Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-736

Identifier comparison is case sensitive in the provisionning

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 2.1.0
    • 2.1.0
    • provisioning
    • None
    • Grouper 2.1 (API, UI, PSP) provisionning to Active Directory

    Description

      When using bulkDiff and bulkSync, the PSP fails to match the AD membership with the Grouper Membership. A "delete" and an "add" request were both created in the Diff. Executing the bulkSync it fails because it tries to add the member a second time. If new members are to be provisionned, they will NOT be because of the failure.

      This was tracked down to Grouper's case-sensitivness when comparing DNs. ADs groups members attribute contain DN with upper-case OU and DC, while grouper seems to simply append what is configured in the search base in sources.xml. If the member is provisionned to AD with lower case OU and DC, AD will change them to uppercase.

      Changing sources.xml and ldap.properties to bases with upper-case OU and DC seemed to solve the problem. Grouper should either canonicalize the DN from Grouper Group's member or use an ignore-case comparison.

      Add v v
      <spmlref:toPsoID ID='CN=test 1234,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/>
      <spmlref:toPsoID ID='CN=test 1234,OU=People,DC=devsim,DC=umontreal,DC=ca' targetID='ldap'/>
      Delete ^ ^

      $ ../bin/gsh.sh -psp -bulkDiff

      <psp:diffResponse status='success' requestID='2012/02/21-15:06:23.415'>
      <modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='group' requestID='2012/02/21-15:06:23.536' returnData='everything'>
      <psoID ID='cn=Test3,ou=Stem2,ou=UdeM,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/>

      <modification modificationMode='add'>
      <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
      <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
      <spmlref:toPsoID ID='CN=test 1234,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/>
      </spmlref:reference>
      </capabilityData>
      </modification>

      <modification modificationMode='delete'>
      <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
      <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
      <spmlref:toPsoID ID='CN=test 1234,OU=People,DC=devsim,DC=umontreal,DC=ca' targetID='ldap'/>
      </spmlref:reference>
      </capabilityData>
      </modification>
      </modifyRequest>

      <psp:id ID='UdeM:Stem2:Test3'/>
      </psp:diffResponse>

      $ ../bin/gsh.sh -psp -bulkSync

      <psp:syncResponse>
      <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2012/02/21-15:07:31.238' error='customError'>
      <errorMessage>[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0
      _]</errorMessage>
      </modifyResponse>
      <psp:id ID='UdeM:Stem2:Test3'/>
      </psp:syncResponse>

      Attachments

        Activity

          People

            tom.zeller.2@at.internet2.edu Tom Zeller
            sebgagne Sebastien Gagne (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: