grouper-users - Re: [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues
Chronological Thread
- From: Shilen Patel <>
- To: Prasad Karkhanis <>
- Cc: "" <>
- Subject: Re: [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues
- Date: Fri, 24 Jan 2020 18:46:06 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=duke.edu; dmarc=pass action=none header.from=duke.edu; dkim=pass header.d=duke.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MEXgdbtEZtgmS2HWRqRqGPBxtZfTkSf1HjvSnsWARP4=; b=dvVycIRuTReaop4tXDS/ewqseLYoWbBtVDiLb9jp0ZotlJd5fSfujqMEKoEGobzTM+UDtJONwUnK0R7KB+Sv1sWSXVr0JIznWacHSoeaZj45o1T7TFmZtLlOgOLyBuvG+cOL1VDCfGBskr22DyFJjYBMLktzOsizxe1ff7y4I8ghQNgQ5f41Bj7NhG96W3o88DzVfrkc1ER8X8tC3UUumGlv9XWbQvaU9+UKgxO/ZhKZE+ihNZwx2gbiPxVZIzNArJ0C3e353/+urD7UFqiW9NodKTYaEK3lEDOYQQFeCIH1yUt7DUpKagAolcO3CbU5LJbfbiyMauf6hbL+2xKgIQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hLYcP5AEtr/Ba2i407yRoKN4HJuYtVKeUjOhD+5OLJx14ZzivdxqH3vYl4i9duremmVVEWra8JWR+eQhKYzO8oFlkklogbTEEw3HJXMZPHJfQhtDPjfTZL1XyCdX00uN+UECapMkd/8bNa2aPQ/7D1g5QZgIHd+s2kCCEHkwdAgQA3Y4obEi9HFxQKN4gPkskqW/Hi58UllBAPpKM0FJGFR1UVv7WQVbtJJ0H40Pt1DIgsdmaYRST07H9KWo4O/Z+jDnxi/FUpOqYFU9oO9TvGEWQ70pgOQ8UUaIpZ30sJgkDkZSgZ+fSjoCTEX0o+0FqUW81MbMnoOdtFgtoYUM9Q==
The issue might be that the ldap connection information should be in the
grouper-loader.properties file.
ldap.demo.url = ldaps://uni92ds.unity.ncsu.edu:636
ldap.demo.user = uid=oracle-oid-admin,dc=ncsu,dc=edu
ldap.demo.pass =
And I think your base also needs to be added to the property:
subjectApi.source.ldap.search.searchSubject.param.base.value
- Shilen
On 1/24/20, 1:32 PM, " on behalf of Prasad
Karkhanis" < on behalf of
> wrote:
Apologies if this question has been asked earlier. I've tried searching
but
couldn't find this specific issue being asked, or a solution to it. We're
just
starting to try out Grouper in our env, as a PoC, and have run into an
issue
with the LDAP config.
Grouper version: v2.4
Docker version: 2.2.0.0
Our grouper setup is running in Docker Desktop on a Windows 10 box. We've
successfully been able to connect to a non-prod instance of Oracle 12c
Exadata
DB, and are now trying to connect to OpenLDAP. We have the following stack
trace in the grouper.log file:
[main] ERROR SubjectCheckConfig.checkConfig(120) - - error with subject
source id: ldap, name: NCSU OpenLDAP, problem with getSubject by id, in
subject.properties: search searchSubject:
edu.internet2.middleware.subject.SourceUnavailableException: Ldap
Exception:
Problem with ldap conection: demo,
Error querying ldap server id: demo, searchDn: ou=accounts, filter:
'(&(uid=grouperTestSubjectByIdOnStartupASDFGHJ)(objectclass=ncsuPerson))',
returning attributes: cn, uid
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:583)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResults(LdapSourceAdapter.java:472)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapUnique(LdapSourceAdapter.java:604)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getSubject(LdapSourceAdapter.java:213)
at
edu.internet2.middleware.subject.SubjectCheckConfig.checkConfig(SubjectCheckConfig.java:114)
at edu.internet2.middleware.grouper.misc.GrouperCheckConfig
$1.callback(GrouperCheckConfig.java:548)
at
edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:976)
at
edu.internet2.middleware.grouper.misc.GrouperCheckConfig.checkConfig(GrouperCheckConfig.java:544)
at
edu.internet2.middleware.grouper.misc.GrouperStartup.startup(GrouperStartup.java:371)
at
edu.internet2.middleware.grouper.app.loader.GrouperLoader.main(GrouperLoader.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.handleSpecialCase(GrouperShell.java:224)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:158)
at
edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
Caused by: java.lang.NullPointerException: Problem with ldap conection:
demo,
Error querying ldap server id: demo, searchDn: ou=accounts, filter:
'(&(uid=grouperTestSubjectByIdOnStartupASDFGHJ)(objectclass=ncsuPerson))',
