Grouper Users - Open Discussion List

[Bryan Wooten <>]

Nevermind, we figured out our error….

 

-Bryan

 

From: <> On Behalf Of Bryan Wooten
Sent: Tuesday, May 22, 2018 11:46 AM
To:
Subject: [Ext] [grouper-users] Trouble getting PSPNG to work

 

******************************************************
WARNING: Stop. Think. Read. This is an external email.
******************************************************

I am seeing this in the logs so my AD group is not getting provisioned. Below is my grouper-loader.properties and group definition.

 

Any suggestions?

 

Thanks,

 

Bryan

 

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] DEBUG Provisioner.getAllGroupsForProvisioner(1251) -  - pspng_activedirectory: There are 0 folders that match etc:pspng:do

_not_provision_to attribute

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] DEBUG Provisioner.getAllGroupsForProvisioner(1252) -  - pspng_activedirectory: There are 0 groups that match etc:pspng:do_

not_provision_to attribute

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(473) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: 0 steps are done out of 0 (NaN%)

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(486) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: 0 steps are done out of 0 (NaN%)

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(496) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: Finished. Stats: ins=0|del=0|upd=0|tot=0|t=0 secs

 

2018-05-22 10:11:11,903: [DefaultQuartzScheduler_Worker-3] DEBUG Provisioner.evaluateJexlExpression(538) -  - Evaluated Jexl _expression_: false FROM ${utils.containedWithin(provision

erName, stemAttributes['etc:pspng:provision_to'], groupAttributes['etc:pspng:provision_to']) && !utils.containedWithin(provisionerName, stemAttributes['etc:pspng:do_not_provision_to

'], groupAttributes['etc:pspng:do_not_provision_to'])} WITH variables {userSearchBaseDn=OU=People,DC=addev,DC=utah,DC=edu, provisionerType=LdapGroupProvisioner, groupCreationBaseDn=

OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu, , stemAttributes={}, provisionerName=

pspng_activedirectory, name=ref:Exclude-vpn-csi.utah.edu, groupSearchBaseDn=OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu, idIndex=19989, group=Group[

name=ref:Exclude-vpn-csi.utah.edu,uuid=60617f6541f64195814bdbda04995406], groupAttributes={}}

 

I have been following the instructions here:

https://spaces.internet2.edu/display/Grouper/Grouper+Provisioning%3A+PSPNG

 

My group is configured like this:

 

View or assign attributes  More

Filter or assign attributes

Owner type: *  

Attribute definition:       

 

Attribute name:

 

Owner group:   

 

AD Provisioned Groups:Allowed-vpn-csi.utah.edu

Enabled / disabled:         

 

Attribute assignments

Owner group     Attribute name Enabled?             Assignment values          Attribute definition         Assignment UUID

Delete the attribute assignment  Edit assignment details  Options              Allowed-vpn-csi.utah.edu            provision_to                enabled                  Danny                provision_to_def             252a6...

Delete the attribute assignment  Edit assignment details  Options              Allowed-vpn-csi.utah.edu                do_not_provision_to     enabled               Delete the attribute assignment value  Edit the attribute assignment value NOT_Danny            do_not_provision_to_def            f38fa...

 

Grouper-loader.properties:

 

####################################

## PSPNG

####################################

changeLog.consumer.pspng_activedirectory.provisionerName=Danny                                                                              

changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_activedirectory.quartzCron =  40 * * * * ?

changeLog.consumer.pspng_activedirectory.ldapPoolName = activeDirectory

changeLog.consumer.pspng_activedirectory.isActiveDirectory = true

changeLog.consumer.pspng_activedirectory.memberAttributeName = member

changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu

changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group

changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name}))

changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group

changeLog.consumer.pspng_activedirectory.userSearchBaseDn = OU=People,DC=addev,DC=utah,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = cn=${subject.id}

changeLog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,uid,mail,samAccountName, uidNumber,objectclass

 

otherJob.pspng_activedirectory_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter

otherJob.pspng_activedirectory_full.quartzCron = 0 * * * * ?