News:

We really need your input in this questionnaire

Main Menu

LDAP sync using wrong fields?

Started by TSimmonsHJ, September 16, 2019, 10:08:28 PM

Previous topic - Next topic

TSimmonsHJ

Hello all,
I am trying to setup LDAP sync with MS Active Directory but users and groups are not being added.

My configuration:
Name   Value
LdapConnectionString   ldaps://####.net
LdapGroupClass   group
LdapGroupMappingName   samAccountName
LdapGroupUniqueId   objectGUID
LdapMappingDescription   description
LdapMappingFullName   name
LdapPageSize   1000
LdapSearchBase   DC=####,DC=NET
LdapSearchFilter   (objectClass=*)
LdapSyncInterval   0
LdapSyncUser   CN=####,OU=Admin,DC=####,DC=net
LdapSyncUserPassword   ####
LdapUserClass   user
LdapUserDeleteAction   Disable user
LdapUserMappingName   samAccountName
LdapUserUniqueId   objectGUID

Log shows:

2019.09.16 20:45:55.478 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:56.244 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:58.371 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:58.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.246 *D* LDAPConnection::fillLists(): Found dn: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.246 *D* LDAPConnection::fillLists(): Unknown object is not added: dn: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net, login name: (null), full name: TimSim01, description: TimothySimmons undefined
2019.09.16 20:45:59.277 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.277 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:45:59.386 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:46:00.121 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net
2019.09.16 20:46:00.761 *D* LDAPConnection::fillLists(): member: CN=TimSim01,OU=PRJ_Employees,OU=Users,OU=PRJ,OU=GIT,OU=KGR,DC=####,DC=net

It almost looks like the values aren't being assigned to the right fields (off by 1?) and as such, no new users or groups are getting added.
It's also not turning up any users with '-'s in their name in the log, and all of the users we would want end in -admtx. I'm not sure if that's a real problem or not through because I can't get the user database to populate. Thanks for any help you can give!

Tatjana Dubrovica

Hi,

Can you please send the full log of the synchronization? You can send it as a private message if you want.
Your current configuration looks good.

Victor Kirhenshtein

Hi,

we just published server version 3.0.2355 - it has additional LDAP related debug output that can help in debugging.

Best regards,
Victor

TSimmonsHJ

I know this is old, but today we just solved this one. It turns out that the LdapUserMappingName configuration field is case sensitive - I had samAccountName populated there, but in AD the attribute is written as sAMAccountName. When I put this in instead, the sync worked. Many thanks to Tatjana for her help in this!

Tatjana Dubrovica