Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Grouper 2.4 upgrade deleted some groups from Active Directory

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Grouper 2.4 upgrade deleted some groups from Active Directory


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: "" <>, Siju Jacob <>
  • Subject: Re: [grouper-users] Grouper 2.4 upgrade deleted some groups from Active Directory
  • Date: Wed, 14 Apr 2021 20:22:54 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r30mW4T50wNYzvqIm3daWeW23t2mgT7UCEla3XK9orc=; b=XMHPeZQqEQZbZfGC4MFqEDlJt8979+zs2ViyBnCTy8ROU5hc/kPVfyUTDZZVEJxGERoSBuzbeQFPgEzhUXXHJvyZTviQHdkTYCoLz0oqgCk8kY1wJ7f4HA/joTsFGx3Q5my6RD/PrgI3Zf0+AgTYw+v4JysHMNJRk85zXxvm46iT66sgED/iOFUOcofGO7Mroxcz9oK0Q8s9oWAi9j3t9aTYZgRW6Yv7kX6IthgK3RBBoG/8huWkOrSdXa7VbzmEMP/69D32fnlMNqs6VvLeuyyGUdXwyOY9a0jk/CkbEE5dJyaZdJKeby6sG4FB0YNzOd0bjmi+RoKAQfc3OuTpJA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QHRtD1TTi1yugDu4YmVSK0ncRmT/1Frcy1dsGEobnHu+/Jw3p+CwBng7ptGYF3RcWNucirH4V1lGdU9xlQo3VZnu0sfA0rV4jW2/6x0HL711H/tWPuocMyqHnM19uXZfDC7zw5JemnNhb8ZcN/+9THlk26EW+RAjXVsNHzyL3MTZyFR1TdaK3rHX38WEULvkAmiY0Tt4SGs9QwLTkxpGy8fGZkH5YXvqS3i/4Vt8Y+BcS5FJaUT/KEum3J6GA+0l/KOVaOJfl1Ii7KuwUiwJrIwv8OPSMCC6wpHxs7w6HQQNAMbUrDXW6Ps6ZDk1cQZH4pIsn26vp9tJTc5aOxJqRQ==

Can you please discuss this on the incommon-grouper slack channel?

There was a problem with deleting groups, its fixed in 2.5 🙂  You didnt go to 2.5?  🙂

As a workaround you could make Grouper not authoritative (i.e. dont delete groups) until you get on 2.5 with the fixed code?  and maybe adjust the credential to not be able to delete?

From: <> on behalf of Siju Jacob <>
Sent: Monday, April 5, 2021 5:51 PM
To: <>
Subject: [grouper-users] Grouper 2.4 upgrade deleted some groups from Active Directory
 

Hi Team,

     We upgraded to grouper 2.4 over the week end.

We were using PSPNG with grouper 2.3 as well.

Next day PSPNG full sync ran and deleted some of the groups from Active Directory.

Did any of you come across such an issue.

 

Below is the only logs I could find although running in debug mode.

 

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:567 - Fetching membership attribute, too

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:777 - Evaluated SingleGroupSearchFilter Jexl _expression_: '39630'

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:777 - Evaluated SingleGroupSearchFilter Jexl _expression_: 'ru-student'

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:797 - Evaluated entire SingleGroupSearchFilter Jexl _expression_: '(&(objectclass=group)(gidNumber=39630)(cn=ru-student))'

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:531 - pspng_activedirectory-full: Searching for group ds:rad:ru-student/#39630(Existing) with:: [org.ldaptive.SearchFilter@1958711200::filter=(&(objectclass=group)(gidNumber=39630)(cn=ru-student)), parameters={}]

2021-04-04 04:06:15 DEBUG LdapSystem:796 - Running ldap search: <OU=Groups,DC=rad,DC=rutgers,DC=edu>/SUBTREE: (&(objectclass=group)(gidNumber=39630)(cn=ru-student)) << {}

2021-04-04 04:06:15 DEBUG LdapSystem:730 - Doing ldap search: [org.ldaptive.SearchFilter@1958711200::filter=(&(objectclass=group)(gidNumber=39630)(cn=ru-student)), parameters={}] / OU=Groups,DC=rad,DC=rutgers,DC=edu / [cn, gidNumber, samAccountName, objectclass, member]

2021-04-04 04:06:15 DEBUG LdapSystem:740 - Using attribute-value paging

2021-04-04 04:06:15 DEBUG LdapSystem:751 - Using ldap search-result paging

2021-04-04 04:06:15 DEBUG LdapSystem:807 - Ldap result: CN=ru-student,OU=Groups,DC=rad,DC=rutgers,DC=edu

2021-04-04 04:06:15 INFO  LdapSystem:819 - LDAP search returned 1 entries

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:542 - pspng_activedirectory-full: Group search returned cn=ru-student,ou=groups,dc=rad,dc=rutgers,dc=edu

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:1125 - Adding target-system group to cache: ds:rad:ru-student/#39630(Existing)

2021-04-04 04:06:15 DEBUG pspng_activedirectory-full:567 - Fetching membership attribute, too

 

2021-04-04 04:06:36 INFO  LdapSystem:404 - rutgersRad: Deleting LDAP object: cn=ru-student,ou=groups,dc=rad,dc=rutgers,dc=edu

 

 

Any advice or guidance will be of great help and would be greatly appreciated..!

 

 

Thanks,

Siju Jacob




Archive powered by MHonArc 2.6.24.

Top of Page