouper would need to URL encode the plus sign in the HREF link (change plus to %2B).

(2) PSP gives an error code 21 when it tries to write this group member to the LDAP database:

2017-06-09 13:47:00 ERROR PspChangeLogConsumer:504 - PSP Consumer 'psp' - An error occurred processing sequence number 300278513
edu.internet2.middleware.psp.PspException: SyncResponse[id=cu:app:maillist:slate-inbox,status=failure,error=customError,errorMessages={[LDAP: error code 21 - member: value #0 invalid per syntax]},requestID=2017/06/09-13:47:00.066,AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 21 - member: value #0 invalid per syntax]},requestID=2017/06/09-13:47:00.162]]
        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.executeSync(PspChangeLogConsumer.java:305)
        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processGroupAdd(PspChangeLogConsumer.java:665)
        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer$EventType$3.process(PspChangeLogConsumer.java:103)
        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processChangeLogEntry(PspChangeLogConsumer.java:572)
        at edu.internet2.middleware.psp.grouper.PspChangeLogConsumer.processChangeLogEntries(PspChangeLogConsumer.java:499)
        at edu.internet2.middleware.grouper.changeLog.ChangeLogHelper.processRecords(ChangeLogHelper.java:245)
        at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$4.runJob(GrouperLoaderType.java:652)
        at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:418)
        at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:318)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
2017-06-09 13:48:00 ERROR PspChangeLogConsumer:504 - PSP Consumer 'psp' - An error occurred processing sequence number 300278528
edu.internet2.middleware.psp.PspException: edu.internet2.middleware.psp.PspNoSuchIdentifierException: Psp 'psp' - Has reference from 'PSOIdentifier[id='cn=cu:app:maillist:slate-inbox,ou=Groups,ou=Grouper,o=Columbia University,c=US',targetID=ldap,containerID=<null>]' to 'Reference[toPsoID=PSOIdentifier[id='mail=',targetID=ldap,containerID=<null>],type=member]' SearchResponse[psos=0,status=failure,error=noSuchIdentifier,errorMessages={[LDAP: error code 32 - No Such Object]},requestID=2017/06/09-13:48:00.092]


Can these problems be fixed so that plus signs are handled correctly in the email address or do we need to remove these external users from our Grouper database?

Ben




Archive powered by MHonArc 2.6.19.

Top of Page