Grouper Users - Open Discussion List

["Poddar, Amit" <>]

Hi,

Its PSPNG 2.4 patch 4 that breaks the provisioning

---

From: Coleman, Erik C <>
Sent: Tuesday, July 16, 2019 3:36:45 PM
To: Poddar, Amit;
Subject: RE: Error when provisioning to AD

 

I’m building Grouper in Docker containers.  After scouring build logs, I have narrowed down (slightly) the patch revision differences between when it was working and not working:

 

2.4.0-a32-u15-w5-p3-20190314-rc1   (working)

2.4.0-a32-u23-w5-p6-20190501-rc1   (not working)

 

I did not deploy any docker image revisions in between these two.  So it seems like PSPNG patches 4, 5 or 6 may be suspect. Bert, can you speak to these patch revisions and this particular issue?

 

Thanks,

Erik

 

 

 

From: Poddar, Amit <>
Sent: Tuesday, July 16, 2019 2:03 PM
To: Coleman, Erik C <>;
Subject: Re: Error when provisioning to AD

 

Did you apply  a patch

 

Get Outlook for iOS

---

From: Coleman, Erik C <>
Sent: Tuesday, July 16, 2019 2:58:19 PM
To: Poddar, Amit;
Subject: RE: Error when provisioning to AD

 

Yes, this was working in 2.4, and it has since stopped working.

 

-Erik

 

 

From: Poddar, Amit <>
Sent: Monday, July 15, 2019 1:16 PM
To: Coleman, Erik C <>;
Subject: Re: Error when provisioning to AD

 

You had the erorrs in 2.4 also?

 

Amit

---

From: Coleman, Erik C <>
Sent: Monday, July 15, 2019 1:00:31 PM
To: Poddar, Amit;
Subject: RE: Error when provisioning to AD

 

Exact same error I was reporting a couple days ago!  (See “JEXL syntax with PSPNG filters”) Glad it’s not just me! 😊

 

However, in your case, you are using the attribute value “Netid”, I’m assuming that this is configured in your subject.properties as a user attribute?  I’m doing the same thing, but happen to keep its name “sAMAccountName” in my subject config.  But it looks like we are hitting the same JEXL error.

 

-Erik

 

 

From: <> On Behalf Of Poddar, Amit
Sent: Sunday, July 14, 2019 5:10 PM
To:
Subject: [grouper-users] Error when provisioning to AD

 

Hi,

 

After upgrading from Grouper 2.3 to Grouper 2.4 with all the latest patches, PSPNG provisioning to AD has started failing. The error message in the log file is.

 

2019-07-14 18:06:01,138: [TSUserFetcher-pspng_activedirectory-full-1] ERROR Provisioner.evaluateJexlExpression(746) -  - Jexl _expression_ UserSearchFilter 'sAMAccountName=${subject.getAttributeValue("Netid")}' could not be evaluated for subject ''11452412'/'person'/'sourceId'/null' and group 'null/null' which used variableMap '{userSearchBaseDn=dc=yu,dc=yale,dc=net, provisionerType=LdapGroupProvisioner, groupCreationBaseDn=OU=Test,OU=YaleGroups,DC=yu,DC=yale,DC=net, , subject='11452412'/'person'/'sourceId', provisionerName=pspng_activedirectory, groupSearchBaseDn=OU=Test,OU=YaleGroups,DC=yu,DC=yale,DC=net}'

java.lang.RuntimeException: Error substituting string: '${subject.getAttributeValue("Netid")}'

        at edu.internet2.middleware.grouper.util.GrouperUtil.substituteExpressionLanguage(GrouperUtil.java:9483)

        at edu.internet2.middleware.grouper.pspng.Provisioner.evaluateJexlExpression(Provisioner.java:702)

        at edu.internet2.middleware.grouper.pspng.LdapProvisioner.getUserLdapFilter(LdapProvisioner.java:283)

        at edu.internet2.middleware.grouper.pspng.LdapProvisioner.fetchTargetSystemUsers(LdapProvisioner.java:211)

        at edu.internet2.middleware.grouper.pspng.Provisioner.fetchTargetSystemUser(Provisioner.java:1135)

        at edu.internet2.middleware.grouper.pspng.Provisioner$2.call(Provisioner.java:855)

        at edu.internet2.middleware.grouper.pspng.Provisioner$2.call(Provisioner.java:841)

        at java.util.concurrent.FutureTask.run(FutureTask.java:266)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

        at java.lang.Thread.run(Thread.java:748)

Caused by: org.apache.commons.jexl2.JexlException: ]: 'subject.getAttributeValue('Netid');' method invocation error

        at org.apache.commons.jexl2.Interpreter.call(Interpreter.java:1076)

        at org.apache.commons.jexl2.Interpreter.visit(Interpreter.java:1100)

        at org.apache.commons.jexl2.parser.ASTMethodNode.jjtAccept(ASTMethodNode.java:18)

        at org.apache.commons.jexl2.Interpreter.visit(Interpreter.java:1317)

        at org.apache.commons.jexl2.parser.ASTReference.jjtAccept(ASTReference.java:18)

        at org.apache.commons.jexl2.Interpreter.interpret(Interpreter.java:232)

        at org.apache.commons.jexl2.ExpressionImpl.evaluate(ExpressionImpl.java:65)

        at edu.internet2.middleware.grouper.util.GrouperUtil.substituteExpressionLanguage(GrouperUtil.java:9434)

        ... 10 more

Caused by: java.lang.IllegalStateException: There is no open GrouperSession detected.  Make sure to start a grouper session (e.g. GrouperSession.startRootSession() if you want to use a root session ) before calling this method

        at edu.internet2.middleware.grouper.GrouperSession.staticGrouperSession(GrouperSession.java:1150)

        at edu.internet2.middleware.grouper.GrouperSession.staticGrouperSession(GrouperSession.java:1098)

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.find(SourcesXmlResolver.java:316)

        at edu.internet2.middleware.grouper.subj.CachingResolver.find(CachingResolver.java:143)

        at edu.internet2.middleware.grouper.subj.ValidatingResolver.find(ValidatingResolver.java:105)

        at edu.internet2.middleware.grouper.SubjectFinder.findByIdAndSource(SubjectFinder.java:504)

        at edu.internet2.middleware.grouper.subj.LazySubject.getSubject(LazySubject.java:215)

        at edu.internet2.middleware.grouper.subj.LazySubject.getAttributeValue(LazySubject.java:139)

 

Any help would be greatly appreciated, since this is the only issue holding us up before production upgrade.

 

Thanks,

Amit