grouper-users - [grouper-users] Pb with pspng and AD
Subject: Grouper Users - Open Discussion List
List archive
- From: DEMAN Arnaud <>
- To:
- Subject: [grouper-users] Pb with pspng and AD
- Date: Wed, 25 Oct 2017 10:04:04 +0200 (CEST)
- Ironport-phdr: 9a23:IbGvLxTlJ0B5yCPKu4W4zlKv4Npsv+yvbD5Q0YIujvd0So/mwa6ybRWN2/xhgRfzUJnB7Loc0qyN4vCmATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSijewZbB/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4qF2QxHqlSgHLSY0/m/XhMJuj6xVvR2uqAB+w4DTfIGYL+Bxcr/Bct4AX2dNQsRcWipcCY28dYsPCO8BMP5WoYfyoFUDsQOwDhSwCeP1zD9HnGL20rAn2OkmCw7GxgogEMgTsHvJttn6KbkdUeWvw6nO1jjDcvVW2Tbj6ITRbhAhpfeMUah+ccrL0EQiER7OgFuXqYzgJTyV1+INvnCU7+p6UuKvlnYnpB9rojS13MgskpHJipoXylDD7ip52ps1JdujSE57f9GkFJ9QuzuAN4trRMMvRXxjtiUiyrAepJK2eCcHxI45yxPfZPGLaZaE7x3+WOqLLzp0mmppdK+7ihu960Ss1O3xW8au3FpUoSdJjMPAum0V2xDO7sWKReFx8lmh1DuAzQzf9O5JLV0umafVN5IsxKM7mIAJvkTZBCD2nV37jK+IeUUg/eil8//nYrD6pp+EMI90lx3+ProylsClGeQ3KBIOX3SB9uSzyrLv51f5T6tMjvIsjqnWroraKd4Vpq6jGwNV04Aj5AijDzq+zdgVmXYKIEhbdB+HgIXlIU/CLf/lAfuljVmgji9nx/XcMb3gBpXNIGLDkLDkfbtl8UFc0gwzwspC551JEL0OPez8Wkrru9zeFRI5Lgq0w+f5CNlkyoMeXWSPDrWXMKPIqVOI/P4gI/GQZI8JvzbwM/cl5+TpjX8kgV8SY7Op0YIKaHCjAPtmOV6ZbGHogtcACmcKohE+QPLwhF2DVz5Te2i9X7g65j4lFIKqE53PSZ6wj7ycj2+HGchZfGdbEl2WVGrzep+fc/YKdC+IJMJ9yHoJWaXyZZUm0ESCmSrT7fJONOzd5yFQ4Zv50tFo66vfmBQ78xRpCcWDln2JSSd6hDVbFHcNwKljrBklmR+42q9ijqkAGA==
Hello,
I am trying to provison an Active Directory from our grouper instance with pspng (version 2_3_0).
It is working for some groups but for some others I have an exception because pspng try to add a member already registered in the AD group.
I think I have made an error in the configuration but I can't find it...
This is the configuration in grouper-loader.properties :
changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_activedirectory.ldapPoolName = pspng_activedirectory
changeLog.consumer.pspng_activedirectory.isActiveDirectory = true
changeLog.consumer.pspng_activedirectory.grouperIsAuthoritative = true
changeLog.consumer.pspng_activedirectory.memberAttributeName = member
changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}
changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Groupes,dc=campus,dc=local
changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group
changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = cn=${group.name.replaceAll(":","_")}
changeLog.consumer.pspng_activedirectory.groupSearchAttributes= cn,objectclass
changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn:cn=${group.name.replaceAll(":","_")}||cn:${group.name.replaceAll(":","_")}||displayName:${group.description}||sAMAccountName:${group.name.replaceAll(":","_")}||description:${group.description}||objectclass: group||objectclass: mailRecipient
changeLog.consumer.pspng_activedirectory.userSearchBaseDn =dc=campus,dc=local
changeLog.consumer.pspng_activedirectory.userSearchFilter =sAMAccountName=${subject.id}
changeLog.consumer.pspng_activedirectory.groupSelectionExpression = ${!utils.containedWithin(provisionerName,stemAttributes['univ:grp:sys:pspng:do_not_provision_to'],groupAttributes['u\
niv:grp:sys:pspng:do_not_provision_to'])}
changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_activedirectory.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_activedirectory.ldapPoolName = pspng_activedirectory
changeLog.consumer.pspng_activedirectory.isActiveDirectory = true
changeLog.consumer.pspng_activedirectory.grouperIsAuthoritative = true
changeLog.consumer.pspng_activedirectory.memberAttributeName = member
changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}
changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Groupes,dc=campus,dc=local
changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group
changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = cn=${group.name.replaceAll(":","_")}
