Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
Grouper v2.3.0 with all PSPNG patches running on Linux Ubuntu 16.04.4 LTS xenial
Description
We have configured nine PSPNG provisioners, performing both incremental and full updates, of which eight are synchronizing Grouper to our Oracle LDAP, while one is synchronizing to our Active Directory (AD).
The provisioners synchronizing to our Oracle LDAP are working fine both with regards to incremental and full updates. All good.
The provisioner synchronizing to our AD instead is not working.
The groups were created correctly in AD with all the correct users.
Note that at this stage we remove about 300 groups created by PSPNG from our AD and replaced them with existing groups to preserve the GUID.
The full updates then run without any errors, with FullSyncProvisioner.startFullSyncOfAllGroupsAndWaitForCompletion(473) running up to 100%:
...
activeDirectory-FullSync: Full Sync of all groups: 4841 steps are done out of 8948 (54.10147518998659%)
activeDirectory-FullSync: Full Sync of all groups: 4845 steps are done out of 8948 (54.14617791685293%)
...
but FullSyncProvisioner$FullSyncQueueItem.processingCompletedSuccessfully(111) always produces ins=0|del=0|upd=0:
...
ins=0|del=0|upd=0|tot=19|t=0
ins=0|del=0|upd=0|tot=1|t=0
ins=0|del=0|upd=0|tot=310|t=7 secs
...
which sounds strange as we are constantly having users added/removed from Grouper, so we were expecting ins, del or upd values different from zero.
The incremental updates fail to add or remove users.
When trying to add a user (attrMod=ADD) we get:
providerException=javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000562: UpdErr: DSID-031A11E2, problem 6005 (ENTRY_EXISTS), data 0
When trying to remove a user (attrMod=REMOVE) we get the error instead:
providerException=javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00000561: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0
Please let us know if you need more details on any configuration parameters or our log files.