Groups are not properly provisioned - Githubissues

SURFscz / COmanage-ldapfixedprovisioner

COmanage Plugin for the LDAP Provisioner with fixed configuration

Apache License 2.0

0 stars 0 forks source link

Groups are not properly provisioned #2

Open baszoetekouw opened 6 years ago

baszoetekouw commented 6 years ago

Provisioning of people works well, but groups aren't properly provisioned (event though the plugin reports success to the user). The problem seems to be that the plugin doesn't get enough information from COmanage. For people, COmanage calls CoLdapFixedProvisionerTarget::provision() with provisioningData set to a rich array like

provisioningData=Array(
    [CoPerson] => Array
        (
            [id] => 714
            [co_id] => 3
            [status] => A
            [timezone] => 
            [created] => 2018-02-05 15:01:52
            [modified] => 2018-02-05 15:03:51
            [co_person_id] => 
            [revision] => 5
            [deleted] => 
            [actor_identifier] => 
        )

    [Co] => Array
        (
            [id] => 3
            [name] => SURFnet test foo
            [description] => Test-CO voor SURFnet tests
            [status] => A
            [created] => 2017-10-17 07:26:35
            [modified] => 2017-12-04 10:07:55
        )

    [PrimaryName] => Array
        (
            [id] => 1089
            [honorific] => 
            [given] => Student1
            [middle] => 
            [family] => van De Test-IdP
            [suffix] => 
            [type] => official
            [language] => 
            [co_person_id] => 714
            [org_identity_id] => 
            [primary_name] => 1
            [source_name_id] => 
            [created] => 2018-02-05 15:01:52
            [modified] => 2018-02-05 15:01:52
            [name_id] => 
            [revision] => 0
            [deleted] => 
            [actor_identifier] => 
        )

    [CoGroupMember] => Array
        (
            [0] => Array
                (
                    [id] => 351
                    [co_group_id] => 12
                    [co_person_id] => 714
                    [member] => 1
                    [owner] => 
                    [source_org_identity_id] => 
                    [created] => 2018-02-05 15:01:52
                    [modified] => 2018-02-05 15:01:52
                    [co_group_member_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] => 
                    [CoGroup] => Array
                        (
                            [id] => 12
                            [co_id] => 3
                            [cou_id] => 
                            [name] => CO:members:all
                            [description] => SURFnet test foo Members
                            [open] => 
                            [status] => A
                            [group_type] => M
                            [auto] => 1
                            [created] => 2017-10-17 07:26:35
                            [modified] => 2017-12-04 10:07:55
                            [co_group_id] => 
                            [revision] => 1
                            [deleted] => 
                            [actor_identifier] => bas@xxx.example.org
                        )

                )

            [1] => Array
                (
                    [id] => 352
                    [co_group_id] => 11
                    [co_person_id] => 714
                    [member] => 1
                    [owner] => 
                    [source_org_identity_id] => 
                    [created] => 2018-02-05 15:03:51
                    [modified] => 2018-02-05 15:03:51
                    [co_group_member_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] => bas@xxx.example.org
                    [CoGroup] => Array
                        (
                            [id] => 11
                            [co_id] => 3
                            [cou_id] => 
                            [name] => CO:members:active
                            [description] => SURFnet test foo Active Members
                            [open] => 
                            [status] => A
                            [group_type] => MA
                            [auto] => 1
                            [created] => 2017-10-17 07:26:35
                            [modified] => 2017-12-04 10:07:55
                            [co_group_id] => 
                            [revision] => 1
                            [deleted] => 
                            [actor_identifier] => bas@xxx.example.org
                        )

                )

        )

