grouper-users - Re: [grouper-users] Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Grouper

From: Andre Daniels <>
To:
Subject: Re: [grouper-users] Grouper
Date: Mon, 28 Jan 2019 09:21:06 -0800
Ironport-phdr: 9a23:SwLeMxa0UoOj7pI9+xyi+jH/LSx+4OfEezUN459isYplN5qZoMu+bnLW6fgltlLVR4KTs6sC17KG9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjE2/mHYiNZwgqJVrhyiuhJx3ZLbbZqPO/ZiZK7QZ88WSXZDU8tXSidPApm8b4wKD+cZIetYqZTyp0EQohCjCwejHuXvyj5WiX/yxq0xzuMsHhvA3AM9BdIBrnbZodf3OaoJTOC60LLIwinZY/xIxDj99ZHFfxY8qv+PRbJ9adTdxEgzGw7Hi1iQp4/oMCiJ2ukIvGWW7OttWO2qhmI5tw18pz2iydkyhobVgI8e10rK+j9jwIkvIN21UE57bsCgEJtXryyaMpF5QsImQ21xpiY60aAKtYe0fScU1pgo2wTTa/OAc4iP7RLjUPieLS1ki3JifbKznxey8U6+xe3gTsS4zldHojZHn9TJuHAA1Afc5tSCR/Zy/Uqs2DmC2gXN5u1YJE05kLTUJ4A9zbIok5ocq0XDHiv4mEXsi6+Wc10p9fKu6+v6eLXpuJ2ROo12hwzlL6Qhhte/DvgiPgcQQmeb5Pyw1Kf/8k3hXLVKkvo2n7HWsJDAIsQbu7a5DBFP0oo69ha/FCmp0M4DnXQcKFJFeQmHj5TyO13UIfD4C+u/jEq2kDdt2f/GIqPtDo/TIXfejbeyNYp6vkFGzxcrwMoa+olZEKopIfTvV1X3ucCCSBI1Ll+Ozv7jGel6g4oYVXiCKrKSK6iUvFOVtcw1JOzZTYkZoju1B/Ej5vPqljdtkFkRZ6T2gsQ/dXujFbJrL1jPMimkucsIDWpf5ll2d+ftklDXCTM=

We tried to use syntax like this filter=(&(objectclass=groupOfNames)(cn=admin)(ou:dn:=groupA)(ou:dn:=allGroups) but we got the following error

2019-01-28 09:13:47,661: [DefaultQuartzScheduler_Worker-5] ERROR LdapObject.matchesLdapFilter(279) - Problem checking ldap filter in memory: [org.ldaptive.SearchFilter@-453243967::filter=(&(objectclass=groupOfNames)(cn=admin)(ou:dn:=groupA)(ou:dn:=allGroups)) , parameters={}]
LDAPException(resultCode=92 (not supported), errorMessage='Extensible matching is not supported when attempting to determine whether a given entry matches a search filter.')

I am wondering if this error is just followed up by a call to the ldap service and can safely be ignored.

Andre

On Fri, Jan 25, 2019 at 5:48 PM Andre Daniels <> wrote:

Hello,

I am a not sure how to best configure pspng to provision to an ldap ou that has a folder-like hierarchy and groups with similar names. The groupSearchBaseDn does not appear to accept a jexl _expression_, so how does one prevent name collision? If I set the baseDn to allGroups, how does the provisioner determine whether a given update is for the allGroups:groupA:admins or allGroups:groupB:admins?

Thanks,
Andre

--
Andre Daniels
Sr. Developer/Security Analyst
University of California Santa Cruz
(831) 459-1980

Andre Daniels

Sr. Developer/Security Analyst

University of California Santa Cruz

(831) 459-1980

[grouper-users] Grouper, Andre Daniels, 01/26/2019
- Re: [grouper-users] Grouper, Andre Daniels, 01/28/2019
- Re: [grouper-users] Grouper, Greg Haverkamp, 01/28/2019
- Re: [grouper-users] Grouper, Bee-Lindgren, Bert, 01/28/2019
- Re: [grouper-users] Grouper, Crawford, Jeffrey, 01/30/2019

List archive

Re: [grouper-users] Grouper