Skip to Content.
Sympa Menu

grouper-users - [grouper-users] While provisioning a group with 6 members to active directory if 2 of the user is missing in peoplebaseDN of active directory provisioning of the whole group fails. Using PSP apibinary 2.2.0 version

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] While provisioning a group with 6 members to active directory if 2 of the user is missing in peoplebaseDN of active directory provisioning of the whole group fails. Using PSP apibinary 2.2.0 version


Chronological Thread 
  • From: Siju Jacob <>
  • To: " Mailing List" <>
  • Cc: Omer Almatary <>, Nazeer Syed <>
  • Subject: [grouper-users] While provisioning a group with 6 members to active directory if 2 of the user is missing in peoplebaseDN of active directory provisioning of the whole group fails. Using PSP apibinary 2.2.0 version
  • Date: Mon, 12 Mar 2018 15:40:44 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:qi11lB1gwbTlSU9fsmDT+DRfVm0co7zxezQtwd8ZseMUKvad9pjvdHbS+e9qxAeQG9mDsLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPbQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vyi84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYP+d8cKzAZ9MXXWpPUNhMWSxdDI2ybIoPAPYOMutDtYbxu0cCoAGiCQWwBu7izCJDiH/s3a091uQsCRzI3A0iH9ITrX/aqM/6O7sVUe+u0aLFyi7Db/FU1Dvh9oTFaRchofCQXb5qa8rR1FUvFwzbgVWKsozpJS2a2fkQs2WC6edrSOyhi2kiqw5rozivwN8hiojPhoIJ1F/E7yN5z5gpJdGmUkJ0f8OrEIZWuiqHNIV2WtsvT3x0tCs10LELtpy2cDIFxZg63RLSb/OKf5CV7h79V+udOzZ1iGhrdb+9nRq+7Fasx+36W8KpylhFtDBFncPJtn0V1xzc9MyHSvxl80m5xTuB0Bzf5+9dLU46kqTWJYctwrkrmZUNq0jDGTL2mFntg6+Ra0Uk/PWn5/7/YrX8oZ+cK5F7hR3iMqQvncy/B/40Mg8TX2iH/eS807rj/U7jTLpWif02l7HVsJHcJcsFuq60GxJZ3pos5hqlADqr0s4UkHYaIF5ffB+KgJDlO1TUL/D5Cfe/jU6skDBux/3eJb3hAJfAImTdnLr6erZ96lJcxBApzdBC+5JUBa8OIOjoWkPrqtPXEwI5PxSuw+n7ENV9yp8eWWWXD6+WKqPStkKI5voxLOmWfYMVpS39JOY/5/71lnI5nV4dfbK13ZsMdny0BPVmI0OFYXXymNcBF3kFvhYgQODwllKNTCNTND6OWPd26Ss8FZqrF8LeXY23m5SA2ju2BJtbejoAB1yRWVLhdoGFXfhETCOJPoUpxjMeUqW5RpVkyAqjrhTSyrx7I/DS9zFC85/vyY4myffUkEQJ9D5pR+aU2GaHBzVvnDxQHRcx3bw5u1FhxVqZyu51j+EORo8b3O9ATgpvbc2U9Od9Ed2nH1uZJto=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi,

    While provisioning a group with 6 members to active directory, if 2 of the users is missing in peoplebaseDN of active directory, provisioning of the whole group fails.

    Is there any configuration to change this behavior. If there is say 4 members out of 6 members available in peoplebaseDN of active directory still the group can get provisioned in active directory using PSP apibinary 2.2.0 version.

 

Below is the add request made to RAD

 

2018-02-28 16:47:15,856: [DefaultQuartzScheduler_Worker-1] INFO  BaseSpmlProvider.execute(153) -  - Target 'ldap1' - Add AddRequest[psoID=PSOIdentifier[id='CN=ru-Meadowlands Env Research Inst_Staff_systemOfRecord,OU=etc,OU=10894,OU=10066,OU=Orgs,OU=Groups,DC=TestRad,DC=rutgers,DC=edu',targetID=ldap1,containerID=<null>],targetID=ldap1,returnData=everything,requestID=2018/02/28-16:47:15.855]

2018-02-28 16:47:15,857: [DefaultQuartzScheduler_Worker-1] INFO  BaseSpmlProvider.execute(157) -  - Target 'ldap1' - Add XML:

<addRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='group' requestID='2018/02/28-16:47:15.855' targetId='ldap1' returnData='everything'>

  <psoID ID='CN=ru-Meadowlands Env Research Inst_Staff_systemOfRecord,OU=etc,OU=10894,OU=10066,OU=Orgs,OU=Groups,DC=TestRad,DC=rutgers,DC=edu' targetID='ldap1'/>