changeLog.consumer.pspng_activedirectory.groupSearchAttributes= cn,objectclass
changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn:cn=${group.name.replaceAll(":","_")}||cn:${group.name.replaceAll(":","_")}||displayName:${group.description}||sAMAccountName:${group.name.replaceAll(":","_")}||description:${group.description}||objectclass: group||objectclass: mailRecipient
changeLog.consumer.pspng_activedirectory.userSearchBaseDn =dc=campus,dc=local
changeLog.consumer.pspng_activedirectory.userSearchFilter =sAMAccountName=${subject.id}
changeLog.consumer.pspng_activedirectory.groupSelectionExpression = ${!utils.containedWithin(provisionerName,stemAttributes['univ:grp:sys:pspng:do_not_provision_to'],groupAttributes['u\
niv:grp:sys:pspng:do_not_provision_to'])}
And the exception where pspng try to add the user bczap224 in the group univ_instit_format_090_s3sap_s3sem3-601_etud which is already in the group in the Active Directory :
2017-10-25 09:47:02,080: [DefaultQuartzScheduler_Worker-6] ERROR edu.internet2.middleware.grouper.pspng.LdapProvisioner.finishProvisioningBatch(307) - - Simple ldap provisioning failed for ProvisioningWorkItem[clog=clog #4268 / ChangeLog type: membership: addMembership,group=univ:instit:format:090:S3SAP:S3SEM3-601_etud,subject=bczap224@ldap]
edu.internet2.middleware.grouper.pspng.PspException: LDAP Provisioning failed: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000562: UpdErr: DSID-031A1261, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'cn=univ_instit_format_090_s3sap_s3sem3-601_etud,ou=groupes,dc=campus,dc=local'
at edu.internet2.middleware.grouper.pspng.LdapProvisioner.makeIndividualLdapChanges(LdapProvisioner.java:600)
at edu.internet2.middleware.grouper.pspng.LdapProvisioner.finishProvisioningBatch(LdapProvisioner.java:304)
at edu.internet2.middleware.grouper.pspng.Provisioner.provisionBatchOfItems(Provisioner.java:1379)
at edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim.processChangeLogEntries(PspChangelogConsumerShim.java:71)
at edu.internet2.middleware.grouper.changeLog.ChangeLogHelper.processRecords(ChangeLogHelper.java:242)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$4.runJob(GrouperLoaderType.java:629)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:416)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:318)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
edu.internet2.middleware.grouper.pspng.PspException: LDAP Provisioning failed: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000562: UpdErr: DSID-031A1261, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'cn=univ_instit_format_090_s3sap_s3sem3-601_etud,ou=groupes,dc=campus,dc=local'
at edu.internet2.middleware.grouper.pspng.LdapProvisioner.makeIndividualLdapChanges(LdapProvisioner.java:600)
at edu.internet2.middleware.grouper.pspng.LdapProvisioner.finishProvisioningBatch(LdapProvisioner.java:304)
at edu.internet2.middleware.grouper.pspng.Provisioner.provisionBatchOfItems(Provisioner.java:1379)
at edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim.processChangeLogEntries(PspChangelogConsumerShim.java:71)
at edu.internet2.middleware.grouper.changeLog.ChangeLogHelper.processRecords(ChangeLogHelper.java:242)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$4.runJob(GrouperLoaderType.java:629)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:416)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:318)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Thanks for your help,
regards,
Arnaud.
--
Arnaud Deman
Tél. 04 94 14 67 59
DSIUN - Université de Toulon
CS 60584 - 83041 TOULON CEDEX 9
Tél. 04 94 14 67 59
DSIUN - Université de Toulon
CS 60584 - 83041 TOULON CEDEX 9
- [grouper-users] Pb with pspng and AD, DEMAN Arnaud, 10/25/2017
Archive powered by MHonArc 2.6.19.