Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Trouble getting PSPNG to work

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Trouble getting PSPNG to work


Chronological Thread 
  • From: Bryan Wooten <>
  • To: "" <>
  • Subject: [grouper-users] RE: Trouble getting PSPNG to work
  • Date: Tue, 22 May 2018 19:24:27 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:J5cy8hEMW2xFXX9MaZE9Ip1GYnF86YWxBRYc798ds5kLTJ7zoM6wAkXT6L1XgUPTWs2DsrQY07GQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDSwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOT4n/m/Klsx+gqFVoByjqBx+34Hbb5qYO+Bicq7ZZ94WWXZNUthXWidcAo28dYwPD+8ZMOtFtYn8p0EBrR2jDgasA+PvzSNIiWHw3aYn1OkuChvG3Qw6ENIIqnjVotL1NKAOUe+ryqnF1ijDb+9M1jf98oTHbA0uoeyVUL92bMHfx04vFwbfgVWRr4zoJy6V1vgXvGib9eZvS/+gi3M/pwFwpDiv2tkjipPPho0L1lDI6z91z5goKt2lTkNwfN2qEINIui2HN4Z7QtkuTmVqtSog17ELtpG2cDIExZg73xLTdvyKfoiS7h7+SOqdPC10iGxqdb6hnRq+70etxvDkWsWp0VtHqjBJnsfMu30CzRDe6tKLR/9580qnxD2BzRrc6vteLkAxjafbK4Auwro3lpcLsETDBij2lUXsgKCKakoo4PWo6/j9bbXmvJOTKZJ7ihzmPqQvnMywH/g4PxATU2Wb+emwzrnu8E/jTLlXgfA7nbPVvZ7GKcgDo662GQ5V0oIt6xalCDem1cwVkmIdLFNFYh2HiZLlOl/JIPD/EfewnVKsnSx2x/DaJLLhAo/BIWben7f8Zbp98VJTyBIvzdBD4JJZEr4BIOj0Wk/srNzXEAU5PxWpw+b8Ftp9zJgeVHmLAq+YK6PSrUSI6vw1L+mNYo8VpCjyK+Ij5/HwkX81h0URcre00psKOziEGaEsLF+efGLhmJIcCmoQpSI/SvDnkluPTWQVanqvFepo6Ss8FZqrF8LeXY23m5SA2ju2BJtbejoAB1yRRyTGbYKBDt0WeSuUavBmlSAJU/D1QZUw3Bfoqwj917dhBvfI8y1euJ7+gosmr9bPnA0/oGQnR/+W1HuAGjl5

Nevermind, we figured out our error….

 

-Bryan

 

From: <> On Behalf Of Bryan Wooten
Sent: Tuesday, May 22, 2018 11:46 AM
To:
Subject: [Ext] [grouper-users] Trouble getting PSPNG to work

 

******************************************************
WARNING: Stop. Think. Read. This is an external email.
******************************************************

I am seeing this in the logs so my AD group is not getting provisioned. Below is my grouper-loader.properties and group definition.

 

Any suggestions?

 

Thanks,

 

Bryan

 

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] DEBUG Provisioner.getAllGroupsForProvisioner(1251) -  - pspng_activedirectory: There are 0 folders that match etc:pspng:do

_not_provision_to attribute

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] DEBUG Provisioner.getAllGroupsForProvisioner(1252) -  - pspng_activedirectory: There are 0 groups that match etc:pspng:do_

not_provision_to attribute

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(473) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: 0 steps are done out of 0 (NaN%)

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(486) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: 0 steps are done out of 0 (NaN%)

2018-05-22 10:11:00,431: [DefaultQuartzScheduler_Worker-5] INFO  FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(496) -  - pspng_activedirectory-FullSync: Full Sync

of all groups: Finished. Stats: ins=0|del=0|upd=0|tot=0|t=0 secs

 

2018-05-22 10:11:11,903: [DefaultQuartzScheduler_Worker-3] DEBUG Provisioner.evaluateJexlExpression(538) -  - Evaluated Jexl _expression_: false FROM ${utils.containedWithin(provision

erName, stemAttributes['etc:pspng:provision_to'], groupAttributes['etc:pspng:provision_to']) && !utils.containedWithin(provisionerName, stemAttributes['etc:pspng:do_not_provision_to

'], groupAttributes['etc:pspng:do_not_provision_to'])} WITH variables {userSearchBaseDn=OU=People,DC=addev,DC=utah,DC=edu, provisionerType=LdapGroupProvisioner, groupCreationBaseDn=

OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu, , stemAttributes={}, provisionerName=

pspng_activedirectory, name=ref:Exclude-vpn-csi.utah.edu, groupSearchBaseDn=OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu, idIndex=19989, group=Group[

name=ref:Exclude-vpn-csi.utah.edu,uuid=60617f6541f64195814bdbda04995406], groupAttributes={}}

 

I have been following the instructions here:

https://spaces.internet2.edu/display/Grouper/Grouper+Provisioning%3A+PSPNG

 

My group is configured like this:

 

View or assign attributes  More

Filter or assign attributes

Owner type: *  

Attribute definition:       

 

Attribute name:

 

Owner group:   

 

AD Provisioned Groups:Allowed-vpn-csi.utah.edu

Enabled / disabled:         

 

Attribute assignments

Owner group     Attribute name Enabled?             Assignment values          Attribute definition         Assignment UUID

Delete the attribute assignment  Edit assignment details  Options              Allowed-vpn-csi.utah.edu            provision_to                enabled                  Danny                provision_to_def             252a6...

Delete the attribute assignment  Edit assignment details  Options              Allowed-vpn-csi.utah.edu                do_not_provision_to     enabled               Delete the attribute assignment value  Edit the attribute assignment value NOT_Danny            do_not_provision_to_def            f38fa...

 

Grouper-loader.properties:

 

####################################

## PSPNG

####################################

changeLog.consumer.pspng_activedirectory.provisionerName=Danny                                                                              

changeLog.consumer.pspng_activedirectory.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim

changeLog.consumer.pspng_activedirectory.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner

changeLog.consumer.pspng_activedirectory.quartzCron =  40 * * * * ?

changeLog.consumer.pspng_activedirectory.ldapPoolName = activeDirectory

changeLog.consumer.pspng_activedirectory.isActiveDirectory = true

changeLog.consumer.pspng_activedirectory.memberAttributeName = member

changeLog.consumer.pspng_activedirectory.memberAttributeValueFormat = ${ldapUser.getDn()}

changeLog.consumer.pspng_activedirectory.groupSearchBaseDn = OU=Grouper,OU=Identity Access Mgmt,OU=Department OUs,DC=addev,DC=utah,DC=edu

changeLog.consumer.pspng_activedirectory.allGroupsSearchFilter = objectclass=group

changeLog.consumer.pspng_activedirectory.singleGroupSearchFilter = (&(objectclass=group)(cn=${group.name}))

changeLog.consumer.pspng_activedirectory.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: group

changeLog.consumer.pspng_activedirectory.userSearchBaseDn = OU=People,DC=addev,DC=utah,DC=edu

changeLog.consumer.pspng_activedirectory.userSearchFilter = cn=${subject.id}

changeLog.consumer.pspng_activedirectory.userSearchAttributes = dn,cn,uid,mail,samAccountName, uidNumber,objectclass

 

otherJob.pspng_activedirectory_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter

otherJob.pspng_activedirectory_full.quartzCron = 0 * * * * ?




Archive powered by MHonArc 2.6.19.

Top of Page