    [CoOrgIdentityLink] => Array
        (
            [0] => Array
                (
                    [id] => 160
                    [co_person_id] => 714
                    [org_identity_id] => 957
                    [created] => 2018-02-05 15:01:52
                    [modified] => 2018-02-05 15:01:52
                    [co_org_identity_link_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] => 
                    [OrgIdentity] => Array
                        (
                            [id] => 957
                            [status] => 
                            [affiliation] => 
                            [title] => 
                            [o] => SURFnet
                            [ou] => 
                            [co_id] => 3
                            [valid_from] => 
                            [valid_through] => 
                            [created] => 2018-02-05 15:01:52
                            [modified] => 2018-02-05 15:01:52
                            [org_identity_id] => 
                            [revision] => 1
                            [deleted] => 
                            [actor_identifier] => eppn_student@xxx.example.org
                            [Identifier] => Array
                                (
                                    [0] => Array
                                        (
                                            [id] => 325
                                            [identifier] => eppn_student@xxx.example.org
                                            [type] => eppn
                                            [login] => 1
                                            [status] => A
                                            [co_person_id] => 
                                            [org_identity_id] => 957
                                            [source_identifier_id] => 
                                            [created] => 2018-02-05 15:03:02
                                            [modified] => 2018-02-05 15:03:02
                                            [identifier_id] => 
                                            [revision] => 0
                                            [deleted] => 
                                            [actor_identifier] => eppn_student@xxx.example.org
                                        )

                                )

                        )

                )

        )

    [CoPersonRole] => Array
        (
            [0] => Array
                (
                    [id] => 718
                    [co_person_id] => 714
                    [sponsor_co_person_id] => 
                    [cou_id] => 
                    [affiliation] => affiliate
                    [title] => 
                    [o] => 
                    [ou] => 
                    [valid_from] => 
                    [valid_through] => 
                    [status] => A
                    [source_org_identity_id] => 
                    [created] => 2018-02-05 15:01:52
                    [modified] => 2018-02-05 15:03:51
                    [co_person_role_id] => 
                    [revision] => 5
                    [deleted] => 
                    [actor_identifier] => 
                    [Cou] => Array
                        (
                        )

                    [Address] => Array
                        (
                        )

                    [TelephoneNumber] => Array
                        (
                        )

                )

        )

    [EmailAddress] => Array
        (
        )

    [Identifier] => Array
        (
            [0] => Array
                (
                    [id] => 326
                    [identifier] => student54
                    [type] => uid
                    [login] => 
                    [status] => A
                    [co_person_id] => 714
                    [org_identity_id] => 
                    [source_identifier_id] => 
                    [created] => 2018-02-05 15:03:51
                    [modified] => 2018-02-05 15:03:51
                    [identifier_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] =>  bas@xxx.example.org
                )

            [1] => Array
                (
                    [id] => 327
                    [identifier] => 10009
                    [type] => uidNumber
                    [login] => 
                    [status] => A
                    [co_person_id] => 714
                    [org_identity_id] => 
                    [source_identifier_id] => 
                    [created] => 2018-02-05 15:03:51
                    [modified] => 2018-02-05 15:03:51
                    [identifier_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] => bas@xxx.example.org
                )

            [2] => Array
                (
                    [id] => 328
                    [identifier] => 10009
                    [type] => gidNumber
                    [login] => 
                    [status] => A
                    [co_person_id] => 714
                    [org_identity_id] => 
                    [source_identifier_id] => 
                    [created] => 2018-02-05 15:03:51
                    [modified] => 2018-02-05 15:03:51
                    [identifier_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] =>  bas@xxx.example.org
                )

            [3] => Array
                (
                    [id] => 329
                    [identifier] => /home/student101
                    [type] => homeDirectory
                    [login] => 
                    [status] => A
                    [co_person_id] => 714
                    [org_identity_id] => 
                    [source_identifier_id] => 
                    [created] => 2018-02-05 15:03:51
                    [modified] => 2018-02-05 15:03:51
                    [identifier_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] => bas@xxx.example.org
                )

        )

