grouper-users - [grouper-users] Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter using GrouperJndiSourceAdapter

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter using GrouperJndiSourceAdapter

From: Siju Jacob <>
To: " Mailing List" <>
Subject: [grouper-users] Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter using GrouperJndiSourceAdapter
Date: Wed, 24 Jul 2019 20:49:01 +0000
Arc-authentication-results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=oit.rutgers.edu;dmarc=pass action=none header.from=oit.rutgers.edu;dkim=pass header.d=oit.rutgers.edu;arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9K8yTqeQ9y2tCMhD2O2p8JxnODmgydX0BUbpqA/J4Aw=; b=XWQJ6jlcuV98H0VBI1Zv1ME/YE7aU3Kaqd9AH7QnOzrFBUn5meaXPgstoPeU6DQodlx+sqLOe8WrGsujgBkR1kWbbKrKEq2sFOBqZ0SGXfxiaSODXr7fbxwEQYJxOveSdXCilo04D7bNbjDWI6IeNiGAXMDRL3+tNNIV5cawW4+nrStDsVy3N5dMNMd/JMHtRm30hmD7H1wams9h13J7QD6Ds/CpO1BezwteVUerZCWg6k8OArLMj6DkF9yxlk0W3OVUrG6Cm6KxYr+HrtOJFAKyf6RpPIqRz3+tySsRXhg4Ql59V1nEod0Ql1GkBUQ+t4r9dKUDyDDVMRtn0795AQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lcuANYIHlI7gLmlryx3SvzZdLZmz/loYlxjosJW9pQIHU11Ra6GNrf8t+asHBXuX50eZfKHYGHPn89CDG6GyqKfnCvceGot2eTvelUQAVsS99hOHQk71Ut3xL6G/eyQ2NDADuSSWzp676GHYtqgJH6cGc1YOjOVfmz3c2UoUPvUkAETXTf+GtXLSPuBmNs5fXzpr45dm0ZXKBNRzmUc/geLVNCqUw0OrIjL5pE3OJH0Pq5j8nW6GsFZ3d+BCYr5uuNxKyVz2rPNwGN1yeYgpgdneAPBaL2rz46vjgWmGQbkjdfhgsc13fsRZJjf8r5sVUN4hP28M9pr8KdZmegfodQ==

Hi Team,

We are upgrading from grouper 2.3 to grouper 2.4

I am having trouble connecting to ldap using GrouperJndiSourceAdapter in subject.properties

subjectApi.source.ldap_servicedn.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter

It works fine with LdapSourceAdapterLegacy

subjectApi.source.ldap_servicedn.adapterClass = edu.internet2.middleware.subject.provider.LdapSourceAdapterLegacy

Below is the exception I get with GrouperJndiSourceAdapter when the server starts up

subject.properties jdbc source id: jdbc: GrouperJdbcConnectionProvider

subject.properties ldap source id: ldap_servicedn: nonPersonLdap

24-Jul-2019 16:41:22.399 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive C:\opt\grouper\apache-tomcat-8.5.12\webapps\grouper-ws.war has finished in 27,164 ms

24-Jul-2019 16:41:22.405 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [http-nio-8080]

24-Jul-2019 16:41:22.413 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [ajp-nio-8009]

24-Jul-2019 16:41:22.417 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 27215 ms

Subject API error: error with subject source id: ldap_servicedn, name: Service Dns from LDAP, problem with getSubject by id, in subject.properties: search searchSubject: , edu.internet2.middleware.subject.SourceUnavailableException: Ldap Exception: Could not initialize pool,

Problem with ldap conection: nonPersonLdap,

Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter: '(& (uid=grouperTestSubjectByIdOnStartupASDFGHJ))', returning attributes: [Ljava.lang.String;@67955775

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:541)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:433)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:562)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:189)

at edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:114)

at edu.internet2.middleware.grouper.misc.GrouperCheckConfig$1.callback(GrouperCheckConfig.java:530)

at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:974)

at edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:526)

at edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:313)

at edu.internet2.middleware.grouper.subj.SubjectResolverFactory.getInstance(SubjectResolverFactory.java:58)

at edu.internet2.middleware.grouper.SubjectFinder.getResolver(SubjectFinder.java:928)

at edu.internet2.middleware.grouper.SubjectFinder.findRootSubject(SubjectFinder.java:913)

at edu.internet2.middleware.grouper.GrouperSession.startRootSession(GrouperSession.java:427)

at edu.internet2.middleware.grouper.instrumentation.InstrumentationThread$1.run(InstrumentationThread.java:69)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: java.lang.IllegalStateException: Could not initialize pool,

Problem with ldap conection: nonPersonLdap,

at edu.vt.middleware.ldap.pool.AbstractLdapPool.initializePool(AbstractLdapPool.java:173)

at edu.vt.middleware.ldap.pool.AbstractLdapPool.initialize(AbstractLdapPool.java:128)

at edu.internet2.middleware.grouper.ldap.vtldap.VTLdapSessionImpl.blockingLdapPool(VTLdapSessionImpl.java:240)

at edu.internet2.middleware.grouper.ldap.vtldap.VTLdapSessionImpl.callbackLdapSession(VTLdapSessionImpl.java:263)

at edu.internet2.middleware.grouper.ldap.vtldap.VTLdapSessionImpl.list(VTLdapSessionImpl.java:475)

at edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:538)

... 16 more

· Below is the entry from my grouper-loader.properties

    ldap.nonPersonLdap.url="ldaps://test-ldap.rutgers.edu:636/dc=rutgers,dc=edu,ou=Special" Users

ldap.nonPersonLdap.user = uid=XXXXX-authentication,ou=Special Users,dc=rutgers,dc=edu

                   ldap.nonPersonLdap.pass = xxxxxxxxxxxxxxxxxx

===========================================================================================================

