Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-736

Identifier comparison is case sensitive in the provisionning

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.1.0
    • Component/s: provisioning
    • Labels:
      None
    • Environment:
      Grouper 2.1 (API, UI, PSP) provisionning to Active Directory

      Description

      When using bulkDiff and bulkSync, the PSP fails to match the AD membership with the Grouper Membership. A "delete" and an "add" request were both created in the Diff. Executing the bulkSync it fails because it tries to add the member a second time. If new members are to be provisionned, they will NOT be because of the failure.

      This was tracked down to Grouper's case-sensitivness when comparing DNs. ADs groups members attribute contain DN with upper-case OU and DC, while grouper seems to simply append what is configured in the search base in sources.xml. If the member is provisionned to AD with lower case OU and DC, AD will change them to uppercase.

      Changing sources.xml and ldap.properties to bases with upper-case OU and DC seemed to solve the problem. Grouper should either canonicalize the DN from Grouper Group's member or use an ignore-case comparison.

      Add v v
      <spmlref:toPsoID ID='CN=test 1234,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/>
      <spmlref:toPsoID ID='CN=test 1234,OU=People,DC=devsim,DC=umontreal,DC=ca' targetID='ldap'/>
      Delete ^ ^

      $ ../bin/gsh.sh -psp -bulkDiff

      <psp:diffResponse status='success' requestID='2012/02/21-15:06:23.415'>
      <modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' entityName='group' requestID='2012/02/21-15:06:23.536' returnData='everything'>
      <psoID ID='cn=Test3,ou=Stem2,ou=UdeM,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/>

      <modification modificationMode='add'>
      <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
      <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
      <spmlref:toPsoID ID='CN=test 1234,ou=People,dc=devsim,dc=umontreal,dc=ca' targetID='ldap'/>
      </spmlref:reference>
      </capabilityData>
      </modification>

      <modification modificationMode='delete'>
      <capabilityData mustUnderstand='true' capabilityURI='urn:oasis:names:tc:SPML:2:0:reference'>
      <spmlref:reference xmlns='urn:oasis:names:tc:SPML:2:0' xmlns:spmlref='urn:oasis:names:tc:SPML:2:0:reference' typeOfReference='member'>
      <spmlref:toPsoID ID='CN=test 1234,OU=People,DC=devsim,DC=umontreal,DC=ca' targetID='ldap'/>
      </spmlref:reference>
      </capabilityData>
      </modification>
      </modifyRequest>

      <psp:id ID='UdeM:Stem2:Test3'/>
      </psp:diffResponse>

      $ ../bin/gsh.sh -psp -bulkSync

      <psp:syncResponse>
      <modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='failure' requestID='2012/02/21-15:07:31.238' error='customError'>
      <errorMessage>[LDAP: error code 68 - 00000562: UpdErr: DSID-031A119B, problem 6005 (ENTRY_EXISTS), data 0
      _]</errorMessage>
      </modifyResponse>
      <psp:id ID='UdeM:Stem2:Test3'/>
      </psp:syncResponse>

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              tom.zeller.2@at.internet2.edu Tom Zeller
              Reporter:
              sebgagne Sebastien Gagne (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: