Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Initial teething problems with PSPNG

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Initial teething problems with PSPNG


Chronological Thread 
  • From: Mark Cairney <>
  • To: "" <>
  • Subject: [grouper-users] Initial teething problems with PSPNG
  • Date: Wed, 6 Dec 2017 11:55:53 +0000
  • Ironport-phdr: 9a23:dWsSyhJPzEVubvVncdmcpTZWNBhigK39O0sv0rFitYgeLfXxwZ3uMQTl6Ol3ixeRBMOAuqIC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9ZDeZwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QrcoVDms7apmRgbkhDsIOjUk9G3aitB8gKddrRm8pRJw3pTUbZmLOvR+Y63Tft0USmROUclNWCJMGZ+8YokVAuYdIepVoYvwql0TphW+HwmsA+bvxydPiHDsx6060PkqHB/c0wwhBdIOtmrbrdXoP6oVVu661rPIzTbZY/5Iwzj96ZLIchY/rvCMRr9/b9fexVM1GAzZlFmQtI/lMiqT2+8QvWab6O9gWviui24hswxxrSKvxsAxionRmI0V0ErI+j9hwIYtPdG4Skl7bsW+EJtNsSGaLIt2Td0mQ2Fsoio60KAGuZi9cSMXy5on3wbSZ+GZf4WM+B7vSvudLDdiiH54eb+znQu+/VS4xuHhSMW51ExGojRYntTMrHwByRPe58adRvZ/4Eus3yuE2RrJ5eFeO080kLLWK54/zb40kZoeqUDDHij3mEXskqCabEQk+vOy5+v5f7rqvIWTOJNuhgHjMaQigs2/AeImPQgSR2WX5Pqw2bn58UHnXblHjuc6nrTYvZzAOMgXura1AwpP3YYi7xa/AS2m0NMdnXQfK1xKYgiHj4vzN1zQOv/4DO2/g1KynzZr3P3JIKDuDo/XIXffirvhYLV951ZGyAUv1dBf+45UCrYZLfL8QE/xs8HYDgcnPAyu2urnFc592Z0EWWKUGaKZNKLSsUSU5uI0PeWAfo4VuDDhK/c7/f7ui2E2mUMDcaWzw5QYdW24TbxaJBDTbmDrn88MCyIXpQckV8TrjkGPSzheeyz0Uq4hrHlvB5ihEJ/OXMWwm7Gbxw+6GIFbfGZLFgrKHHv1IdaqQfAJPQebOMwpuTUFT76sWsd18Bi0t0nRwrt9KOfF0iAU85voksV2sb6A3Sou/CB5WpzOm1qGSHt5yz5QSg==
Hi,

After my rather hasty email yesterday I've made a little bit of progress
and now have PSPNG connecting to LDAP. It's currently failign to
add/modify groups due to lack of members:

2017-12-06 11:34:00,182: [DefaultQuartzScheduler_Worker-3] ERROR
GrouperLoaderJob.runJob(485) - - Error on job:
CHANGE_LOG_consumer_pspng_cauth
java.lang.RuntimeException: Error in loader job: null, check logs:
Error: java.lang.RuntimeException: No entries provisioned. Batch-Start
failed: LDAP problem creating object: LDAPException(resultCode=65
(object class violation), errorMessage='object class 'groupOfNames'
requires attribute 'member'', diagnosticMessage='object class
'groupOfNames' requires attribute 'member'')
at
edu.internet2.middleware.grouper.pspng.Provisioner.provisionBatchOfItems(Provisioner.java:1020)
at
edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim.processChangeLogEntries(PspChangelogConsumerShim.java:71)
at
edu.internet2.middleware.grouper.changeLog.ChangeLogHelper.processRecords(ChangeLogHelper.java:245)
at
edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$5.runJob(GrouperLoaderType.java:720)
at
edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:465)
at
edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:345)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: edu.internet2.middleware.grouper.pspng.PspException: LDAP
problem creating object: LDAPException(resultCode=65 (object class
violation), errorMessage='object class 'groupOfNames' requires attribute
'member'', diagnosticMessage='object class 'groupOfNames' requires
attribute 'member'')
at
edu.internet2.middleware.grouper.pspng.LdapProvisioner.performLdapAdd(LdapProvisioner.java:254)
at
edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:226)
at
edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner.createGroup(LdapGroupProvisioner.java:54)
at
edu.internet2.middleware.grouper.pspng.Provisioner.prepareGroupCache(Provisioner.java:581)
at
edu.internet2.middleware.grouper.pspng.Provisioner.startProvisioningBatch(Provisioner.java:356)
at
edu.internet2.middleware.grouper.pspng.Provisioner.provisionBatchOfItems(Provisioner.java:1015)
... 7 more



And on the LDAP side the error is:

dn="cn=adhoc:MCTest:Mark 1,cn=Mark
1,ou=MCTest,ou=adhoc,ou=grouper2,dc=authorise-dev,dc=ed,dc=ac,dc=uk"
Dec 6 11:45:00 bonsai slapd[34260]: Entry (cn=adhoc:MCTest:Mark
1,cn=Mark
1,ou=MCTest,ou=adhoc,ou=grouper2,dc=authorise-dev,dc=ed,dc=ac,dc=uk):
object class 'groupOfNames' requires attribute 'member'


1. As provisioned by PSP the DN of the group is:
cn=Mark
1,ou=MCTest,ou=adhoc,ou=grouper2,dc=authorise-dev,dc=ed,dc=ac,dc=uk" so
this should actually be a modify rather than an add.

My PSPNG currently contains the line:
dn: cn=${group.name},${utils.bushyDn(group.name, "cn", "ou")}||cn:
${group.name}||objectclass: posixGroup||objectclass:
groupOfNames||gidNumber: ${group.idIndex}

How should this be modified to replicate the previous behaviour for the DN?

2. I've got the following in my grouper-loader.properties:
changeLog.consumer.pspng_cauth.memberAttributeName = member
changeLog.consumer.pspng_cauth.memberAttributeValueFormat =
${ldapUser.getDn()}

However I don't see any attempts at looking up users in LDAP, only the
group. Also is there a way to define a "placeholder" member for empty
groups? How does PSPNG resolve grouper members with LDAP/AD users?

Sorry for all the questions- I'm sure there will be more though once I
get over this particular speed-bump!


--
/****************************

Mark Cairney
ITI Enterprise Services
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email:

PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Archive powered by MHonArc 2.6.19.

Top of Page