grouper-users - RE: [grouper-users] PSPNG creates group in AD with random samaccountname

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] PSPNG creates group in AD with random samaccountname

From: "Sawyer, Mona Zarei" <>
To: "" <>
Cc: "Coleman, Erik C" <>, "" <>
Subject: RE: [grouper-users] PSPNG creates group in AD with random samaccountname
Date: Mon, 23 Oct 2017 16:05:33 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is ) ;
Ironport-phdr: 9a23:+qbrlxFJKhWb559NHBrN7Z1GYnF86YWxBRYc798ds5kLTJ7yoMqwAkXT6L1XgUPTWs2DsrQf2rqQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOT4n/m/Klsx+gqFVoByjqBx+34Hbb5qYNOBicq/BZ94WWXZNU8RXWidcAo28dYwPD+8ZMOpWsofyvVUPrBugCgm2HO/k1zhGhnjw3aIgzu8uEhvJ3BY+ENIPvnjfsdL4NKIVUeCz1qbJzC7Ob/ZX2Tjn7YjIcwotru+RUrJtaMfcz1QkGQ3CjlWVs4PlPjWV2/wCs2ic6OpgWuavhHA9pw5tpTivw98gipXJhoIP1F/L7zh2zJwvJd2lTk53edGkEIFXtyGHL4t6WMUiTHttuCkk0rEGvoO7fDQOyJQgwB7faOaLfJSP4hLmTOqRJTB4hH1qeL2hnRa+61avxfDhVsSyzV1ErTJFn8HSun8XyxDf982KRuZg8ku83DuP2Q/e5v1YLU0xm6rUNZEsz741m5cWs0nPAjH6lF3rgKOIckgo4PWk5ub6brn8uJOROIt5hhvjPqkhhMCyB/kzPBIUUGiB4+u80aXu/U3nT7VOif07irHXvYzdK8gHuKK1GhFY3YQ+5xqmCDepy8oXkWMALFJYZBKIlI/pO0zIIP/lF/u/m06skDB3x//YIrLhHpTNLn/FkLv7erZ99lJcyA40zdBY5JJYEK0OIPX2WkPptdzYCAE2MxCszur5Etpxyp4SVGeSDqOELa/ftFGI6+0zL+WQYYIVtijyJvcl6vPriHI0m0MRcbex0ZsScn+4H/BmI0uDYXrrh9cMCWIKvg04TOPwiVyPSjtTZ3eoUKI55zE3EpypApreRoy1mryOwD+7HoFKZmBBEl2MHm3od4KZW/cUdi2SONZtkiEfVbe/UY8hzgqjtAv7y7p8MurU4TMUuYji1Nhz++3ciwsy9TpqAMSBzW2BVX97kX4VR2x+4Kcq605gzlaE+a5pnrpVGcEZr6dLTwM7Mrba3vE8BtzvDFHvZNCMHRydS8q3DCt1Bvc2xdZGUU9nFtToxkTG2CyjEZcQlrWOBdo5/r+KjCu5HNp013uTjPpptFIhWMYabWA=
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

I tried the following two configurations, and got the same error. I don’t have access to the AD logs but i have the grouper logging in the Debug level, please see the full log below.

groupCreationLdifTemplate = dn:cn=${ grouperUtil.extensionFromName(group.name) } ||objectclass: group ||samAccountName:${ grouperUtil.extensionFromName(group.name) }

changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn:cn=${ grouperUtil.extensionFromName(group.name) } ||objectclass: group ||samAccountName: ${group.name}

log:

2017-10-23 12:00:11,260: [pspng_activedirectory-FullSync-Thread] DEBUG Provisioner.evaluateJexlExpression(538) - - Evaluated Jexl _expression_: true FROM ${utils.containedWithin(provisionerName, stemAttributes['etc:pspng:provision_to'], groupAttributes['etc:pspng:provision_to']) && !utils.containedWithin(provisionerName, stemAttributes['etc:pspng:do_not_provision_to'], groupAttributes['etc:pspng:do_not_provision_to'])} WITH variables {idIndex=10183, userSearchBaseDn=CN=Users,DC=cgcent,DC=miami,DC=edu, groupAttributes={etc:pspng:provision_to=[pspng_activedirectory]}, groupCreationBaseDn=CN=Users,DC=cgcent,DC=miami,DC=edu, stemAttributes={}, utils=edu.internet2.middleware.grouper.pspng.PspJexlUtils@109ed497, groupSearchBaseDn=CN=Users,DC=cgcent,DC=miami,DC=edu, name=UM_External_Groups:testsamacc, provisionerName=pspng_activedirectory, group=Group[name=UM_External_Groups:testsamacc,uuid=48c65309d6934eaca8143a2dbf97a436], provisionerType=LdapGroupProvisioner}

2017-10-23 12:00:11,260: [pspng_activedirectory-FullSync-Thread] DEBUG Provisioner.shouldGroupBeProvisioned(1318) - - pspng_activedirectory: Group UM_External_Groups:testsamacc matches group-selection filter.