returning attributes: cn, uid
at
org.ldaptive.provider.jndi.JndiProvider.getJndiConnectionFactory(JndiProvider.java:170)
at
org.ldaptive.provider.jndi.JndiProvider.getConnectionFactory(JndiProvider.java:90)
at
org.ldaptive.DefaultConnectionFactory.getConnection(DefaultConnectionFactory.java:127)
at
org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:471)
at
org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:514)
at
org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:364)
at
org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:261)
at
edu.internet2.middleware.grouper.ldap.ldaptive.LdaptiveSessionImpl.blockingLdapPool(LdaptiveSessionImpl.java:259)
at
edu.internet2.middleware.grouper.ldap.ldaptive.LdaptiveSessionImpl.callbackLdapSession(LdaptiveSessionImpl.java:359)
at
edu.internet2.middleware.grouper.ldap.ldaptive.LdaptiveSessionImpl.list(LdaptiveSessionImpl.java:601)
at
edu.internet2.middleware.subject.provider.LdapSourceAdapter.getLdapResultsHelper(LdapSourceAdapter.java:580)
... 16 more
Our OpenLDAP connection info currently in the subject.properties file is:
subjectApi.source.ldap.param.ldapServerId.value = demo
subjectApi.source.ldap.id = ldap
subjectApi.source.ldap.name = NCSU OpenLDAP
subjectApi.source.ldap.types = person
subjectApi.source.ldap.adapterClass =
edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter
subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value =
com.sun.jndi.ldap.LdapCtxFactory
subjectApi.source.ldap.param.PROVIDER_URL.value =
ldaps://uni92ds.unity.ncsu.edu:636
subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = uid=oracle-oid-
admin,dc=ncsu,dc=edu
subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig =
**************
subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
subjectApi.source.ldap.param.Name_AttributeType.value = cn
subjectApi.source.ldap.param.Description_AttributeType.value = cn
subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value
= $
{subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'),
"")},$
{subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'),
"")}
subjectApi.source.ldap.param.sortAttribute0.value = cn
subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
#searchSubject: find a subject by ID. ID is generally an opaque and
permanent
identifier, e.g. 12345678.
# Each subject has one and only on ID. Returns one result when
searching for
one ID.
subjectApi.source.ldap.search.searchSubject.param.filter.value =
(&(uid=%TERM
%)(objectclass=ncsuAccount))
subjectApi.source.ldap.search.searchSubject.param.scope.value =
SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubject.param.base.value = ou=accounts
#searchSubjectByIdentifier: find a subject by identifier. Identifier is
anything that uniquely
# identifies the user, e.g. jsmith or .
# Subjects can have multiple identifiers. Note: it is nice to have if
identifiers are unique
# even across sources. Returns one result when searching for one
identifier.
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value =
(&(|(uid=%TERM%))(objectclass=ncsuAccount))
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value
=
SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value =
ou=accounts,dc=ncsu,dc=edu
# search: find subjects by free form search. Returns multiple results.
subjectApi.source.ldap.search.search.param.filter.value =
(&(|(|(uid=%TERM%)
(cn=*%TERM%*))(uid=%TERM%*))(objectclass=ncsuAccount))
subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.search.param.base.value =
ou=accounts,dc=ncsu,dc=edu
subjectApi.source.ldap.attributes = givenName, sn, uid, mail, ncsuCampusID
subjectApi.source.ldap.internalAttributes = searchAttribute0
Could someone help us out with this, or point us in the right direction?
Thanks a ton!
- [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues, Prasad Karkhanis, 01/24/2020
- Re: [grouper-users] Novice users performing a fresh install of Grouper v2.4, LDAP connection issues, Shilen Patel, 01/24/2020
Archive powered by MHonArc 2.6.19.