grouper-users - Re: [grouper-users] LDAP loader jobs can't find connection post 2.2 (vtldap) -> 2.3 (ldaptive) upgrade
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] LDAP loader jobs can't find connection post 2.2 (vtldap) -> 2.3 (ldaptive) upgrade
Chronological Thread
- From: Jeffrey Williams <>
- To: Shilen Patel <>
- Cc: Rob Gorrell <>, "" <>
- Subject: Re: [grouper-users] LDAP loader jobs can't find connection post 2.2 (vtldap) -> 2.3 (ldaptive) upgrade
- Date: Thu, 8 Feb 2018 14:15:35 -0500
- Ironport-phdr: 9a23:N2xEPh+EHIN71f9uRHKM819IXTAuvvDOBiVQ1KB21eocTK2v8tzYMVDF4r011RmVBdyds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+54Dfbx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMNboRr4oRzut86ZrSAfpiCgZMT457HrXgdF0gK5CvR6tuwBzz4vSbYqINvRxY7ndcMsYSmpPXshfWS9PDJ6iYYQTFOcOJ/pUopPnqlcSsRezBw+hD/7vxD9SgX/22LU33eA/HgHI0gwgBcwBsXTJp9r1NacSVeS1zKjSwjXGdPNdxDDw6IrGchEvoPGMWbZwccvLxkQ0CgPFiEmfqYP/MzyLy+sNrnGW4ux9XuyhjG4nrht+ojmpxso0konJnIUVylfK9SVhx4Y1JNu4SFJhbdG4F5tQsjmWN4lsTcM8WW5ptzw2yrsYtp6nZCQK1ZInyALQa/CdbYeH/w/jWP6MLjhknX5odq+wiAqo/kil0u38S9K03E9UoiVZj9bDqmkB2hLO5ciaTPty4kih1S+R2w/P9+5LPVk4mKTGJJE/37Ewi5weulnAEC/ugEj6kq6belkm9+Wt5eTqYa7pqoOZOoJ7lg3yLrghl8mjDugkMgUDWm2W9fqi2LL9+0DyXa9EgecskqbDtZDXPcQbqbC9Aw9Syosj7gywDzai0NgBg3kHL05JdAuIjoT3JV3BPur0Dfi4g1Srnzdrw+7JMqf9DZXKK3jPiLbhfbBj5E5A0Ac/09FS645WB7wELvL+WVT+uMDdAxI2LwC43/roBdBh2Y8CWW+CB6qUPL3MvVCW/u4vJvODZI4RuDbzMfgl4PvugGc7mV8Tc6ip3J8XaHS5Hvt8OEiZfHzsjcsOEWsQoAUxUfHqhEWYUTFPf3ayQ7485jYjBYKpF4fDQZ2tgKSf0yehB5FWe3tGBU6WEXfzbIiEX/YMaDmOIs96jDAIT7mhS4k91R6wrg/6zaRoLvbK9iECq53sycV1tKXvkkQJ9T1wAsLV62iRQmU8yngIRjs72ohzvE9wjFqPzP4rreZfEIlx6v1HSAorfaHdy+h7AtXpElbDcMiITFKnS/27Bzo+CN893oldMA5GB9y+g0WbjGKRCLgPmunOXcRs/w==
- Adding the CA root certificate directly to the existing etc/pki/java/cacerts via keytool
- copying the previous "known-good" cacerts from our 2.2.0 server over to our 2.3.0 containers and copied it into /etc/pki/java/
The loader is actually still using vt-ldap. We’re working on changing that soon. But until then, if you’re using PSPNG, then you’ll be using/configuring both vt-ldap and ldaptive.
- Shilen
From: <> on behalf of Rob Gorrell <>
Date: Wednesday, January 24, 2018 at 1:54 PM
To: "" <>
Subject: [grouper-users] LDAP loader jobs can't find connection post 2.2 (vtldap) -> 2.3 (ldaptive) upgrade
We recently completed an upgrade to Grouper 2.3 and everything has gone quite well... we're back online with subject resolution to our ldap source, sql loading jobs, pspng conversion, etc... but one area we're currently struggling with is our all our LDAP loader jobs... which functioned normally prior to the upgrade, but now all complain:
"Cant find the ldap connection named: 'campusLdap' in the grouper-loader.properties. Should have entry: ldap.campusLdap.url or ldap.campusLdap.configFileFromClasspath, Problem with ldap connection: campusLdap" Prior to the upgrade, in Grouper 2.2, our grouper-loader.properties looked like this:
ldap.campusLdap.url = "ldaps://prddc02.campus.uncg.edu:636/dc=campus,dc=uncg,dc= edu
ldap.campusLdap.user = someuser
ldap.campusLdap.pass = somepassThat syntax appeared to no longer work for us in Grouper 2.3. Working with converting from the PSP to PSPNG taught us that this needed to be reconfigured to account for the switch from vtldap to ldaptive. So in Grouper 2.3, our current grouper-loader.properties now looks like this:
ldap.campusLdap.ldapUrl = ldaps://prddc02.campus.uncg.
edu:636/dc=campus,dc=uncg,dc= edu
ldap.campusLdap.bindDn = somepass
ldap.campusLdap.bindCredential = someuser
But when we execute the job, the error message indicates it expects the old (vtldap) config of .url (not the new ldaptive syntax of .ldapUrl)... which is a bit confusing. So what is an LDAP loading source supposed to look like in grouper-loader.properties under 2.3? All the wiki documention for loader and the error message being return would seem to indicate this hasn't changed from the past... but our own experience with PSPNG and knowledge of the switch to ldaptive would seem to hint otherwise.
Can anyone educate me on how ldap loading sources might need to be reconfigured post upgrade from 2.2 to 2.3?
Thanks,
-Rob
--
Robert W. Gorrell
IT Manager, Identity and Access ManagementUniversity of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
Identity Architecture, ITS
University of North Carolina at Greensboro
256-TECH (256-8324)
- Re: [grouper-users] LDAP loader jobs can't find connection post 2.2 (vtldap) -> 2.3 (ldaptive) upgrade, Jeffrey Williams, 02/08/2018
Archive powered by MHonArc 2.6.19.