Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: PSPNG issues

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: PSPNG issues


Chronological Thread 
  • From: Dave Churchley <>
  • To: Grouper-Users <>
  • Subject: [grouper-users] RE: PSPNG issues
  • Date: Tue, 25 Jul 2017 16:13:10 +0000
  • Accept-language: en-GB, en-US
  • Authentication-results: mailhub-mx4.ncl.ac.uk; spf=pass smtp.mailfrom=newcastle.ac.uk
  • Ironport-phdr: 9a23:b7FRfhNAhS9wcrzl40Ul6mtUPXoX/o7sNwtQ0KIMzox0I/7+rarrMEGX3/hxlliBBdydsKMUzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFLiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkHKTA37X3XhMJyg6JavB2uqBJ/zpXRYI2JKPZzZL/Rcc8ESWdHQ81fVzZBAoS5b4YXAeQOJ/hYoJfgrFYQrRu+GBOsC//vyj9MmHD33bAx3uMvHw7cwgwvAcgCvWrUrNXoLqcdTeC1zK3WwjTDdP5W3yny6YbUfR87uvGMQbZwftTLxUY1CwzJlEiQqY/8Mj6Ty+8DvW+b7+96WuKujW4qswBxoj6zxsgykInJgJwaykza+Slj3ok6OMC4RUhmatCnCJtdrzyWO5V1T884XW1ltzo2xqcYtZO1cyUG0pcqyhHHZ/CabYSF4QjvWPieLDtknn5pZqyzihao/UWiy+DwTse030hJoyZZl9TBs34A2wDc58SbT/Zy5Eas1iyB1w3W8O5EL104mrfeJpMuwLM/jIccvELeFSHsgkr2lrWZdkA89+io9evnZrLmq4eZN4BuiwH+NqQumtGkDughNwgPUGeW9f661LL/+U31Wq9FgeEsnqnEs5DWPcUbpqinDA9Jyosv9gizAjS83NgGknQLMEhJdAyJgoXmIV3DI//1Ae+6g1u2kTdrw/7GPqfmApXINnXNnq3ufahj5EJG1gczzc1f54hIBbEBJPL8RE/wucfeDhAnPQ273/zoCM5h1oMaR22DGLWWP7/IvV+V5eIjO/OMa5MNuDbhN/gl4ObjjXAjmV8aYKmpxYUYaGqhEvR7OEWWf2DsgswaHGcOvwo+V/DqiEacXTJJZnayWb486S8hCIKgE4jDWp6hjKaf0yimA50FLlxBX3+WFmrwep/BZuwBcjnadsB7lSEcWKLkVpQszwqGtQnmxqBhI/aOvCAUqMSw+sJy4rj/nA8/vRd0Et6W02WAXikgsmoWSnkd3L1lqkx5x0ar16VniPVDCdheofpCFBo5Y82Ph9dmAsz/D1qSNuyCT0yrF42r
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Good afternoon

I see that Bert has released a patch for issue
https://bugs.internet2.edu/jira/browse/GRP-1533

I've installed the patch but I'm still seeing the same issue (with + and ,
for example).

I suspect that I need to do something with utils.escapeLdapRdn(string) in
grouper-loader.properties. I've tried various things but haven't been able to
work it out yet. Any advice, please?

I've attached the relevant part of grouper-loader.properties.

Thanks
Dave

>-----Original Message-----
>From:
>
> [
>]
> On Behalf Of Dave Churchley
>Sent: 19 July 2017 14:43
>To: Grouper-Users
><>
>Subject: [grouper-users] RE: PSPNG issues
>
>Just to add to number 1 below, it seems that PSPNG also struggles with plus
>signs, parentheses and spaces in group names. This could be related to
>https://bugs.internet2.edu/jira/browse/GRP-1533?
>
>Thanks
>Dave
>
>>-----Original Message-----
>>From:
>>
>> [
>>]
>> On Behalf Of Dave Churchley
>>Sent: 18 July 2017 16:56
>>To: Grouper-Users
>><>
>>Subject: [grouper-users] PSPNG issues
>>
>>Hi
>>
>>I'm currently testing PSPNG provisioning to a test AD. So far, I really
>>like what
>I
>>see but I've now run into a couple of snags.
>>
>>1. I get an error when the Grouper group name has multiple consecutive
>>asterisks, eg LIBR_Auto_CEG****. The old PSP service could handle this
>group
>>name. I've attached the an extract from grouper_error.log to show the
>error.
>>
>>2. Related to the above, when the full sync can't provision a group, it
>>appears
>>to get stuck and retry ever second. This means that it will never complete.
>>I
>>think it would be preferable to write a nice error and then skip that group.
>>
>>I'm not sure if these are real issues or if I'm doing something wrong, so
>>any
>>advice would be appreciated! Also, is there a gsh command to force PSPNG
>to
>>sync a specific group? Similar to the old PSP?
>>
>>Thanks
>>Dave
>>
>>Dave Churchley
>>Newcastle University
changeLog.consumer.pspng_activedirectory.class =
edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_activedirectory.type =
edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_activedirectory.ldapPoolName = active_directory
changeLog.consumer.pspng_activedirectory.isActiveDirectory = true
changeLog.consumer.pspng_activedirectory.memberAttributeName = member
changeLog.consumer.pspng_activedirectory.groupSearchBaseDn =
OU=GrouperGroupsTest,OU=Campus Administration,DC=campus,DC=ncl,DC=ac,DC=uk
changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter =
objectclass=group
#changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter =
(&(objectclass=group)(cn=${group.name}))
changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter =
(&(objectclass=group)(cn=${grouperUtil.extensionFromName(name)}))
#changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn:
${utils.bushyDn(group.name,"cn","ou")}||cn: ${group.name}||objectclass: group
changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn:
${utils.bushyDn(group.name,"cn","ou")}||cn:
${grouperUtil.extensionFromName(name)}||objectclass: group||samaccountname:
${grouperUtil.extensionFromName(name)}||description:
${grouperUtil.extensionFromName(name)} ${group.description}
changeLog.consumer.pspng_activedirectory.userSearchBaseDn = OU=Campus
Users,DC=campus,DC=ncl,DC=ac,DC=uk
changeLog.consumer.pspng_activedirectory.userSearchFilter =
samAccountName=${subject.id}
changeLog.consumer.pspng_activedirectory.userSearchAttributes =
cn,distinguishedName,uid,uidNumber,mail,samAccountName,objectclass
#changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat =
${ldapUser.getDn()}
changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat =
${ldapUser.dn}
changeLog.consumer.pspng_activedirectory.groupAttributeName = memberOf
#Do not delete groups from AD when they become empty in Grouper
changeLog.consumer.pspng_activedirectory.grouperIsAuthoritative = false
#Provision empty groups
changeLog.consumer.pspng_activedirectory.supportsEmptyGroups = true


Archive powered by MHonArc 2.6.19.

Top of Page