· Below is the entry from my subject.properties

#########################################

## Configuration for source id: ldap-servicedn

## Source configName: ldap_servicedn

#########################################

subjectApi.source.ldap_servicedn.id = ldap_servicedn

# this is a friendly name for the source

subjectApi.source.ldap_servicedn.name = Service Dns from LDAP

# type is not used all that much. Can have multiple types, comma separate. Can be person, group, application

subjectApi.source.ldap_servicedn.types = person

subjectApi.source.ldap_servicedn.param.ldapServerId.value=nonPersonLdap

# the adapter class implements the interface: edu.internet2.middleware.subject.Source

# adapter class must extend: edu.internet2.middleware.subject.provider.BaseSourceAdapter

# edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter2 : if doing JDBC this should be used if possible. All subject data in one table/view.

# edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter : oldest JDBC source. Put freeform queries in here

# edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter : used for LDAP

subjectApi.source.ldap_servicedn.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter

# e.g. com.sun.jndi.ldap.LdapCtxFactory

subjectApi.source.ldap_servicedn.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory

# e.g. ldap://localhost:389

subjectApi.source.ldap_servicedn.param.PROVIDER_URL.value = ldaps://test-ldap.rutgers.edu:636

# e.g. simple, none, sasl_mech

subjectApi.source.ldap_servicedn.param.SECURITY_AUTHENTICATION.value = simple

# e.g. cn=Manager,dc=example,dc=edu

subjectApi.source.ldap_servicedn.param.SECURITY_PRINCIPAL.value = uid=xxxxxxxxxxxx,ou=Special Users,dc=rutgers,dc=edu

# can be a password or a filename of the encrypted password

subjectApi.source.ldap_servicedn.param.SECURITY_CREDENTIALS.value = xxxxxxxxxxxxxxxxxxxxxxxx

# ldap attribute which is the subject id. e.g. exampleEduRegID Each subject has one and only one subject id. Generally it is opaque and permanent.

subjectApi.source.ldap_servicedn.param.SubjectID_AttributeType.value = uid

# if the subject id should be changed to lower case after reading from datastore. true or false

subjectApi.source.ldap_servicedn.param.SubjectID_formatToLowerCase.value = false

# attribute which is the subject name

subjectApi.source.ldap_servicedn.param.Name_AttributeType.value = cn

# attribute which is the subject description

subjectApi.source.ldap_servicedn.param.Description_AttributeType.value = ou

# This virtual attribute index 0 is accessible via: subject.getAttributeValue("searchAttribute0");

subjectApi.source.ldap_servicedn.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}

# the 1st sort attribute for lists on screen that are derived from member table (e.g. search for member in group)

# you can have up to 5 sort attributes

subjectApi.source.ldap_servicedn.param.sortAttribute0.value = cn

# the 1st search attribute for lists on screen that are derived from member table (e.g. search for member in group)

# you can have up to 5 search attributes

subjectApi.source.ldap_servicedn.param.searchAttribute0.value = searchAttribute0

#searchSubject: find a subject by ID. ID is generally an opaque and permanent identifier, e.g. 12345678.

# Each subject has one and only on ID. Returns one result when searching for one ID.

# sql is the sql to search for the subject by id. %TERM% will be subsituted by the id searched for

subjectApi.source.ldap_servicedn.search.searchSubject.param.filter.value = (& (uid=%TERM%))

# Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE

subjectApi.source.ldap_servicedn.search.searchSubject.param.scope.value = SUBTREE_SCOPE

# base dn to search in

subjectApi.source.ldap_servicedn.search.searchSubject.param.base.value = ou=Special Users,dc=rutgers,dc=edu

#searchSubjectByIdentifier: find a subject by identifier. Identifier is anything that uniquely

# identifies the user, e.g. jsmith or .

# Subjects can have multiple identifiers. Note: it is nice to have if identifiers are unique

# even across sources. Returns one result when searching for one identifier.

# sql is the sql to search for the subject by identifier. %TERM% will be subsituted by the identifier searched for

subjectApi.source.ldap_servicedn.search.searchSubjectByIdentifier.param.filter.value = (& (uid=%TERM%))

# Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE

subjectApi.source.ldap_servicedn.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE

# base dn to search in

subjectApi.source.ldap_servicedn.search.searchSubjectByIdentifier.param.base.value = ou=Special Users,dc=rutgers,dc=edu

# search: find subjects by free form search. Returns multiple results.

# sql is the sql to search for the subject by free form search. %TERM% will be subsituted by the text searched for

subjectApi.source.ldap_servicedn.search.search.param.filter.value = (& (|(|(uid=%TERM%)(cn=*%TERM%*))))

# Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE

subjectApi.source.ldap_servicedn.search.search.param.scope.value = SUBTREE_SCOPE

# base dn to search in

subjectApi.source.ldap_servicedn.search.search.param.base.value = ou=Special Users,dc=rutgers,dc=edu

# attributes from ldap object to become subject attributes. comma separated

subjectApi.source.ldap_servicedn.attributes = cn, sn, uid, ou

# internal attributes are used by grouper only not exposed to code that uses subjects. comma separated

subjectApi.source.ldap_servicedn.internalAttributes = searchAttribute0

==========================================================================================================

Thanks,

Siju Jacob

[grouper-users] Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter using GrouperJndiSourceAdapter, Siju Jacob, 07/24/2019
- Re: [grouper-users] Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter using GrouperJndiSourceAdapter, Julio Polo, 07/24/2019

List archive

[grouper-users] Error querying ldap server id: nonPersonLdap, searchDn: ou=Special Users,dc=rutgers,dc=edu, filter using GrouperJndiSourceAdapter