Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Trouble getting PSPNG to work

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Trouble getting PSPNG to work


Chronological Thread 
  • From: Bryan Wooten <>
  • To: "" <>
  • Subject: [grouper-users] Trouble getting PSPNG to work
  • Date: Tue, 22 May 2018 17:45:30 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:atIWGh2PIRMqIeVZsmDT+DRfVm0co7zxezQtwd8ZseIQIvad9pjvdHbS+e9qxAeQG9mDsLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPbQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLmiDkJOSMl8G/ZicJwjb5Urx26qhNl34LZZJuYOOZicq/De94RWGpPXtxWVyxEGo6xcpEPDuobMuZesoLyp1wOrRyiBQayAuPk1zhFiWTs3aw6yeshFxvK3QInH9IJrHTbstP1ObwPUeCp1qbIzS/PYO1L1jfg8YXFdA0qr/+LXbJ1a8XRyE8vGhvYjlWMs4PlPymZ2foQvGiG9+ZgVOSvi3I5pAFrpDig2NsshpfTio0L11/E6CN0y5s2K92gUEN3fN6pHZtKuyyeNYZ6WN4uTm5ntSogxbALu4a3cDUKxZkn3RLTduCLf5WS7h79W+udPy10iGxqdb6inxq+7Emtx+nmWsWq0FtHoTBJn9nWun0J0xHe7NWMROFn8Ue7wzmP0hje6uFaLkAwkqrWM58hwqY3lpcQq0jMAjP5lF/rjK+KbEok+vKk5Pr6bbX7vpOcNol0hR/iMqk2h8CyAeQ1PhIKUmWZ4+iwybLu8ELjTLhFjPA6iqzZv4rbJcQfqK65GQhV0oM75hmkFTen0M4XnX8dIFNLfxKHiJTpNE/IIP3jEPe/n06jkDdxy//YI7LhH43BLmLfn7f5YbZ990lcxRI8zdBF4JJUF6kBL+zpWkPoqdzYFQE2Mxavw+v8DNV915geWX6UAqOHKq/SsFmI5v4xLOmWYo8apir9J+Y/6/HwkHA5hAxVQa78l5QNb22gE+4jPl6Ue2HEg9EdHH0MsxZkCuHmlRfKBTFJYGuqUrh5+yo2EpmODIHfS5qrjaDbmiq3A8sFSHpBDwWmC2bhcc27XPAQZSTadsV7gzUCE6emTJMs0zmzqAb6jbdrM7yHqWUjqZv/2Y0ttKXonhYo+GksAg==

I am seeing this in the logs so my AD group is not getting provisioned. Below is my grouper-loader.properties and group definition.

 

Any suggestions?

 

Thanks,

 

Bryan

 

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] DEBUG Provisioner.getAllGroupsForProvisioner(1251) -  - pspng_activedirectory: There are 0 folders that match etc:pspng:do

_not_provision_to attribute

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] DEBUG Provisioner.getAllGroupsForProvisioner(1252) -  - pspng_activedirectory: There are 0 groups that match etc:pspng:do_

not_provision_to attribute

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(473) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: 0 steps are done out of 0 (NaN%)

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(486) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: 0 steps are done out of 0 (NaN%)

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(496) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: Finished. Stats: ins=0|del=0|upd=0|tot=0|t=0 secs

 

2018-05-22 10:11:11,903: [DefaultQuartzScheduler_Worker-3] DEBUG Provisioner.evaluateJexlExpression(538) -  - Evaluated Jexl _expression_: false FROM ${utils.containedWithin(provision

erName, stemAttributes['etc:pspng:provision_to'], groupAttributes['etc:pspng:provision_to']) && !utils.containedWithin(provisionerName, stemAttributes['etc:pspng:do_not_provision_to

'], groupAttributes['etc:pspng:do_not_provision_to'])} WITH variables {userSearchBaseDn=OU=People,DC=addev,DC=utah,DC=edu, provisionerType=LdapGroupProvisioner, groupCreationBaseDn=

OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu, utils=edu.internet2.middleware.grouper.pspng.PspJexlUtils@7587c73b, stemAttributes={}, provisionerName=

pspng_activedirectory, name=ref:Exclude-vpn-csi.utah.edu, groupSearchBaseDn=OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu, idIndex=19989, group=Group[

name=ref:Exclude-vpn-csi.utah.edu,uuid=60617f6541f64195814bdbda04995406], groupAttributes={}}

 

I have been following the instructions here:

https://spaces.internet2.edu/display/Grouper/Grouper+Provisioning%3A+PSPNG

 

My group is configured like this:

 

View or assign attributes  More

Filter or assign attributes

Owner type: *  

Attribute definition:       

 

Attribute name:

 

Owner group:   

 

AD Provisioned Groups:Allowed-vpn-csi.utah.edu

Enabled / disabled:         

Attribute assignments

Owner group     Attribute name Enabled?             Assignment values          Attribute definition         Assignment UUID

Delete the attribute assignment  Edit assignment details  Options              Allowed-vpn-csi.utah.edu            provision_to                enabled                  Danny                provision_to_def             252a6...

Delete the attribute assignment  Edit assignment details  Options              Allowed-vpn-csi.utah.edu                do_not_provision_to     enabled               Delete the attribute assignment value  Edit the attribute assignment value NOT_Danny            do_not_provision_to_def            f38fa...

 

Grouper-loader.properties:

 

####################################

## PSPNG

####################################

changeLog.consumer.pspng_activedirectory.provisionerName=Danny                                                                              

changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_activedirectory.quartzCron =  40 * * * * ?

changeLog.consumer.pspng_activedirectory.ldapPoolName = activeDirectory

changeLog.consumer.pspng_activedirectory.isActiveDirectory = true

changeLog.consumer.pspng_activedirectory.memberAttributeName = member

changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu

changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group

changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name}))

changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group

changeLog.consumer.pspng_activedirectory.userSearchBaseDn = OU=People,DC=addev,DC=utah,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = cn=${subject.id}

changeLog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,uid,mail,samAccountName, uidNumber,objectclass

 

otherJob.pspng_activedirectory_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter

otherJob.pspng_activedirectory_full.quartzCron = 0 * * * * ?




Archive powered by MHonArc 2.6.19.

Top of Page