Author Topic: LDAP sync using wrong fields?  (Read 710 times)

TSimmonsHJ

  • Newbie
  • *
  • Posts: 11
    • View Profile
LDAP sync using wrong fields?
« on: September 16, 2019, 10:08:28 pm »
Hello all,
I am trying to setup LDAP sync with MS Active Directory but users and groups are not being added.

My configuration:
Name   Value
LdapConnectionString   ldaps://####.net
LdapGroupClass   group
LdapGroupMappingName   samAccountName
LdapGroupUniqueId   objectGUID
LdapMappingDescription   description
LdapMappingFullName   name
LdapPageSize   1000
LdapSearchBase   DC=####,DC=NET
LdapSearchFilter   (objectClass=*)
LdapSyncInterval   0
LdapSyncUser   CN=####,OU=Admin,DC=####,DC=net
LdapSyncUserPassword   ####
LdapUserClass   user
LdapUserDeleteAction   Disable user
LdapUserMappingName   samAccountName
LdapUserUniqueId   objectGUID

Log shows:

2019.09.16 20:45:55.478 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:56.244 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:58.371 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:58.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.246 *D* LDAPConnection::fillLists(): Found dn: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.246 *D* LDAPConnection::fillLists(): Unknown object is not added: dn: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net, login name: (null), full name: TimSim01, description: TimothySimmons undefined
2019.09.16 20:45:59.277 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.277 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:46:00.121 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:46:00.761 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net

It almost looks like the values aren't being assigned to the right fields (off by 1?) and as such, no new users or groups are getting added.
It's also not turning up any users with '-'s in their name in the log, and all of the users we would want end in -admtx. I'm not sure if that's a real problem or not through because I can't get the user database to populate. Thanks for any help you can give!

Tatjana Dubrovica

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 268
    • View Profile
Re: LDAP sync using wrong fields?
« Reply #1 on: September 17, 2019, 01:47:42 pm »
Hi,

Can you please send the full log of the synchronization? You can send it as a private message if you want.
Your current configuration looks good.

Victor Kirhenshtein

  • Lead Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 7056
    • View Profile
Re: LDAP sync using wrong fields?
« Reply #2 on: October 29, 2019, 04:18:39 pm »
Hi,

we just published server version 3.0.2355 - it has additional LDAP related debug output that can help in debugging.

Best regards,
Victor

TSimmonsHJ

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: LDAP sync using wrong fields?
« Reply #3 on: December 06, 2019, 08:36:36 pm »
I know this is old, but today we just solved this one. It turns out that the LdapUserMappingName configuration field is case sensitive - I had samAccountName populated there, but in AD the attribute is written as sAMAccountName. When I put this in instead, the sync worked. Many thanks to Tatjana for her help in this!

Tatjana Dubrovica

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 268
    • View Profile
Re: LDAP sync using wrong fields?
« Reply #4 on: December 08, 2019, 02:15:05 pm »