    [Name] => Array
        (
            [0] => Array
                (
                    [id] => 1089
                    [honorific] => 
                    [given] => Student1
                    [middle] => 
                    [family] => van De Test-IdP
                    [suffix] => 
                    [type] => official
                    [language] => 
                    [co_person_id] => 714
                    [org_identity_id] => 
                    [primary_name] => 1
                    [source_name_id] => 
                    [created] => 2018-02-05 15:01:52
                    [modified] => 2018-02-05 15:01:52
                    [name_id] => 
                    [revision] => 0
                    [deleted] => 
                    [actor_identifier] => 
                )

        )

    [SshKey] => Array
        (
            [0] => Array
                (
                    [id] => 20
                    [co_person_id] => 714
                    [comment] => test key voor xxx
                    [type] => RSA
              [...]
                )

        )

)

For groups, otoh, the provisioner is called with provisioningData set to

provisioningData=Array(
    [CoGroup] => Array
        (
            [id] => 10
            [co_id] => 3
            [cou_id] => 
            [name] => CO:admins
            [description] => SURFnet test foo Administrators
            [open] => 
            [status] => A
            [group_type] => A
            [auto] => 
            [created] => 2017-10-17 07:26:35
            [modified] => 2017-12-04 10:07:55
            [co_group_id] => 
            [revision] => 1
            [deleted] => 
            [actor_identifier] => bas@surfnet.nl
        )

)

Not specifically that this doesn't include a Co field, so the plugin doesn't know which CO this group belongs to. In addition, it doen't include the members of the group, which seems quite strange.

Am I overlooking something here, of should this be fixed in COmanage proper?

baszoetekouw commented 6 years ago

In the end, the error that occurrs is this:

2018-02-19 08:49:07 Notice: Notice (8): Undefined index: Co in [/var/www/comanage-registry-3.0.0/local/Plugin/LdapFixedProvisioner/Model/CoLdapFixedProvisionerDn.php, line 298]
Trace:
ErrorHandler::handleError() - CORE/Cake/Error/ErrorHandler.php, line 230
CoLdapFixedProvisionerDn::obtainDn() - ROOT/local/Plugin/LdapFixedProvisioner/Model/CoLdapFixedProvisionerDn.php, line 298
CoLdapFixedProvisionerDn::assignGroupDn() - ROOT/local/Plugin/LdapFixedProvisioner/Model/CoLdapFixedProvisionerDn.php, line 120
CoLdapFixedProvisionerDn::obtainDn() - ROOT/local/Plugin/LdapFixedProvisioner/Model/CoLdapFixedProvisionerDn.php, line 320
CoLdapFixedProvisionerTarget::provision() - ROOT/local/Plugin/LdapFixedProvisioner/Model/CoLdapFixedProvisionerTarget.php, line 816
ProvisionerBehavior::invokePlugin() - APP/Model/Behavior/ProvisionerBehavior.php, line 525
ProvisionerBehavior::manualProvision() - APP/Model/Behavior/ProvisionerBehavior.php, line 712
BehaviorCollection::dispatchMethod() - CORE/Cake/Model/BehaviorCollection.php, line 239
Model::__call() - CORE/Cake/Model/Model.php, line 829
CoGroup::manualProvision() - APP/Controller/CoProvisioningTargetsController.php, line 360
CoProvisioningTargetsController::provision() - APP/Controller/CoProvisioningTargetsController.php, line 360
ReflectionMethod::invokeArgs() - [internal], line ??
Controller::invokeAction() - CORE/Cake/Controller/Controller.php, line 491
Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 193
Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 96

leading to

2018-02-19 08:49:06 Error: LDAP error during add of CO OU: Invalid DN syntax (invalid DN) (34)
2018-02-19 08:49:06 Error: ...when trying to ldap_add(ou=,ou=people,dc=surfnet,dc=nl, array('ou'=>,'objectClass'=>'organizationalUnit')
2018-02-19 08:49:06 Error: LDAP error during add: Invalid DN syntax (invalid DN) (34, coperson: 53)

(note that ou=people,dc=surfnet,dc=nl is my basedn in this case)