Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] [PSPNG] Not deleting groups in LDAP

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] [PSPNG] Not deleting groups in LDAP


Chronological Thread 
  • From: Yoann Delattre <>
  • To: "" <>
  • Subject: Re: [grouper-users] [PSPNG] Not deleting groups in LDAP
  • Date: Thu, 1 Feb 2018 08:45:15 +0100
  • Dkim-filter: OpenDKIM Filter v2.11.0 webmail.ac-lille.fr EFDE9CEE08
  • Ironport-phdr: 9a23:1c1eghQy4TwXJbDQ00CbzQVUPtpsv+yvbD5Q0YIujvd0So/mwa6yZhON2/xhgRfzUJnB7Loc0qyK6/mmATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfa5+IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4qF2QxHqlSgHLSY0/nzXhMJugqJVoxyvqBJwzIHWfI6YL+Bxcr/HcN4AWWZMUMRcWipcCY28dYsPCO8BMP5aoIn6vVQOqx2+DhSiCuzxzj9HnGP23bEg0+s/DArL2wwhH9UUv3TSqtX5LrodXv6xzKbS0TXDc+lW1inm5YfSbh8tuPWMXbN0ccrV10YjDQ3Fjk+JpIHjIjib2OMNs22B4OphU+Kik28nqwdtojex3McsjJfGhp4Lxlze6yp23Zs1KNulQ0B4ed6pCIZcuiWVOodsX88vR2VltDw4x7ACo5K3YTUGxZYhyhXCcfKIaZKI7QjmVOuJITd3mnZleLWnihmo70ityvfwWdOo31pTqipFk93MtnQT2BDJ5MiHUONx/kan2TmRywDe8vxILEQ7mKbBNpIsxro9moARvEnHBCP6hVj6ga2OekUh4Oeo6uDnYrv8pp+bMo95kgH/MqM0lcy5B+Q0KBUBUHaf+eumyL3j4Vf5T6tRg/IsjqbVqZTaJcUfpq69HQBZyIgj6wynAze8zNsYhWUHLE5CeB+fgIjpIVbOIO3gDfihmVSgiSprx+vYMb37GZXANXzDkLb6fbZh8E5Q1hA/zdFZ55JIFL4BOvTzVVHttNDGFBM2LRG7w/u0QOl6g8kRQ2WSGqKDdb7JvEWTzuMpP+SWYoIJ4nDwJ+Vvr6rhl3gkgVIHOLSy0IEMQHG+Avl8JUiFOzzhjspXQkkQuQ9rfevjjlvKfTNXbmquRa90siA8AYSgS4vOQomxnKaM9C6wW5lXYmRLTF6WRyS7P76YUusBPXrBavRqlSYJAOCs

Hello !

anyone ?

Thanks !
Yoann


Le 18/12/2017 à 09:22, Yoann Delattre a écrit :

Hello everyone,

for summarise :

When grouperIsAuthoritative is set to true, a group deleted in Grouper are not deleted in LDAP.
No problem when i create groups or delete members : all this changes are provisioned correctly in the LDAP.

Has anyone ran into this issue?

Thanks,
Yoann.
Le 11/12/2017 à 16:02, Yoann Delattre a écrit :

grouperIsAuthoritative was set to true.
So i tried set it to false, and now it works...Strange :-/

maybe something wrong with my conf ?

changeLog.consumer.pspng_brancheGrouper.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_brancheGrouper.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
changeLog.consumer.pspng_brancheGrouper.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_brancheGrouper.ldapPoolName = aclille
changeLog.consumer.pspng_brancheGrouper.memberAttributeName = uniqueMember
changeLog.consumer.pspng_brancheGrouper.memberAttributeValueFormat = ${ldapUser.getDn()}
changeLog.consumer.pspng_brancheGrouper.groupSearchBaseDn = ou=Grouper,ou=xxxxx,o=yyyy,c=zz
changeLog.consumer.pspng_brancheGrouper.allGroupsSearchFilter = objectclass=groupOfUniqueNames
changeLog.consumer.pspng_brancheGrouper.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(cn=${group.name}))
changeLog.consumer.pspng_brancheGrouper.groupSearchAttributes = cn,objectclass
changeLog.consumer.pspng_brancheGrouper.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfUniqueNames||objectclass: educationnationale
changeLog.consumer.pspng_brancheGrouper.userSearchBaseDn = ou=people,ou=xxxxx,o=yyyy,c=zz
changeLog.consumer.pspng_brancheGrouper.userSearchFilter = uid=${subject.id}
changeLog.consumer.pspng_brancheGrouper.grouperIsAuthoritative = false

Thanks for your help !

Yoann

Le 11/12/2017 à 15:18, Jeffrey Williams a écrit :
Hi Yoann,

My first thought was whether you had grouperIsAuthoritative set?

Should groups in the groupSearchBaseDn/allGroupSearchFilter be removed if they no longer exist in Grouper?

By default, it is set to FALSE, which sounds like the behavior you're experiencing.

On Mon, Dec 11, 2017 at 9:11 AM, Yoann Delattre <> wrote:

Hello everyone,

i have a problem with the PSPNG : a group deleted in Grouper are not deleted in LDAP.
It's weird because i have c

I get this in the log :

2017-12-11 11:39:00,045: [DefaultQuartzScheduler_Worker-9] INFO  ProvisioningWorkItem.setStatus(143) -  - Work item handled: ProvisioningWorkItem[successful=true,msg=Ignoring work item because group is not provisioned,clog=clog #3921904 / ChangeLog type: group: deleteGroup,group=test-pspng4:test-2]

Anyone encounter this issue ?

Thanks for your help,
Yoann

--




--
Jeffrey Williams, Identity Management Specialist
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)




Archive powered by MHonArc 2.6.19.

Top of Page