2017-10-23 12:00:11,260: [pspng_activedirectory-FullSync-Thread] INFO LdapGroupProvisioner.createGroup(299) - - Creating LDAP group for GrouperGroup: UM_External_Groups:testsamacc

2017-10-23 12:00:11,296: [pspng_activedirectory-FullSync-Thread] DEBUG Provisioner.evaluateJexlExpression(538) - - Evaluated Jexl _expression_: testsamacc FROM ${ grouperUtil.extensionFromName(group.name) } WITH variables {idIndex=10183, userSearchBaseDn=CN=Users,DC=cgcent,DC=miami,DC=edu, groupAttributes={etc:pspng:provision_to=[pspng_activedirectory]}, groupCreationBaseDn=CN=Users,DC=cgcent,DC=miami,DC=edu, stemAttributes={}, utils=edu.internet2.middleware.grouper.pspng.PspJexlUtils@773d27c1, groupSearchBaseDn=CN=Users,DC=cgcent,DC=miami,DC=edu, name=UM_External_Groups:testsamacc, provisionerName=pspng_activedirectory, group=Group[name=UM_External_Groups:testsamacc,uuid=48c65309d6934eaca8143a2dbf97a436], provisionerType=LdapGroupProvisioner}

2017-10-23 12:00:11,305: [pspng_activedirectory-FullSync-Thread] DEBUG LdapGroupProvisioner.createGroup(329) - - pspng_activedirectory: LDIF for new group (with partial DN): dn:cn=testsamacc ||objectclass: group ||samAccountName:testsamacc

2017-10-23 12:00:11,306: [pspng_activedirectory-FullSync-Thread] DEBUG LdapGroupProvisioner.createGroup(338) - - pspng_activedirectory: Adding group: [dn=cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu[[samAccountName[testsamacc]], [objectclass[group ]]]]

2017-10-23 12:00:11,306: [pspng_activedirectory-FullSync-Thread] INFO LdapProvisioner.performLdapAdd(722) - - pspng_activedirectory: Creating LDAP object: cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu

2017-10-23 12:00:11,306: [pspng_activedirectory-FullSync-Thread] INFO LdapSystem.performLdapAdd(329) - - umldap: Creating LDAP object: cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu

2017-10-23 12:00:11,309: [pspng_activedirectory-FullSync-Thread] ERROR LdapSystem.performLdapAdd(337) - - Problem while creating new ldap object: [dn=cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu[[samAccountName[testsamacc]], [objectclass[group ]]]]

[org.ldaptive.LdapException@1341992207::resultCode=NO_SUCH_ATTRIBUTE, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090DB1, comment: Error in attribute conversion operation, data 0, v2580 ]; remaining name 'cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu', providerException=javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090DB1, comment: Error in attribute conversion operation, data 0, v2580 ]; remaining name 'cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu']

at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)

at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)

at org.ldaptive.provider.jndi.JndiConnection.add(JndiConnection.java:326)

at edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapAdd(LdapSystem.java:335)

at edu.internet2.middleware.grouper.pspng.LdapProvisioner.performLdapAdd(LdapProvisioner.java:725)

at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:340)

at edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:47)

at edu.internet2.middleware.grouper.pspng.Provisioner.prepareGroupCache(Provisioner.java:749)

at edu.internet2.middleware.grouper.pspng.Provisioner.startProvisioningBatch(Provisioner.java:475)

at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.processGroup(FullSyncProvisioner.java:598)

at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner.thread_manageFullSyncProcessing(FullSyncProvisioner.java:256)

at edu.internet2.middleware.grouper.pspng.FullSyncProvisioner$1.run(FullSyncProvisioner.java:188)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090DB1, comment: Error in attribute conversion operation, data 0, v2580 ]; remaining name 'cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu'

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3110)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3035)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2841)

at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:812)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)

at org.ldaptive.provider.jndi.JndiConnection.add(JndiConnection.java:315)

... 10 more

2017-10-23 12:00:11,310: [pspng_activedirectory-FullSync-Thread] ERROR LdapGroupProvisioner.createGroup(346) - - Problem while creating new group: dn:cn=testsamacc

objectclass: group

samAccountName:testsamacc

edu.internet2.middleware.grouper.pspng.PspException: LDAP problem creating object: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090DB1, comment: Error in attribute conversion operation, data 0, v2580 ]; remaining name 'cn=testsamacc ,CN=Users,DC=cgcent,DC=miami,DC=edu'

at edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapAdd(LdapSystem.java:338)