grouper-users - Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch'
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch'
Chronological Thread
- From: "Bee-Lindgren, Bert" <>
- To: Scott Koranda <>
- Cc: grouper-users <>
- Subject: Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch'
- Date: Wed, 5 Sep 2018 17:05:42 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:PL4VAhf5rY1Nw0qdcGdFB2zylGMj4u6mDksu8pMizoh2WeGdxc27YBON2/xhgRfzUJnB7Loc0qyK6/+mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbF/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRBDI2icoUPE+QPM+VWr4b/plsBsRSxCBK2C+/z1jNFnGP60bEn3+knDArI3BYgH9ULsHnMotn4KbkdXv6swKfOzDXDae5Z2Tjn6IfWdBAtueyHUK9ufsrL1UkjGR7Og1KLpoP7JTOVyv4BvHOF4OV+TO6vj28nqwdsrTig3McjlI/Ji5kSylDF6SV12ok1KsekSEFlfdGkEIFcuD+HOItrW84vRXxjtig9yr0Do5G7fS4KxYwoxx7FbPyHbpCI7Qz5VOqLOzh4nGpldKq9hxa16keg0PD8Vs+v0FZKsCVFlt3MumoX1xzO7MiKTOZ28ES52TuXyQzc8P1ILV0xmKbGNpIt37s9lpQcvEjfAiP7nUv2g7GZe0o5/+Wl7ubqbqnoppOEKYN5ixzyPrgrl8CiDuk1MQ0DU3WV+eigyrHu+FD1TbtWgvEql6TUvo7WKMsYq6O8AwJY0IYu5ha6Ajqp0tkVkmQLIVdYdBKJkoTkP0nCIP7mAvq8n1ihlTJmyOvaMrDvA5jAK3jOnKr/cbt57kNT1Bc8wcxQ6p9RF74MI/b+V073udfFFBE2KRa0zPziCNhl1oMRR2aPAqiBPa3KrVKG4f4jLuaVaIILoTjxNuEp5/n1gnAng1MderSp3YcMZ3C/A/RmJViWbWD0gtcbFmcKohQxQ/D2iF2DVj5TYWy+X6Uh5jEnDIKmCoDDRoO3jLOd2ye7G4VaZmFACl+SDXflb5uIVO0QZC6PJ8JtjyEIWaWkRo8v2hyiqBP2xr9pLuXK9SAXqJfu2d136uHPmxE+7Tl0AN6c02GJQWF0hGQIRzou0a9kv0N90EuD3bJjjPNGC9Nf/vdJUgY8NZHBwOx6Ec79WgTac9eOSVamXs+qAT4rQdIt3dABf0Z9F8+8gR/ewiqmG6UVmKCTBJwo7qLc2GD8J8lny3bByakhl0cpQtFWOW27na5w6RLTB5XSnkWdlqaqbrgc3DXT+GuZzGqOul1YXxBqUaXDQ38felXaoc7n6UzfUr/9QYggZzBKztKeYohNcNTvgVwOEOzgP87XZW64s2i1DBeMgLiLady5VX8a2XCXIkUJ1iQS+3qJLwU4Qm+LrnjCRnQ6H1/1fwXm/OQ7rHK9QkAuwgeiaEx9kbW85hMehbqRR+5FjeFMgzsotzghRAX15NnREdfV4lM5JP8GM9og/FdK037YvAVhP5umarpvnUMabx8o4hH1zxsiDIJGnIBqt34swAdoYYOgmFJaP3L9v9jrP6HPbGz7/RShcanTj1vTysrQ8KoCrfA5rVnspgyvPk0j7zNo2sVY2Hva65nXX0If
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
|
I'm glad that things are now working well!
Please create a Jira for the member-required/member-deletion behavior you're seeing, as it might just be a logging problem or you might be correct that it's relying on the full sync to repair the situation. Either way, I'll clean it up so it deletes the group immediately.
