Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Prasad Karkhanis" <>
  • To:
  • Subject: [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues
  • Date: Fri, 24 Jan 2020 18:32:28 +0000
Apologies if this question has been asked earlier. I've tried searching but
couldn't find this specific issue being asked, or a solution to it. We're just
starting to try out Grouper in our env, as a PoC, and have run into an issue
with the LDAP config.

Grouper version: v2.4
Docker version: 2.2.0.0

Our grouper setup is running in Docker Desktop on a Windows 10 box. We've
successfully been able to connect to a non-prod instance of Oracle 12c Exadata
DB, and are now trying to connect to OpenLDAP. We have the following stack
trace in the grouper.log file:

[main] ERROR SubjectCheckConfig.checkConfig(120) - - error with subject
source id: ldap, name: NCSU OpenLDAP, problem with getSubject by id, in
subject.properties: search searchSubject:
edu.internet2.middleware.subject.SourceUnavailableException: Ldap Exception:
Problem with ldap conection: demo,
Error querying ldap server id: demo, searchDn: ou=accounts, filter:
'(&(uid=grouperTestSubjectByIdOnStartupASDFGHJ)(objectclass=ncsuPerson))',
returning attributes: cn, uid
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:583)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:472)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:604)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:213)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:114)
at edu.internet2.middleware.grouper.misc.GrouperCheckConfig
$1.callback(GrouperCheckConfig.java:548)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:976)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:544)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:371)
at
edu.internet2.middleware.grouper.app.loader.GrouperLoader.main(GrouperLoader.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:224)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:158)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
Caused by: java.lang.NullPointerException: Problem with ldap conection: demo,
Error querying ldap server id: demo, searchDn: ou=accounts, filter:
'(&(uid=grouperTestSubjectByIdOnStartupASDFGHJ)(objectclass=ncsuPerson))',
returning attributes: cn, uid
at
org.ldaptive.provider.jndi.JndiProvider.getJndiConnectionFactory(JndiProvider.java:170)
at
org.ldaptive.provider.jndi.JndiProvider.getConnectionFactory(JndiProvider.java:90)
at
org.ldaptive.DefaultConnectionFactory.getConnection(DefaultConnectionFactory.java:127)
at
org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:471)
at
org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:514)
at
org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:364)
at
org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:261)
at
edu.internet2.middleware.grouper.ldap.ldaptive.LdaptiveSessionImpl.blockingLdapPool(LdaptiveSessionImpl.java:259)
at
edu.internet2.middleware.grouper.ldap.ldaptive.LdaptiveSessionImpl.callbackLdapSession(LdaptiveSessionImpl.java:359)
at
edu.internet2.middleware.grouper.ldap.ldaptive.LdaptiveSessionImpl.list(LdaptiveSessionImpl.java:601)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:580)
... 16 more

Our OpenLDAP connection info currently in the subject.properties file is:

subjectApi.source.ldap.param.ldapServerId.value = demo
subjectApi.source.ldap.id = ldap
subjectApi.source.ldap.name = NCSU OpenLDAP
subjectApi.source.ldap.types = person
subjectApi.source.ldap.adapterClass =
edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter

subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value =
com.sun.jndi.ldap.LdapCtxFactory
subjectApi.source.ldap.param.PROVIDER_URL.value =
ldaps://uni92ds.unity.ncsu.edu:636
subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = uid=oracle-oid-
admin,dc=ncsu,dc=edu
subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig =
**************

subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
subjectApi.source.ldap.param.Name_AttributeType.value = cn
subjectApi.source.ldap.param.Description_AttributeType.value = cn
subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value
= $
{subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'),
"")},$
{subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'),
"")}
subjectApi.source.ldap.param.sortAttribute0.value = cn
subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0

#searchSubject: find a subject by ID. ID is generally an opaque and permanent
identifier, e.g. 12345678.
# Each subject has one and only on ID. Returns one result when searching for
one ID.
subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM
%)(objectclass=ncsuAccount))
subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubject.param.base.value = ou=accounts

#searchSubjectByIdentifier: find a subject by identifier. Identifier is
anything that uniquely
# identifies the user, e.g. jsmith or .
# Subjects can have multiple identifiers. Note: it is nice to have if
identifiers are unique
# even across sources. Returns one result when searching for one identifier.
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value =
(&(|(uid=%TERM%))(objectclass=ncsuAccount))
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value =
SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value =
ou=accounts,dc=ncsu,dc=edu

# search: find subjects by free form search. Returns multiple results.
subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)
(cn=*%TERM%*))(uid=%TERM%*))(objectclass=ncsuAccount))
subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.search.param.base.value =
ou=accounts,dc=ncsu,dc=edu

subjectApi.source.ldap.attributes = givenName, sn, uid, mail, ncsuCampusID
subjectApi.source.ldap.internalAttributes = searchAttribute0

Could someone help us out with this, or point us in the right direction?

Thanks a ton!

Archive powered by MHonArc 2.6.19.

Top of Page