"Store group ... not found" on CreateStoreGroupMember()

Aug 21, 2009 at 3:21 PM

I am running v3.6.0.2 and attempting to IAzManStoreGroup.CreateStoreGroupMember(IAzManSid, WhereDefined, true) using the SID from a LDS(ADAM) user when I get an exception message saying "Store group 'zzz' not found" where "zzz" shows the same SID that I fed into it.  So it looks like it has a problem with the LDS(ADAM) user SID, not finding the store group itself, since the store group was obviously found since CreateStoreGroupMember is a method in the instantiated group.

I suspect you are expecting a different format of SID, or validating the SID somehow and not finding it.

What am I doing wrong? 

 

Here is the actual log entry it generates (only private info omitted for the public):

Title: number-principal-name
Store Group 'S-1-328069019-3990520677-2191689784-1323782869-3791482278-2550056368' not found. Store 'store'.
---> Group WAS found. IAzManStoreGroup.CreateStoreGroupMember(S-1-328069019-3990520677-2191689784-1323782869-3791482278-2550056368,Store) failed. <---

 

And here is my actual code:

         int iNotFoundCount = 0; //init
            IAzManSid nsamSid = null;//init
            IAzManStoreGroup nsamGroup = null;//init
            IAzManStoreGroupMember nsamMember = null;//init
            int iAddCount = 0; //init
            using (IAzManStorage nsamStorage = new SqlAzManStorage(_sAzmanConnectionString))
            {
                using (IAzManStore nsamStore = nsamStorage.GetStore(_sAppStore))
                {
                    using (OSVDataContext dcOSV = new OSVDataContext())
                    {
                        var oPersons = from oPerson in dcOSV.tblOracleStaffingViews where oPerson.TERMINATION_DATE == null orderby oPerson.EMPLOYEE_NUMBER select oPerson;
                        foreach (var oPerson in oPersons)
                        {
                            SearchResult srFound = srFindEmployee(oPerson.EMPLOYEE_NUMBER);
                            if (srFound == null)
                            {
                                iNotFoundCount++;
                                Console.WriteLine(sFormatLog(string.Format("---> Employee '{0}' not found in LDS. <---", oPerson.EMPLOYEE_NUMBER)));
                            }
                            else
                            {
                                byte[] bSid = (byte[])srFound.Properties[_sSecurityNode][0];
                                nsamSid = new SqlAzManSID(bSid);
                                nsamGroup = null;//reinit
                                try { nsamGroup = nsamStore.GetStoreGroup(oPerson.JOB_TITLE); }
                                catch (Exception ex) { Console.WriteLine(sFormatLog(ex.Message)); }
                                if (nsamGroup != null)//group was found
                                {
                                    try {     nsamMember = nsamGroup.GetStoreGroupMember(nsamSid); } //try1
                                    catch//(Exception ex1) //member not found
                                    {
                                        string sClass = srFound.Properties[_sClassNode][3].ToString();
                                        WhereDefined wdClass = sClass.Equals(_sUser) ? WhereDefined.Store : WhereDefined.LDAP;
                                        Console.WriteLine(sFormatLog(oPerson.JOB_TITLE + ": " + oPerson.EMPLOYEE_NUMBER + "-" + srFound.Properties[_sPrincipalNode][0].ToString() + "-" + srFound.Properties[_sDisplayNode][0].ToString()));
                                        try
                                        {
                                            nsamMember = nsamGroup.CreateStoreGroupMember(nsamSid, wdClass, true);
                                            iAddCount++;
                                        } //try2
                                        catch(Exception ex2)//It will say "store group...not found" but the problem is a parm to CreateStoreGroupMember.
                                        {
                                            Console.WriteLine(sFormatLog(ex2.Message));
                                            Console.WriteLine(sFormatLog(string.Format("---> Group WAS found. IAzManStoreGroup.CreateStoreGroupMember({0},{1}) failed. <---", nsamSid, wdClass)));
                                            break;
                                        } //catch2
                                    } //catch1
                                }//nsamGroup
                                srFound = null; //cleanup
                            }//srFound
                        } //oPerson
                    } //dcOSV
                } //nsamStore
            } //nsamStorage
            nsamSid = null;
            nsamGroup = null;
            nsamMember = null;

 

Coordinator
Aug 21, 2009 at 5:01 PM

Hi,

the issue is in the WhereDefined parameter you are using:

                                        WhereDefined wdClass = sClass.Equals(_sUser) ? WhereDefined.Store : WhereDefined.LDAP;

                                        Console.WriteLine(sFormatLog(oPerson.JOB_TITLE + ": " + oPerson.EMPLOYEE_NUMBER + "-" + srFound.Properties[_sPrincipalNode][0].ToString() + "-" + srFound.Properties[_sDisplayNode][0].ToString()));

                                        try

                                        {

                                            nsamMember = nsamGroup.CreateStoreGroupMember(nsamSid, wdClass, true);

                                            iAddCount++;

                                        } //try2

If wdClass equals to WhereDefined.Store … you are saying to NetSqlAzMan to add a existing Store Group as a Store Group Member (with nsamSID).

If your Store Group Members are all defined on ADAM … you should use ever WhereDefined.LDAP.

Let me know.

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Aug 21, 2009 at 5:45 PM

That technically executed with no exception, but left me in an unadministrable position in which the store group now contains a member with an SID where the name should be, so there is no way to look at the NetSqlAzMan console to see who the store group member is.

My predecessor bypassed this issue by doing a direct SQL insertion of rows like this using WhereDefined code 4 (Store) which is what I want to emulate except using your provided facilities.  The store group members that he added had a human readable name in the Name column on the NetSqlAzMan console.

Here is his PHP code:

//        $WhereDefined = '4';
//        echo "Adding {$lds_info['employeeNumber']} ({$lds_info['displayName']}) / $job_title to group $StoreGroupID in store $StoreID\n";
//        $query = "INSERT INTO netsqlazman_StoreGroupMembersTable (StoreGroupId, objectSid, WhereDefined, IsMember) VALUES ('$StoreGroupID',$mssqlsid,$WhereDefined,1)";
//        mssql_query($query,$sql_nsazm);

Coordinator
Aug 21, 2009 at 5:50 PM
Edited Sep 19, 2009 at 8:01 AM

You can use NetSqlAzMan.dll to insert StoreGroupMembers and with WhereDefined.LDAP.

After insert you can manually update your DB to resolve names from the MMC Console.

 

Regards,

Andrea.

 

__________________________________
Andrea Ferendeles

 

 

Aug 21, 2009 at 5:54 PM

That's over 5,000 entries, and we want to reload this in batch every night.

 

Coordinator
Aug 21, 2009 at 5:55 PM

So the only way I see is that you customize the NetSqlAzMan Code to allow ADAM name resolution (from the MMC console).

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Coordinator
Aug 21, 2009 at 6:15 PM

… or Just remove the StoreGroup existence check into the CreateStoreGroupMembers methods. J

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Aug 24, 2009 at 3:36 PM

So for a member of a store group you have the first column titled NAME which does not show any name for any member.  For an LDS/ADAM class of userProxyFull (a domain user) it shows userPrincipalName (not displayName), and for an LDS/ADAM class of “user” it shows SID (not displayName).

Doesn’t that seem like a design error to you?

What would it take to get it to show displayName?

From: aferende [mailto:notifications@codeplex.com]
Sent: Friday, August 21, 2009 12:56 PM
To: Mike Dannheim
Subject: Re: "Store group ... not found" on CreateStoreGroupMember() [netsqlazman:66611]

From: aferende

So the only way I see is that you customize the NetSqlAzMan Code to allow ADAM name resolution (from the MMC console).

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Read the full discussion online.

To add a post to this discussion, reply to this email (netsqlazman@discussions.codeplex.com)

To start a new discussion for this project, email netsqlazman@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Coordinator
Aug 25, 2009 at 10:16 AM

Hi,

It isn’t a design error because NetSqlAzMan is not designed to work with ADAM.

The only LDAP supported is Active Directory 2003 or later.

If you want you can customize NetSqlAzMan source code to work with LDS/ADAM.


Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Aug 25, 2009 at 12:08 PM

Thanks Andrea.
Regards, Mike


From: aferende <notifications@codeplex.com>
To: Mike Dannheim
Sent: Tue Aug 25 06:16:46 2009
Subject: Re: "Store group ... not found" on CreateStoreGroupMember() [netsqlazman:66611]

From: aferende

Hi,

It isn’t a design error because NetSqlAzMan is not designed to work with ADAM.

The only LDAP supported is Active Directory 2003 or later.

If you want you can customize NetSqlAzMan source code to work with LDS/ADAM.


Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com