Grouper Users - Open Discussion List

[Julio Macavilca <>]

Hi Mona,

What Erik mentioned is correct, we set samAccountName in groupCreationLdifTemplate.  What do you have in your grouper-loader config for groupCreationLdifTemplate?  Also, if you have access to AD, what does the connection transactions logs say as grouper tries to provision?  Lastly, I would turn up pspng logging to debug while testing, add the following to your log4j.properties:

log4j.logger.edu.internet2.middleware.grouper.pspng=DEBUG

log4j.logger.edu.internet2.middleware.grouper.changeLog=DEBUG

thanks,

Julio

On Mon, Oct 23, 2017 at 11:34 AM, Sawyer, Mona Zarei <> wrote:

I tried to add the samaccountname to the configuration but I get an attribute conversion error. Please see below.

Any ideas how we can fix this issue?

 

2017-10-23 11:26:35,884: [pspng_activedirectory-FullSync-Thread] ERROR LdapGroupProvisioner.createGroup(346) -  - Problem while creating new group: dn:cn=testsamacc

objectclass: group

 samAccountName:cn=testsamacc

edu.internet2.middleware.grouper.pspng.PspException: LDAP problem creating object: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090DB1, comment: Error in attribute conversion operation, data 0, v2580 ]; remaining name 'cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu'

                at edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapAdd(LdapSystem.java:338)

                at edu.internet2.middleware.grouper.pspng.LdapProvisioner.performLdapAdd(LdapProvisioner.java:725)

                at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:340)

                at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:47)

                at edu.internet2.middleware.grouper.pspng.Provisioner.prepareGroupCache(Provisioner.java:749)

                at edu.internet2.middleware.grouper.pspng.Provisioner.startProvisioningBatch(Provisioner.java:475)

                at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.processGroup(FullSyncProvisioner.java:598)

                at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.thread_manageFullSyncProcessing(FullSyncProvisioner.java:256)

                at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner$1.run(FullSyncProvisioner.java:188)

                at java.lang.Thread.run(Thread.java:745)

2017-10-23 11:26:35,885: [pspng_activedirectory-FullSync-Thread] ERROR FullSyncProvisioner.processGroup(609) -  - pspng_activedirectory-FullSync: Problem doing full sync. Requeuing group UM_External_Groups:testsamacc

edu.internet2.middleware.grouper.pspng.PspException: LDAP problem creating object: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090DB1, comment: Error in attribute conversion operation, data 0, v2580 ]; remaining name 'cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu'

                at edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapAdd(LdapSystem.java:338)

                at edu.internet2.middleware.grouper.pspng.LdapProvisioner.performLdapAdd(LdapProvisioner.java:725)

                at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:340)

                at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:47)

                at edu.internet2.middleware.grouper.pspng.Provisioner.prepareGroupCache(Provisioner.java:749)

                at edu.internet2.middleware.grouper.pspng.Provisioner.startProvisioningBatch(Provisioner.java:475)

                at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.processGroup(FullSyncProvisioner.java:598)

                at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.thread_manageFullSyncProcessing(FullSyncProvisioner.java:256)

                at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner$1.run(FullSyncProvisioner.java:188)

                at java.lang.Thread.run(Thread.java:745)

 

Thank you so much,

Best Reagrds,

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology | University of Miami

1320 S. Dixie Hwy | Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."

 

From: [mailto:] On Behalf Of Coleman, Erik C
Sent: Friday, October 20, 2017 3:23 PM
To:
Subject: RE: [grouper-users] PSPNG creates group in AD with random samaccountname

 

We are seeing the same issue, and it is on our list of things to track down, just hasn’t bubbled up to the top yet. We are using PSP-NG to sync to Active Directory.  It looks like you can possibly set samAccountName explicitly using the “groupCreationLdifTemplate” property of the connector, perhaps by just appending:  “||samAccountName: ${group.name}”

 

Has anyone else successfully done this?

 

Thanks!

 

-Erik

 

 

--

Erik Coleman

Senior Manager, Enterprise Systems

Technology Services at Illinois

University of Illinois at Urbana-Champaign

 

 

 

From: [] On Behalf Of Sawyer, Mona Zarei
Sent: Friday, October 20, 2017 11:05
To:
Subject: [grouper-users] PSPNG creates group in AD with random samaccountname

 

Hello,

 

We are having PSPNG working to provision new groups into AD. The groups get created in AD with the same name as the group name in grouper, However, the samaccountname is a random character.

(groups name : “TestGroup”; group samaccountname : “$CK8Q00-M7J9243J15RK”)

For consistency, we need to have the group’s samaccountname the same as the name in AD.

Please kindly let me know how we can fix this.

 

Thank you so much.

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology

University of Miami

1320 S. Dixie Hwy

Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."