  <data>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectClass'>

      <dsml:value>top</dsml:value>

      <dsml:value>group</dsml:value>

    </dsml:attr>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='cn'>

      <dsml:value>ru-Meadowlands Env Research Inst_Staff_systemOfRecord</dsml:value>

    </dsml:attr>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='description'>

     <dsml:value>ru-Meadowlands Env Research Inst_Staff_systemOfRecord auto-created by grouperLoader</dsml:value>

    </dsml:attr>

    <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='sAMAccountName'>

      <dsml:value>ru-Meadowlands Env Research Inst_Staff_systemOfRecord</dsml:value>

    </dsml:attr>

  </data>

  <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>

      <spmlref:toPsoID ID='CN=joegrzyb,OU=People,DC=TestRad,DC=Rutgers,DC=Edu' targetID='ldap1'/>

    </spmlref:reference>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>

      <spmlref:toPsoID ID='CN=pildiko,OU=People,DC=TestRad,DC=Rutgers,DC=Edu' targetID='ldap1'/>

    </spmlref:reference>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>

      <spmlref:toPsoID ID='CN=yy446,OU=People,DC=TestRad,DC=Rutgers,DC=Edu' targetID='ldap1'/>

    </spmlref:reference>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>

      <spmlref:toPsoID ID='CN=ses329,OU=People,DC=TestRad,DC=Rutgers,DC=Edu' targetID='ldap1'/>

    </spmlref:reference>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>

      <spmlref:toPsoID ID='CN=yl1137,OU=People,DC=TestRad,DC=Rutgers,DC=Edu' targetID='ldap1'/>

    </spmlref:reference>

    <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>

      <spmlref:toPsoID ID='CN=mws90,OU=People,DC=TestRad,DC=Rutgers,DC=Edu' targetID='ldap1'/>

    </spmlref:reference>

  </capabilityData>

</addRequest>

 

Below is the ad request Error Message response from AD since 2 members( yl1137, mws90)  are missing in AD

 

2018-02-28 16:47:15,866: [DefaultQuartzScheduler_Worker-1] ERROR BaseSpmlProvider.execute(188) -  - Target 'ldap1' - Add AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]},requestID=2018/02/28-16:47:15.855]

2018-02-28 16:47:15,866: [DefaultQuartzScheduler_Worker-1] ERROR BaseSpmlProvider.execute(190) -  - Target 'ldap1' - Add XML:

<addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2018/02/28-16:47:15.855' error='customError'>

  <errorMessage>[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]</errorMessage>

</addResponse>

 

2018-02-28 16:47:15,866: [DefaultQuartzScheduler_Worker-1] ERROR BaseSpmlProvider.execute(188) -  - Target 'psp' - Add AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]},requestID=2018/02/28-16:47:15.855]

2018-02-28 16:47:15,867: [DefaultQuartzScheduler_Worker-1] ERROR BaseSpmlProvider.execute(190) -  - Target 'psp' - Add XML:

<addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2018/02/28-16:47:15.855' error='customError'>

  <errorMessage>[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]</errorMessage>

</addResponse>

 

2018-02-28 16:47:15,867: [DefaultQuartzScheduler_Worker-1] ERROR Psp.execute(1452) -  - Psp 'psp' - Sync SyncResponse[id=orgs:10066:10894:etc:ru-Meadowlands Env Research Inst_Staff_systemOfRecord,status=failure,error=customError,errorMessages={[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]},requestID=2018/02/28-16:47:13.487,AddResponse[pso=<null>,status=failure,error=customError,errorMessages={[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]},requestID=2018/02/28-16:47:15.855]]

2018-02-28 16:47:15,867: [DefaultQuartzScheduler_Worker-1] ERROR Psp.execute(1454) -  - Psp 'psp' - Sync SPML:

<psp:syncResponse xmlns:psp='http://grouper.internet2.edu/psp' status='failure' requestID='2018/02/28-16:47:13.487' error='customError'>

  <addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2018/02/28-16:47:15.855' error='customError'>

    <errorMessage>[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]</errorMessage>

  </addResponse>

  <errorMessage>[LDAP: error code 32 - 00000525: NameErr: DSID-031A1292, problem 2001 (NO_OBJECT), data 0, best match of:

                ''

_]</errorMessage>

  <psp:id ID='orgs:10066:10894:etc:ru-Meadowlands Env Research Inst_Staff_systemOfRecord'/>

</psp:syncResponse>

 

 

Thanks,

Siju


  • [grouper-users] While provisioning a group with 6 members to active directory if 2 of the user is missing in peoplebaseDN of active directory provisioning of the whole group fails. Using PSP apibinary 2.2.0 version, Siju Jacob, 03/12/2018

Archive powered by MHonArc 2.6.19.

Top of Page