Thanks, Bert
From: Scott Koranda <>
Sent: Wednesday, September 5, 2018 6:18 AM To: Bee-Lindgren, Bert Cc: grouper-users Subject: Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch' Hi,
> otherJob.pspng_attributes_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter > otherJob.pspng_attributes_full._full.quartzCron = 0 * * * * ? Ah. Thanks. I read "otherJob" in the wiki page as a template, not literally. I now have a working configuration (see below) that does exactly what I want--it provisions groupOfNames and manages the isMemberOf attribute on a person record. I did notice, however, that even though I have changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false when all users are deleted from a group I see in the log file 2018-09-05 09:52:20,160: [DefaultQuartzScheduler_Worker-4] ERROR LdapSystem.performLdapModify(418) - - ldapMasterPool: Ldap modification failed [org.ldaptive.LdapException@1485179000::resultCode=OBJECT_CLASS_VIOLATION, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'groupOfNames' requires attribute 'member']; remaining name 'cn=myorg_co:co_members_all,ou=groups,o=gn4phase1,dc=myorg,dc=org', providerException=javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'groupOfNames' requires attribute 'member']; remaining name 'cn=myorg_co:co_members_all,ou=groups,o=gn4phase1,dc=myorg,dc=org'] at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55) at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619) at org.ldaptive.provider.jndi.JndiConnection.modify(JndiConnection.java:425) at edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapModify(LdapSystem.java:384) at edu.internet2.middleware.grouper.pspng.LdapSystem.performLdapModify(LdapSystem.java:366) at edu.internet2.middleware.grouper.pspng.LdapProvisioner.makeIndividualLdapChanges(LdapProvisioner.java:552) at edu.internet2.middleware.grouper.pspng.LdapProvisioner.finishProvisioningBatch(LdapProvisioner.java:294) at edu.internet2.middleware.grouper.pspng.Provisioner.provisionBatchOfItems(Provisioner.java:1670) at edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim.processChangeLogEntries(PspChangelogConsumerShim.java:71) at edu.internet2.middleware.grouper.changeLog.ChangeLogHelper.processRecords(ChangeLogHelper.java:245) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$5.runJob(GrouperLoaderType.java:638) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:465) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:345) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) I do see that the group is de-provisioned correctly, presumably by the "background" full-sync provisioning "engine running which is automatically used when incremental provisioning finds conflicting changes or otherwise is unable to handle the changelog events." So the ERROR message, though strictly accurate, is not helpful since it does not represent the overall status of PSPNG. Is this a known issue? Thanks, Scott K P.S. Here is my full configuration: ldap.ldapMasterPool.ldapUrl = ldap://ldap-master:389 ldap.ldapMasterPool.bindDn = uid=grouper,ou=system,dc=myorg,dc=org ldap.ldapMasterPool.bindCredential = password changeLog.consumer.pspng_groupOfNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_groupOfNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false changeLog.consumer.pspng_groupOfNames.ldapPoolName = ldapMasterPool changeLog.consumer.pspng_groupOfNames.quartzCron = 0/10 * * * * ? changeLog.consumer.pspng_groupOfNames.memberAttributeName = member changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()} changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,o=myorg,dc=myorg,dc=org changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name})) changeLog.consumer.pspng_groupOfNames.groupSearchAttributes=cn,objectclass changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,o=myorg,dc=myorg,dc=org changeLog.consumer.pspng_groupOfNames.userSearchFilter = employeeNumber=${subject.id} changeLog.consumer.pspng_groupOfNames.userSearchAttributes = dn,cn,uid,mail,eduPersonPrincipalName,objectclass,employeeNumber,isMemberOf changeLog.consumer.pspng_attributes.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_attributes.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner changeLog.consumer.pspng_attributes.quartzCron = 0/10 * * * * ? changeLog.consumer.pspng_attributes.retryOnError = true changeLog.consumer.pspng_attributes.ldapPoolName = ldapMasterPool changeLog.consumer.pspng_attributes.provisionedAttributeName = isMemberOf changeLog.consumer.pspng_attributes.provisionedAttributeValueFormat = ${group.name} changeLog.consumer.pspng_attributes.userSearchBaseDn = ou=people,o=myorg,dc=myorg,dc=org changeLog.consumer.pspng_attributes.userSearchFilter = employeeNumber=${subject.id} changeLog.consumer.pspng_attributes.userSearchAttributes = dn,cn,uid,mail,eduPersonPrincipalName,objectclass,employeeNumber,isMemberOf changeLog.consumer.pspng_attributes.allProvisionedValuesPrefix = * changeLog.consumer.pspng_attributes.grouperIsAuthoritative = true otherJob.pspng_groupOfNames_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter #otherJob.pspng_groupOfNames_full.quartzCron = 0 0 0 * * ? #Every midnight otherJob.pspng_groupOfNames_full.quartzCron = 0 * * * * ? #Every minute for testing otherJob.pspng_attributes_full.class = edu.internet2.middleware.grouper.pspng.FullSyncStarter #changeLog.consumer.pspng_attributes.quartzCron = 0 0 0 * * ? #Every midnight otherJob.pspng_attributes_full.quartzCron = 0 * * * * ? #Every minute for testing |
- [grouper-users] PSPNG full sync 'Did not get all the way through the batch', Scott Koranda, 09/04/2018
- Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch', Bee-Lindgren, Bert, 09/04/2018
- Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch', Scott Koranda, 09/05/2018
- Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch', Bee-Lindgren, Bert, 09/05/2018
- Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch', Scott Koranda, 09/05/2018
- Re: [grouper-users] PSPNG full sync 'Did not get all the way through the batch', Bee-Lindgren, Bert, 09/04/2018
Archive powered by MHonArc 2.6.19.